Sun Solaris OS sample event messages

Use these sample event messages to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Sun Solaris OS sample messages when you use the Syslog protocol

Sample 1: The following sample event message shows that a session to the authentication server was opened in Sun Solaris OS.

<38>Oct  6 10:35:59 sshd[16942]: [ID 800047 auth.info] Accepted keyboard-interactive for testuser from 2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF port 51730 ssh2
Table 1. Highlighted values in the Sun Solaris OS sample event message
QRadar field name Highlighted values in the event payload
Event ID login (inferred from the event content)
Source IPv6 2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Source Port 51730
Username testuser
Identity Username testuser
Device Time Oct 6 10:35:59 (extracted from date and time fields)

Sample 2: The following sample event message shows mail information events in Sun Solaris OS.

<38>Mar 1 17:32:05 10.10.25.2 <22>Mar 1 17:32:00 sendmail[14359]: [ID 801593 mail.info] a1AA111: to=envmgr, ctladdr=envmgr (11011/111100), delay=00:00:00, xdelay=00:00:00, mailer=abcde, pri=11111, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (a1AA111 Message accepted for delivery)
Table 2. Highlighted values in the Sun Solaris OS sample event message
QRadar field name Highlighted values in the event payload
Event ID mail.info
Source IP 10.10.25.2
Destination IP 10.10.25.2
Device Time Mar 1 17:32:05 (extracted from date and time fields)