SonicWALL Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
SonicWALL Sample Messages When You Use the Syslog Protocol
Sample 1: The following sample event message shows that a probable port scan is detected.
<1> id=firewall sn=01234567ABCD time=" 2018-11-07 11:16:02 " fw=10.0.0.2 pri=1 c=32 m= 83 msg="Probable port scan detected" n=2 src= 10.0.0.3 : 443 :X1 dst= 172.16.194.2 : 47379 :X1 srcMac= 00:00:5E:00:53:ff dstMac= 00:00:5E:00:53:00 proto=tcp/1 note="TCP scanned port list, 14551, 61968, 53577, 27976, 29050, 25330, 21761, 23903, 7412, 47379" fw_action="NA"
JSA field name |
Highlighted values in the event payload |
|---|---|
Event ID |
83 |
Source IP |
10.0.0.3 |
Source Port |
443 |
Source Mac |
00:00:5E:00:53:ff |
Destination IP |
172.16.194.2 |
Destination Port |
47379 |
Destination Mac |
00:00:5E:00:53:00 |
Device Time |
2018-11-07 11:16:02 |
Sample 2: The following sample event message shows that NTP updated successfully.
<133> id=firewall sn=12345678123 time=" 2018-11-13 00:26:12 " fw=10.0.0.253 pri=5 c=128 m= 1231 msg="Time update from NTP server was successful" sess="None" n=1104 src= 10.0.2.3 : 123 :X0 dst= 10.0.5.6 : 123 :X1 proto=0/ntp note="Received reply from NTP server 10.2.2.5. Update system time from 11/13/2018 00:26:12.624 to 11/13/2018 00:26:12.736"
JSA field name |
Highlighted values in the event payload |
|---|---|
Event ID |
1231 |
Source IP |
10.0.2.3 |
Source Port |
123 |
Destination IP |
10.0.5.6 |
Destination Port |
123 |
Device Time |
2018-11-13 00:26:12 |