Apple Mac OS X sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Apple Mac OS X sample message when you use the Syslog protocol
The following sample event message shows an invalid user.
May 1 10:33:35 apple.macosx.test sshd[8565]: Invalid user testUser from 192.168.0.1
QRadar field name | Highlighted payload field name |
---|---|
Event ID | Invalid user is extracted from the event. |
Username | testUser is extracted from the event. |
Source IP | 192.168.0.1 is extracted from the event. |
Device Time | May 1 10:33:35 is extracted from the event header. |