Forcepoint Sidewinder sample event message

Use this sample event message as a way of verifying a successful integration with QRadar.

The following table provides a sample event message when you use the Syslog protocol for the Forcepoint Sidewinder DSM:
Table 1. Forcepoint Sidewinder sample message supported by Forcepoint Sidewinder.
Event name Low-level category Sample log message
nettraffic@status_conn_close Firewall Session Closed
<131>May 16 11:41:11 auditd: date="May 16 15:41:11 2006 GMT",fac=f_ftpproxy,area=a_server,type=t_nettraffic,pri=p_major,pid=2718,ruid=0,euid=0,pgid=2718,logid=0,cmd=pftp,domain=PFTx,edomain=PFTx,srcip=192.168.0.1,srcport=4597,srcburb=internal,dstip=192.168.0.2,dstport=21,dstburb=external,protocol=6,bytes_written_to_client=0,bytes_written_to_server=0,service_name=pftp,reason="closing connection",status=conn_close,acl_id=default-outgoingrule,cache_hit=0,remote_logname=anonymous,request_command=QUIT,request_status=1,start_time="Tue May 16 11:41:06 2006",netsessid=4469f2920002870e