Arbor Networks Pravail sample event message

Use this sample event message to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Arbor Networks Pravail sample message when you use the Syslog protocol

The following sample event message shows that a malformed SIP traffic is blocked.

<25>May 15 17:17:31 arbornetworks.pravail.test arbor-networks-aps: Blocked Host: Blocked host at 05:16 by Block Malformed SIP Traffic using UDP/5060 (SIP) destination source port 5060,URL: https://arbornetworks.pravail.test/summary/
Table 1. Highlighted values in the Arbor Pravail sample event
QRadar field name Highlighted values in the event payload
Event ID Block Malformed SIP Traffic
Event Category Blocked Host
Source IP
Source Port 5060
Destination IP
Destination Port 5060
Device Time May 15 17:17:31