IBM Cloud® Platform sample event messages
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
IBM Cloud sample message when you use the Syslog protocol
The following sample event message shows that a route is unregistered.
Feb 22 20:00:39 ibm.bluemixplatform.test 10.59.107.50 [job=router index=1] {"log_level":1,"timestamp":1519329639.0902693,"message":"unregister-route","source":"vcap.gorouter.subscriber","data":{"message":"{\"uris\":[\"p-mysql.sys-pcf05.cf.example.com\"],\"host\":\"10.68.232.5\",\"port\":8081,\"tags\":null,\"private_instance_id\":\"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\"}"}}| QRadar field name | Highlighted values in the payload |
|---|---|
| Event ID | unregister-route |
| Category | This DSM doesn't have a category field to key from for the device in the payloads. QRadar provides the value Cloud Foundry as a static category. |
| Log Source Time | 1519329639.0902693 |
| Source IP | 10.68.232.5 |
| Source Port | 8081 |