Netgate pfSense sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
Netgate pfSense sample message when you use the Syslog protocol: name server DNS query
The following sample event message shows that the event indicates that a name server DNS query was made.
<30>Mar 17 00:35:02 unbound: [33068:6] info: 192.168.1.222 hostname.test. NS IN
QRadar field name | Highlighted payload field name |
---|---|
Event Name | NS |
Source IP | 192.168.1.222 |
Netgate pfSense sample message when you use the Syslog protocol: firewall permit event
The following sample event message shows a firewall permit event.
<134>Mar 10 08:43:23 filterlog: 100,,,1581299744,hn0,match,pass,out,4,0x0,,127,46462,0,DF,6,tcp,52,192.168.0.10,192.168.2.3,10945,443,0,S,1283715954,,64240,,mss;nop;wscale;nop;nop;sackOK
QRadar field name | Highlighted payload field name |
---|---|
Event Name | pass |
Protocol | 6 (TCP) |
Source IP | 192.168.0.10 |
Destination IP | 192.168.2.3 |
Source Port | 10945 |
Destination Port | 443 |