Linux® OS Sample event messages
Use these sample event messages to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
Linux OS sample event messages when you use the syslog protocol
Sample 1: The following sample event message shows a PAM authentication failure for a user.
<118>Jul 7 15:54:13 kernel: Jul 7 15:54:13 gnu.linuxserver.test sshd[708]: error: PAM: authentication error for root from 172.16.197.55| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | authentication error |
| Source IP | 172.16.197.55 |
| Username | root |
Sample 2: The following sample event message show that an incorrect or failed password was received from an invalid user.
<38>2015-06-24T14:15:51Z sshd[12239959]: Failed password for invalid user test from 192.168.8.75 port 57436 ssh2| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | Failed password |
| Source IP | 192.168.8.75 |
| Source Port | 57436 |
| Username | test |