1 <group name="syslog,proxmox-ve,">
2 <rule id="53400" level="0">
3 <decoded_as>pvedaemon</decoded_as>
4 <description>pvedaemon messages grouped.</description>
7 <rule id="53401" level="6">
9 <match>authentication failure; </match>
10 <description>Proxmox VE authentication failed.</description>
11 <group>authentication_failed,</group>
14 <rule id="53402" level="10" frequency="6" timeframe="120">
15 <if_matched_sid>53401</if_matched_sid>
17 <description>Proxmox VE brute force (multiple failed logins).</description>
18 <group>authentication_failures,</group>
21 <rule id="53403" level="3">
22 <if_sid>53400</if_sid>
23 <match> successful auth for user </match>
24 <description>Proxmox VE authentication succeeded.</description>
25 <group>authentication_success,</group>