Sun Solaris OS sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Sun Solaris OS sample messages when you use the Syslog protocol
Sample 1: The following sample event message shows that a session to the authentication server was opened in Sun Solaris OS.
<38>Oct 6 10:35:59 sshd[16942]: [ID 800047 auth.info] Accepted keyboard-interactive for testuser from 2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF port 51730 ssh2
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | login (inferred from the event content) |
Source IPv6 | 2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF |
Source Port | 51730 |
Username | testuser |
Identity Username | testuser |
Device Time | Oct 6 10:35:59 (extracted from date and time fields) |
Sample 2: The following sample event message shows mail information events in Sun Solaris OS.
<38>Mar 1 17:32:05 10.10.25.2 <22>Mar 1 17:32:00 sendmail[14359]: [ID 801593 mail.info] a1AA111: to=envmgr, ctladdr=envmgr (11011/111100), delay=00:00:00, xdelay=00:00:00, mailer=abcde, pri=11111, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (a1AA111 Message accepted for delivery)
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | mail.info |
Source IP | 10.10.25.2 |
Destination IP | 10.10.25.2 |
Device Time | Mar 1 17:32:05 (extracted from date and time fields) |