Sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Oracle OS Audit sample event message when you use the syslog protocol
The following sample event message shows that a DML procedure was run.
<14>Nov 07 18:57:35 oracle.osaudit.test AgentDevice=OracleOSAudit SourceFile=ora_1234567.aud DeviceTime=Thu Nov 7 18:57:33 2013 DatabaseUser='/' Privilege='SYSDBA' ClientUser='oracle' ClientTerminal='pts/2' Status='0' Action=LENGTH : '193''UPDATE user_type4.people set CREATE_DATE = sysdate WHERE NUM=1'| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | UPDATE |
| Username | oracle |
| Device Time | Thu Nov 7 18:57:33 2013 |