X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=contrib%2Fossec-testing%2Ftests%2Fsyslog.ini;fp=contrib%2Fossec-testing%2Ftests%2Fsyslog.ini;h=44c202994be1445453e6017f016f6ca980cf909a;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/contrib/ossec-testing/tests/syslog.ini b/contrib/ossec-testing/tests/syslog.ini
new file mode 100644
index 0000000..44c2029
--- /dev/null
+++ b/contrib/ossec-testing/tests/syslog.ini
@@ -0,0 +1,43 @@
+[Uninteresting nouveau error.]
+log 1 fail = Jul 18 09:21:57 localhost kernel: nouveau E[  PGRAPH][0000:0f:00.0] DATA_ERROR BEGIN_END_ACTIVE
+
+rule = 2944
+alert = 1
+decoder =
+
+[Uninteresting nouveau error.]
+log 1 fail = Jul 18 09:21:57 localhost kernel: nouveau E[  PGRAPH][0000:0f:00.0]  DATA_ERROR
+
+rule = 2944
+alert = 1
+decoder =
+
+[Incorrect chain/target/match.]
+log 3 fail = Jul 18 10:51:43 localhost NetworkManager[1366]: <warn> (enp1s0) firewall zone remove failed: (32) COMMAND_FAILED: '/sbin/iptables -D INPUT_ZONES -t filter -i enp1s0 -g IN_public' failed: ipta
+bles: No chain/target/match by that name.
+
+rule = 2941
+alert = 3
+decoder = NetworkManager
+
+[rsyslog may be dropping messages due to rate-limiting.]
+log 1 fail = Feb  5 13:07:52 plugh rsyslogd-2177: imuxsock begins to drop messages from pid 12105 due to rate-limiting
+
+rule = 2945
+alert = 4
+decoder =
+
+[Non-standard syslog-ng format with year.]
+log 1 fail = 2015 2015 Nov 13 13:40:01 ether rsyslogd-2177: imuxsock begins to drop messages from pid 17840 due to rate-limiting
+
+rule = 2945
+alert = 4
+decoder =
+
+[useradd failed]
+log 1 fail = May  4 18:21:10 collectd useradd[15178]: failed adding user 'ansible', data deleted
+
+rule = 5905
+alert = 0
+decoder =
+