Apache HTTP Server sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Apache HTTP Server sample messages when you use the Syslog protocol
Sample 1: The following sample event is generated when a user is authenticated.
<86>Jun 28 06:00:19 apache.httpserver.test sshd[11148]: pam_vas: Authentication <succeeded> for <Active Directory> user: <svc_unix> account: <DOMAINNAME\svc_unix_secscan> service: <sshd> reason: <>| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID |
Authentication user (extracted from the event content) |
| Event Category | sshd |
| Username | svc_unix |
Sample 2: The following sample event message shows that an HTTP 403 system status occurred.
Oct 21 10:05:35 apache.httpserver.test httpd: 10.100.100.101 172.16.210.237 - - [26/Jan/2006:12:24:54 +0000] "HEAD / HTTP/1.0" 403 123 "-" "-"| QRadar field name | Highlighted values in Apache event |
|---|---|
| Event ID | 403 |
| Event Category | apache (extracted from the event content) |
| Source IP | 10.100.100.101 |
| Destination IP | 172.16.210.237 |