IBM® Tivoli® Access Manager for e-business sample event message
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
IBM Tivoli Access Manager for e-business sample message when you use the Syslog protocol
The following sample event message shows that an HTTP GET request received a response with a status code of 200, indicating a successful request.
<134>Aug 22 08:48:41 ibm.tivoliaccessmanager.test isam-http-request-log|client-ip=172.16.3.226|server-ip=172.16.3.235|clientlogname=-|remote-user=unauthenticated|time=22/Aug/2018:08:48:27 -0300|port=443|request-method=GET|response-status=200|url=/QRadar/images/botones/ibm.png|bytes=6631|remote-host=172.16.3.226|Session-Index=acc3ef2e-a5ff-11e8-ad5b-0050568a5f8e|X-Forwarded-For=192.168.0.1|Host-Header=ibm.tivoli.test|Junction=/qradar|Transaction-Identifier=474|
QRadar field name | Highlighted field name |
---|---|
Source IP | X-Forwarded-For Important: If this field is not present, the
client-ip field is used instead.
|
Destination IP | server-ip |