Huawei S Series Switch sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Huawei S Series Switch sample message when you use the Syslog protocol
The following event shows that the source MAC address in the ARP packet is invalid.
May 22 2012 09:43:39huawei.sseriesswitch.test%%01SECE/3/ARPS_DROP_PACKET_SRC_MAC(l): Invalidsourcemacaddress.(SourceMAC=0000-0000-0000,SourceIP=10.10.10.11,SourceInterface= XGigabitEthernet5/0/0,DropTime=2012/05/22 09:43:39)
|QRadar field name||Highlighted payload field name|
The Event ID is extracted from the payload header.
The Source IP can be the SourceAddress, SourceIP, or Source fields, which are available in the payload.
May 22 2012 09:43:39
The device time is extracted from the payload header.