Barracuda Spam and Virus Firewall sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Barracuda Spam & Virus Firewall sample message when you use the syslog protocol
Sample 1: This sample event shows that a message is blocked because the user doesn’t exist.
Apr 11 11:24:37 2012 barracuda.firewall.test inbound/pass1[25713]: user[192.168.0.1] 1334157877-03f828647122cb90001-hUkLV9 1334157877 1334157877 RECV admin1@qradar.example.com x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8EwFiQ9lpD3MAgI 2 8 No such user (x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8EwFiQ9lpD3MAgI)
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | Blocked Message is extracted from the Event ID field in QRadar |
Event Category | No such user |
Source IP | 192.168.0.1 |
Username | x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8E wFiQ9lpD3MAgI |
Device time | Apr 11 11:24:37 2012 |
Sample 2: This sample event shows that a message is blocked because of political intentions.
<23>scan[9097]: user[192.168.0.1] 1366829265-05f5cb11fe1b9a50001-wlKzrS 1366829265 1366829266 SCAN ENC admin2@qradar.example.com qIWHXoYEpfP+Ut0/6KYPSBB/+f368IWMkt7vCt/wP0iySIBOB8EwFiQ9lpD3MAgI - 2 70 example.org SZ:3117 Subj: Random Email Subject Line
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | Blocked Message is extracted from the Event ID field in QRadar |
Event Category | Intent - political is extracted from the Event Category field in QRadar |
Source IP | 192.168.0.1 |
Username | qIWHXoYEpfP+Ut0/6KYPSBB/+f368IWMkt7vCt/wP0iySIBOB8EwFiQ9lpD3MAgI |