Linux DHCP Server sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Linux DHCP Server sample message when you use the Syslog protocol
The following sample event message shows the client determined that the offered configuration parameters are invalid and the client must begin the lease process again.
The following sample event message shows that the client has determined that the offered configuration parameters are invalid, the client must begin the lease process again.
<30>Sep 25 15:23:34 gnu.linuxdhcp.test dhcpd[28894]: DHCPDECLINE of 192.0.2.0 from 00-00-5E-00-53-00 (broker) via 192.0.2.1: abandoned
| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | DHCPDECLINE |
| Source IP | 192.0.2.0 |
| Source MAC | 00-00-5E-00-53-00 |
| Device Time | Sep 25 15:23:34 |