Avaya VPN Gateway sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Avaya VPN Gateway sample message when you use the Syslog protocol

Sample 1: The following sample event shows that the remote user has logged out from the VPN.

<134>Dec  9 19:38:32 avaya.vpngateway.test SSL: Informational SSL VPN Logout Vpn="1" SrcIp="192.168.0.1" User="testuser" Reason="logout"
Table 1. Highlighted values in the Avaya VPN Gateway event
QRadar field name Highlighted values in the event payload
Event ID VPN Logout
Username testuser
Source IP 192.168.0.1
Device Time Dec 9, 2020, 7:38:32 PM

Sample 2: The following sample event shows that the log in to the VPN succeeded.

<134>Dec  9 19:36:15 avaya.vpngateway.test SSL: Informational SSL VPN LoginSucceeded Vpn="1" SrcIp="192.168.0.1" Method="ipsec" User="testUser" Groups="testGroup " TunIP="10.147.0.26"
Table 2. Highlighted values in the Avaya VPN Gateway sample event
QRadar field name Highlighted values in the event payload
Event ID VPN LoginSucceeded TunIP
Username testUser
Source IP 192.168.0.1
Destination IP 10.147.0.26
Identity Group Name testGroup
Device Time Dec 9, 2020, 7:36:15 PM