Netgate pfSense sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage returns or line feed characters.

Netgate pfSense sample message when you use the Syslog protocol: name server DNS query

The following sample event message shows that the event indicates that a name server DNS query was made.

<30>Mar 17 00:35:02 unbound: [33068:6] info: 192.168.1.222 hostname.test. NS IN
Table 1. Highlighted fields in the Netgate pfSense sample event
QRadar field name Highlighted payload field name
Event Name NS
Source IP 192.168.1.222

Netgate pfSense sample message when you use the Syslog protocol: firewall permit event

The following sample event message shows a firewall permit event.

<134>Mar 10 08:43:23 filterlog: 100,,,1581299744,hn0,match,pass,out,4,0x0,,127,46462,0,DF,6,tcp,52,192.168.0.10,192.168.2.3,10945,443,0,S,1283715954,,64240,,mss;nop;wscale;nop;nop;sackOK
Table 2. Highlighted fields in the Netgate pfSense sample event
QRadar field name Highlighted payload field name
Event Name pass
Protocol 6 (TCP)
Source IP 192.168.0.10
Destination IP 192.168.2.3
Source Port 10945
Destination Port 443