Centrify Infrastructure Services sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar.

The following table shows sample event messages from Centrify Infrastructure Services:
Table 1. Centrify Infrastructure Services sample message
Event name Low-level category Sample log message
Remote login success Remote Access Login Succeeded 

<13>May 09 20:58:48 127.1.1.1 AgentDevice=WindowsLog AgentLogFile=Application PluginVersion=7.2.6.39 Source=Centrify AuditTrail V2 Computer=CentrifyWindowsAgent.Centrify.lab OriginatingComputer=127.1.1.1 User=user Domain=CENTRIFY EventID=1234 EventIDCode=1234 EventType=4 EventCategory=4 RecordNumber=1565 TimeGenerated=1494374321 TimeWritten=1494374321 Level=Informational Keywords=ClassicTask=None Opcode=Info Message=Product: Centrify Suite Category: DirectAuthorize - Windows Event name: Remote login success Message: User successfully logged on remotely using role 'Windows Login/CentrifyTest'. May 09 16:58:41 centrifywindowsagent.centrify.lab dzagent[2008]: INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize - Windows|1.0|3|Remote login success|5|user=username userSid=domain\username sessionId=6 centrifyEventID=6003 DAInst=N/A DASessID=N/A role=Windows Login/CentrifyTest desktopguid=7678b35e-00d0-4ddf-88f5-6626b8b1ec4b
The user logged in to the system successfully User Login Success 

<38>May 4 23:45:19 hostname adclient[1472]: INFO AUDIT_TRAIL|Centrify Suite|Centrify Commands|1.0|200|The user login to the system successfully|5|user=user pid=1234 utc=1493952319951 centrifyEventID=18200 DASessID=c6b7551c-31ea-8743-b870-cdef47393d07 DAInst=DefaultInstallation status=SUCCESS service=sshd tty=/dev/pts/2