NGINX HTTP Server sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar.

The following table provides sample event messages when you use the Syslog protocol for the NGINX HTTP Server DSM:
Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Table 1. NGINX HTTP Server sample message supported by NGINX HTTP Server.
Event name Low-level category Sample log message
404 System Status
LEEF:1.0|NGINX|NGINX|1.15.5|404|devTime=29/Oct/2018:15:36:58 -0300	src=127.0.0.1	dst=127.0.0.1	dstPort=80	proto=HTTP/1.1	usrName=-	request=GET /nginx_status HTTP/1.1	body_bytes_sent=153	http_referer=-	http_true_client_ip=-	http_user_agent=curl/7.29.0	http_x_header=-	http_x_forwarded_for=-	request_time=0.000	upstream_response_time=-	pipe=.	uri_query=-	uri_path=/nginx_status	cookie=-
Connection refused Firewall Deny
<187>Sep 19 07:46:27 company3-hst ng
inx: 2018/09/19 07:46:27 [error] 24881#24881
: *416 connect() failed (111: Connection ref
used) while connecting to upstream, client: 
198.51.100.111, server: ute-hst.company.com
, request: "POST /api/v1/view/bill HTTP/1.1"
, upstream: "http://198.51.100.225:9000/v1/
view/bill", host: "198.51.100.25:8080", ref
errer: "https://www.hst.company.com/web/totes/"