Citrix NetScaler sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Citrix NetScaler sample message when you use the Syslog protocol
The following sample event message shows a successful SSL handshake.
<135> 12/04/2017:17:21:00 GMT citrix.netscaler.test 0-PPE-1 : SSLLOG SSL_HANDSHAKE_SUCCESS 5743593 0 : SPCBId 87630 - ClientIP 172.25.184.157 - ClientPort 19849 - VserverServiceIP 10.254.14.94 - VserverServicePort 443 - ClientVersion TLSv1.2 - CipherSuite "RC4-MD5 TLSv1.2 Non-Export 128-bit" - Session Reuse| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | SSL_HANDSHAKE_SUCCESS |
| Source IP | 172.25.184.157 |
| Source Port | 19849 |
| Destination IP | 10.254.14.94 |
| Destination Port | 443 |
| Device Time | 12/04/2017:17:21:00 GMT |