F5 Networks BIG-IP AFM sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage returns or line feed characters.

F5 Networks BIG-IP AFM sample message when you use the syslog protocol

The following sample event message shows that a connection was dropped by the firewall.

<134>Apr 30 19:22:53 f5networks.bigipafm.test 1 2019-04-30T19:22:53.800131+02:00 testCompany tmm 13301 23003142 [F5@12276 date_time="Apr 30 2019 19:22:52" bigip_mgmt_ip="10.13.101.251" hostname="testCompany" context_type="Virtual Server" context_name="/Common/V1_VmUAG_8443" ip_intelligence_policy_name="/Common/V1_VmUAG.app/V1_VmUAG_ip_intelligence" source_ip="192.168.0.1" dest_ip="172.16.0.1" source_port="8080" dest_port="8443" vlan="/Common/Vlan290" ip_protocol="TCP" route_domain="1" ip_intelligence_threat_name="windows_exploits,spam_sources" action="Drop" attack_type="custom_category" translated_source_ip="" translated_dest_ip="" translated_source_port="" translated_dest_port="" translated_vlan="" translated_ip_protocol="" translated_route_domain="" sa_translation_type="" sa_translation_pool="" flow_id="0000000000000000"] "Apr 30 2019 19:22:52","10.13.101.251","testCompany","","","","Virtual Server","/Common/V1_VmUAG_8443","/Common/V1_VmUAG.app/V1_VmUAG_ip_intelligence","192.168.0.1","172.16.0.1","8080","8443","/Common/Vlan290","TCP","1","windows_exploits,spam_sources","Drop","custom_category","","","","","","","","","","0000000000000000"