IBM® Tivoli® Access Manager for e-business sample event message

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

IBM Tivoli Access Manager for e-business sample message when you use the Syslog protocol

The following sample event message shows that an HTTP GET request received a response with a status code of 200, indicating a successful request.

<134>Aug 22 08:48:41 ibm.tivoliaccessmanager.test isam-http-request-log|client-ip=172.16.3.226|server-ip=172.16.3.235|clientlogname=-|remote-user=unauthenticated|time=22/Aug/2018:08:48:27 -0300|port=443|request-method=GET|response-status=200|url=/QRadar/images/botones/ibm.png|bytes=6631|remote-host=172.16.3.226|Session-Index=acc3ef2e-a5ff-11e8-ad5b-0050568a5f8e|X-Forwarded-For=192.168.0.1|Host-Header=ibm.tivoli.test|Junction=/qradar|Transaction-Identifier=474|
Table 1. Highlighted fields in the IBM Tivoli Access Manager for e-business event
QRadar field name Highlighted field name
Source IP X-Forwarded-For
Important: If this field is not present, the client-ip field is used instead.
Destination IP server-ip