VMware vCenter sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
VMware vCenter sample message when you use the EMC VMWare protocol
Sample 1: The following sample event message shows that a user is granted access to the specified resource.
<142>Apr 14 08:33:05 vmware.vcenter.test - UserId : aaaaaa-111-111-1111-aaaa-qqqqqq, UserName : admin, AuthSource : LOCAL, Session : aaaaaa-111-111-1111-aaaa-qqqqqq::952f4613-9416-4769-9ba4-7ec5ce73ab85, Category : ACCESS_GRANTED - Access to \"metadata.resourceKind.get\" is granted| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | ACCESS_GRANTED |
| Username | admin |
Sample 2: The following sample event message shows a user login session event.
<14>1 2020-10-07T13:00:44.136034+02:00 vmware.vcenter.test vpxd 4188 - - Event [420537] [1-1] [2020-10-07T11:00:44.13551Z] [vim.event.UserLoginSessionEvent] [info] [TEST1.TEST\\vpxd-ext] [] [420537] [User TEST1.TEST\\vpxd-ext logged in as VMware vim-java 1.0]| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | UserLoginSessionEvent |
| Username | TEST1.TEST\\vpxd-ext |