IBM® WebSphere® sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

IBM WebSphere sample message when you use the Syslog protocol

The following sample event message shows a failed login.

WebSphere::EVENT_TIME=8/1/12 12:01:59:603 EDT   EVENT_ID=null  EVENT_TYPE=W   RAW_EVENT=[8/1/12 12:01:59:603 EDT] 00000032 LogonAction   W org.apache.commons.logging.impl.Jdk14Logger warn Bad username/password from someone claiming to be 'hayfordk' from address 10.0.8.108
Table 1. QRadar® field names and highlighted values in the IBM WebSphere event payload
QRadar field name Highlighted values in the event payload
Event ID The value in QRadar is Login Fail
Event Category W
SRC IP 10.0.8.108
Event Time 8/1/12 12:01:59:603 EDT