Cisco IronPort sample event messages

Use these sample event messages as a way of verifying a successful integration with the QRadar® product. Replace the sample IP addresses, etc. with your own content.

The following table shows a sample event message from Cisco IronPort:

Event name Low level category Sample log message

Mailserver_info

Information

Table 1. Cisco IronPort sample message supported by the Cisco IronPort device
Event name	Low level category	Sample log message
Mailserver_info	Information	`Mon Apr 17 19:57:202003 Info: MID 6 ICID5 From:<username@example.com>`
TCP_CONNECT	Information	`timestamp=1296564861.465 x-latency=72 cip=127.0.0.1 xresultcodehttpstatus=TCP_MISS_SSL/200 scbytes=0 csmethod=TCP_CONNECT csurl=192.0.2.1:443cs-username=- xhierarchyorigin=DIRECT/192.0.2.1 cs(MIME_type)=- xacltag=DECRYPT_WEBCAT_7-DefaultGroup-DefaultGroup-NONENONE-NONEDefaultGroup`

Mon Apr 17 19:57:202003 Info: MID 6 ICID5 From:<username@example.com>

TCP_CONNECT

Information

timestamp=1296564861.465 x-latency=72 cip=127.0.0.1 xresultcodehttpstatus=TCP_MISS_SSL/200 scbytes=0 csmethod=TCP_CONNECT csurl=192.0.2.1:443cs-username=- xhierarchyorigin=DIRECT/192.0.2.1 cs(MIME_type)=- xacltag=DECRYPT_WEBCAT_7-DefaultGroup-DefaultGroup-NONENONE-NONEDefaultGroup