Cisco ASA sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Cisco ASA sample message when you use the Syslog protocol
The following sample event message shows that the Internet Key Exchange (IKE) protocol obtained an address for the client private IP address from DHCP, or from the address pool. The sample event message also shows that the IP address is assigned to the client.
Aug 11 08:10:34 cisco.asa.test %ASA-6-713228: Group = groupx, Username = userx, IP = 192.0.2.10, Assigned private IP address 192.0.2.11 to remote user
| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | 713228 |
| Source IP | 192.0.2.10 |
| Username | userx |
| Post NAT Source IP | 192.0.2.11 |
| Identity IP | 192.0.2.11 |
| Identity Group Name | groupx |
| Identity Username | userx |
| Device Time | Aug 11 08:10:34 |