genua genugate sample event messages
Use these sample event messages to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
genua genugate sample message when you use the Syslog protocol
The following sample message event shows a ssh-relay event and associated information.
Oct 12 04:28:18 genua.genugate.test sshrelay[1077]: LEEF:1.0|genua|genugate|8.2|E4067|devTime=2014-10-12T04:28:18+0200 devTimeFormat=yyyy-MM-dd'T'HH:mm:ssZ laddr=127.128.0.242 lport=1 msg=Error for \"CONNECT\": Code=1 Msg=connect failed: Operation timed out. No response from server. (192.168.130.14:22) relay_name=ssh rnum=247 sev=6 srcPreNAT=192.168.132.12 srcPreNATPort=38070 | QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | E4067 |
| Source IP | For this DSM, the value in QRadar is always 127.0.0.1 when the payload does not contain a Source IP. |
| Destination IP | 192.168.130.14 |
| Destination Port | 22 |
| Pre NAT Source IP | 192.168.132.12 |
| Pre NAT Source Port | 38070 |