Cisco CatOS for Catalyst Switches sample event messages

Use these sample event messages to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco CatOS for Catalyst Switches sample message when you use the Syslog protocol

Sample 1:The following sample event shows that a user logged in successfully.

<165>7622: Mar 12 09:19:27.675 PHT: %SEC_LOGIN-SW1-5-LOGIN_SUCCESS: Login Success [user: user1] [Source: 172.20.40.35] [localport: 22] at 09:19:27 PHT Mon Mar 12 2018

Table 1. Highlighted values in the Cisco CatOS for Catalyst Switches event
QRadar field name	Highlighted values in the event payload
Event ID	LOGIN_SUCCESS
Username	user1
Source IP	172.20.40.35

Sample 2: The following sample event shows that a user logged out successfully.

<166>7627: Mar 12 09:25:07.481 PHT: %SYS-SW1-6-LOGOUT: User qradar has exited tty session 3(172.20.40.35)

Table 2. Highlighted values in the Cisco CatOS for Catalyst Switches sample event
QRadar field name	Highlighted values in the event payload
Event ID	LOGOUT
Username	qradar
Source IP	172.20.40.35