Huawei S Series Switch sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Huawei S Series Switch sample message when you use the Syslog protocol
Important: Due to formatting, paste the message format into a text editor and then
remove any carriage return or line feed characters.
The following event shows that the source MAC address in the ARP packet is invalid.
May 22 2012 09:43:39huawei.sseriesswitch.test%%01SECE/3/ARPS_DROP_PACKET_SRC_MAC(l):
Invalidsourcemacaddress.(SourceMAC=0000-0000-0000,SourceIP=10.10.10.11,SourceInterface=
XGigabitEthernet5/0/0,DropTime=2012/05/22 09:43:39)
QRadar field name | Highlighted payload field name |
---|---|
Event ID |
SECE/3/ARPS_DROP_PACKET_SRC_MAC The Event ID is extracted from the payload header. |
Source IP |
SourceIP The Source IP can be the SourceAddress, SourceIP, or Source fields, which are available in the payload. |
Source MAC | SourceMAC |
Device Time |
May 22 2012 09:43:39 The device time is extracted from the payload header. |