NGINX HTTP Server sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar®.

The following table provides sample event messages when you use the Syslog protocol for the NGINX HTTP Server DSM:
Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Table 1. NGINX HTTP Server sample message supported by NGINX HTTP Server.
Event name Low-level category Sample log message
404 System Status
LEEF:1.0|NGINX|NGINX|1.15.5|404|devTime=29/Oct/2018:15:36:58 -0300	src=	dst=	dstPort=80	proto=HTTP/1.1	usrName=-	request=GET /nginx_status HTTP/1.1	body_bytes_sent=153	http_referer=-	http_true_client_ip=-	http_user_agent=curl/7.29.0	http_x_header=-	http_x_forwarded_for=-	request_time=0.000	upstream_response_time=-	pipe=.	uri_query=-	uri_path=/nginx_status	cookie=-
Connection refused Firewall Deny
<187>Sep 19 07:46:27 company3-hst ng
inx: 2018/09/19 07:46:27 [error] 24881#24881
: *416 connect() failed (111: Connection ref
used) while connecting to upstream, client:, server:
, request: "POST /api/v1/view/bill HTTP/1.1"
, upstream: "
view/bill", host: "", ref
errer: ""