Apple Mac OS X sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Apple Mac OS X sample message when you use the Syslog protocol

The following sample event message shows an invalid user.

May  1 10:33:35 apple.macosx.test sshd[8565]: Invalid user testUser from 192.168.0.1
Table 1. Highlighted values in the Apple Mac OS X sample event
QRadar field name Highlighted payload field name
Event ID Invalid user is extracted from the event.
Username testUser is extracted from the event.
Source IP 192.168.0.1 is extracted from the event.
Device Time May 1 10:33:35 is extracted from the event header.