+++ /dev/null
-<group name="syslog,proxmox-ve,">
- <rule id="53400" level="0">
- <decoded_as>pvedaemon</decoded_as>
- <description>pvedaemon messages grouped.</description>
- </rule>
-
- <rule id="53401" level="6">
- <if_sid>53400</if_sid>
- <match>authentication failure; </match>
- <description>Proxmox VE authentication failed.</description>
- <group>authentication_failed,</group>
- </rule>
-
- <rule id="53402" level="10" frequency="6" timeframe="120">
- <if_matched_sid>53401</if_matched_sid>
- <same_source_ip />
- <description>Proxmox VE brute force (multiple failed logins).</description>
- <group>authentication_failures,</group>
- </rule>
-
- <rule id="53403" level="3">
- <if_sid>53400</if_sid>
- <match> successful auth for user </match>
- <description>Proxmox VE authentication succeeded.</description>
- <group>authentication_success,</group>
- </rule>
-
-</group>
\ No newline at end of file