Avaya VPN Gateway sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Avaya VPN Gateway sample message when you use the Syslog protocol
Sample 1: The following sample event shows that the remote user has logged out from the VPN.
<134>Dec 9 19:38:32 avaya.vpngateway.test SSL: Informational SSL VPN Logout Vpn="1" SrcIp="192.168.0.1" User="testuser" Reason="logout"
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | VPN Logout |
Username | testuser |
Source IP | 192.168.0.1 |
Device Time | Dec 9, 2020, 7:38:32 PM |
Sample 2: The following sample event shows that the log in to the VPN succeeded.
<134>Dec 9 19:36:15 avaya.vpngateway.test SSL: Informational SSL VPN LoginSucceeded Vpn="1" SrcIp="192.168.0.1" Method="ipsec" User="testUser" Groups="testGroup " TunIP="10.147.0.26"
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | VPN LoginSucceeded TunIP |
Username | testUser |
Source IP | 192.168.0.1 |
Destination IP | 10.147.0.26 |
Identity Group Name | testGroup |
Device Time | Dec 9, 2020, 7:36:15 PM |