Huawei S Series Switch sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Huawei S Series Switch sample message when you use the Syslog protocol

Important: Due to formatting, paste the message format into a text editor and then remove any carriage return or line feed characters.

The following event shows that the source MAC address in the ARP packet is invalid.

May 22 2012 09:43:39huawei.sseriesswitch.test%%01SECE/3/ARPS_DROP_PACKET_SRC_MAC(l):
Invalidsourcemacaddress.(SourceMAC=0000-0000-0000,SourceIP=10.10.10.11,SourceInterface=
XGigabitEthernet5/0/0,DropTime=2012/05/22 09:43:39)
Table 1. Highlighted fields
QRadar field name Highlighted payload field name
Event ID

SECE/3/ARPS_DROP_PACKET_SRC_MAC

The Event ID is extracted from the payload header.

Source IP

SourceIP

The Source IP can be the SourceAddress, SourceIP, or Source fields, which are available in the payload.

Source MAC SourceMAC
Device Time

May 22 2012 09:43:39

The device time is extracted from the payload header.