Apple Mac OS X sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Apple Mac OS X sample message when you use the Syslog protocol
The following sample event message shows an invalid user.
May 1 10:33:35 apple.macosx.test sshd: Invalid user testUser from 192.168.0.1
|QRadar field name||Highlighted payload field name|
|Event ID||Invalid user is extracted from the event.|
|Username||testUser is extracted from the event.|
|Source IP||192.168.0.1 is extracted from the event.|
|Device Time||May 1 10:33:35 is extracted from the event header.|