NGINX HTTP Server 範例事件訊息

使用這些範例事件訊息作為驗證與 QRadar®順利整合的方法。

下表提供當您對 NGINX HTTP Server DSM 使用 Syslog 通訊協定時的事件訊息範例:

重要事項: 由於格式化問題，請將訊息格式貼到文字編輯器中，然後移除任何換行字元。

事件名稱低層次種類日誌訊息範例

404

系統狀態

表 1. NGINX HTTP Server支援的 NGINX HTTP Server 範例訊息。
事件名稱	低層次種類	日誌訊息範例
404	系統狀態	`LEEF:1.0\|NGINX\|NGINX\|1.15.5\|404\|devTime=29/Oct/2018:15:36:58 -0300 src=127.0.0.1 dst=127.0.0.1 dstPort=80 proto=HTTP/1.1 usrName=- request=GET /nginx_status HTTP/1.1 body_bytes_sent=153 http_referer=- http_true_client_ip=- http_user_agent=curl/7.29.0 http_x_header=- http_x_forwarded_for=- request_time=0.000 upstream_response_time=- pipe=. uri_query=- uri_path=/nginx_status cookie=-`
Connection refused	防火牆拒絕	`<187>Sep 19 07:46:27 company3-hst ng inx: 2018/09/19 07:46:27 [error] 24881#24881 : *416 connect() failed (111: Connection ref used) while connecting to upstream, client: 198.51.100.111, server: ute-hst.company.com , request: "POST /api/v1/view/bill HTTP/1.1" , upstream: "http://198.51.100.225:9000/v1/ view/bill", host: "198.51.100.25:8080", ref errer: "https://www.hst.company.com/web/totes/"`

LEEF:1.0|NGINX|NGINX|1.15.5|404|devTime=29/Oct/2018:15:36:58 -0300	src=127.0.0.1	dst=127.0.0.1	dstPort=80	proto=HTTP/1.1	usrName=-	request=GET /nginx_status HTTP/1.1	body_bytes_sent=153	http_referer=-	http_true_client_ip=-	http_user_agent=curl/7.29.0	http_x_header=-	http_x_forwarded_for=-	request_time=0.000	upstream_response_time=-	pipe=.	uri_query=-	uri_path=/nginx_status	cookie=-

Connection refused

防火牆拒絕

<187>Sep 19 07:46:27 company3-hst ng
inx: 2018/09/19 07:46:27 [error] 24881#24881
: *416 connect() failed (111: Connection ref
used) while connecting to upstream, client: 
198.51.100.111, server: ute-hst.company.com
, request: "POST /api/v1/view/bill HTTP/1.1"
, upstream: "http://198.51.100.225:9000/v1/
view/bill", host: "198.51.100.25:8080", ref
errer: "https://www.hst.company.com/web/totes/"