Barracuda Spam and Virus Firewall sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Barracuda Spam & Virus Firewall sample message when you use the syslog protocol

Sample 1: This sample event shows that a message is blocked because the user doesn’t exist.

Apr 11 11:24:37 2012 barracuda.firewall.test inbound/pass1[25713]: user[192.168.0.1] 1334157877-03f828647122cb90001-hUkLV9 1334157877 1334157877 RECV admin1@qradar.example.com x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8EwFiQ9lpD3MAgI 2 8 No such user (x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8EwFiQ9lpD3MAgI)
Table 1. Highlighted values in the Barracuda Spam & Virus Firewall event
QRadar field name Highlighted values in the event payload
Event ID Blocked Message is extracted from the Event ID field in QRadar
Event Category No such user
Source IP 192.168.0.1
Username x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8E wFiQ9lpD3MAgI
Device time Apr 11 11:24:37 2012

Sample 2: This sample event shows that a message is blocked because of political intentions.

<23>scan[9097]: user[192.168.0.1] 1366829265-05f5cb11fe1b9a50001-wlKzrS 1366829265 1366829266 SCAN ENC admin2@qradar.example.com qIWHXoYEpfP+Ut0/6KYPSBB/+f368IWMkt7vCt/wP0iySIBOB8EwFiQ9lpD3MAgI - 2 70 example.org SZ:3117 Subj: Random Email Subject Line 
Table 2. Highlighted values in the Barracuda Spam & Virus Firewall sample event
QRadar field name Highlighted values in the event payload
Event ID Blocked Message is extracted from the Event ID field in QRadar
Event Category Intent - political is extracted from the Event Category field in QRadar
Source IP 192.168.0.1
Username qIWHXoYEpfP+Ut0/6KYPSBB/+f368IWMkt7vCt/wP0iySIBOB8EwFiQ9lpD3MAgI