Huawei S Series Switch sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Huawei S Series Switch sample message when you use the Syslog protocol
Important: Due to formatting, paste the message format into a text editor and then remove any carriage return or line feed characters.
The following event shows that the source MAC address in the ARP packet is invalid.
May 22 2012 09:43:39huawei.sseriesswitch.test%%01SECE/3/ARPS_DROP_PACKET_SRC_MAC(l): Invalidsourcemacaddress.(SourceMAC=0000-0000-0000,SourceIP=10.10.10.11,SourceInterface= XGigabitEthernet5/0/0,DropTime=2012/05/22 09:43:39)
|QRadar field name||Highlighted payload field name|
The Event ID is extracted from the payload header.
The Source IP can be the SourceAddress, SourceIP, or Source fields, which are available in the payload.
May 22 2012 09:43:39
The device time is extracted from the payload header.