Apache HTTP Server sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Apache HTTP Server sample messages when you use the Syslog protocol

Sample 1: The following sample event is generated when a user is authenticated.

<86>Jun 28 06:00:19 apache.httpserver.test sshd[11148]: pam_vas: Authentication <succeeded> for <Active Directory> user: <svc_unix> account: <DOMAINNAME\svc_unix_secscan> service: <sshd> reason: <>
Table 1. Highlighted values in the Apache HTTP Server event
QRadar field name Highlighted values in the event payload
Event ID

Authentication user (extracted from the event content)

Event Category sshd
Username svc_unix

Sample 2: The following sample event message shows that an HTTP 403 system status occurred.

Oct 21 10:05:35 apache.httpserver.test httpd: 10.100.100.101 172.16.210.237 - - [26/Jan/2006:12:24:54 +0000] "HEAD / HTTP/1.0" 403 123 "-" "-"
Table 2. Highlighted values in the Apache HTTP Server event
QRadar field name Highlighted values in Apache event
Event ID 403
Event Category apache (extracted from the event content)
Source IP 10.100.100.101
Destination IP 172.16.210.237