1 <!-- OSSEC USB-detection Rule for Linux - https://www.thomas-krenn.com/de/wiki/Ubuntu_Syslog -->
3 <group name="linux, usb,">
5 <rule id="53600" level="0">
6 <program_name>kernel</program_name>
8 <description>Linux USB detection messages grouped</description>
12 <rule id="53601" level="8">
13 <if_sid>53600</if_sid>
14 <match>New USB device found</match>
15 <description>A new USB device was found by the system</description>
20 <rule id="53602" level="8">
21 <if_sid>53600</if_sid>
22 <match>new low-speed USB device</match>
23 <description>New Low-Speed USB Device was connected.</description>
28 <rule id="53603" level="8">
29 <if_sid>53600</if_sid>
30 <match>new high-speed USB device</match>
31 <description>New High-Speed USB Device was connected</description>
36 <rule id="53604" level="3">
37 <if_sid>53600</if_sid>
38 <match>USB disconnect</match>
39 <description>USB device was disconnected</description>