Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Sample Event Messages

 

Use this sample event message as a way of verifying a successful integration with JSA.

Fortinet FortiGate Security Gateway sample message when you use the Syslog or the Syslog Redirect protocol

Due to formatting, paste the message format into a text editor and then remove any carriage return or line feed characters.

This sample shows an attempt to use a remote-access vulnerability that affects Microsoft Exchange Server. A remote attacker uses the vulnerability by sending an email with a meeting request that contains specially crafted vCal and iCal calendar data. As a result, the attacker might be able to take control of a vulnerable system.

<185>date=2011-05-09 time=14:31:07 devname=XXXXXXX device_id=XXXXXX log_id=XXXXX type=ips subtype=signature pri=alert severity=high carrier_ep=“N/A” profilegroup=“N/A” profiletype=“N/A” profile=“N/A” src=172.16.0.10 dst=172.16.0.10 src_int=“port26” dst_int=“port29” policyid=4 identidx=0 serial=XXXX status=detected proto=6 service=smtp vd=“root” count=1 src_port=XXXX dst_port=XXX attack_ id=11897 sensor=“DMZ_servers” ref=“http://www.example.com/ids/VID11897” user=“N/A” group=“N/A” incide nt_serialno=XXXXX msg=“email: MS.Exchange.Mail.Calender.Buffer.Overflow”<185>date=2011-05-09 time=14: 31:07 devname=XXXXXXX device_id=XXXXXX log_id=XXXXX type=ips subtype=signature pri=alert severity= high carrier_ep=“N/A” profilegroup=“N/A” profiletype=“N/A” profile=“N/A” src=172.16.0.10 dst=172.16. 0.10 src_int=“port26” dst_int=“port29” policyid=4 identidx=0 serial=XXXX status=detected proto=6 ser vice=smtp vd=“root” count=1 src_port=XXXX dst_port=XXX attack_id=11897 sensor=“DMZ_servers” ref=“ht tp://www.example.com/ids/VID11897” user=“N/A” group=“N/A” incident_serialno=XXXXX msg=“email: MS.Ex change.Mail.Calender.Buffer.Overflow”