Apache HTTP Server sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Apache HTTP Server sample messages when you use the Syslog protocol
Sample 1: The following sample event is generated when a user is authenticated.
<86>Jun 28 06:00:19 apache.httpserver.test sshd[11148]: pam_vas: Authentication <succeeded> for <Active Directory> user: <svc_unix> account: <DOMAINNAME\svc_unix_secscan> service: <sshd> reason: <>
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID |
Authentication user (extracted from the event content) |
Event Category | sshd |
Username | svc_unix |
Sample 2: The following sample event message shows that an HTTP 403 system status occurred.
Oct 21 10:05:35 apache.httpserver.test httpd: 10.100.100.101 172.16.210.237 - - [26/Jan/2006:12:24:54 +0000] "HEAD / HTTP/1.0" 403 123 "-" "-"
QRadar field name | Highlighted values in Apache event |
---|---|
Event ID | 403 |
Event Category | apache (extracted from the event content) |
Source IP | 10.100.100.101 |
Destination IP | 172.16.210.237 |