X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fexim.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fexim.ini;h=f6853658a55b5fc30e8da151dc62023ec60bf82d;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini
new file mode 100644
index 0000000..f685365
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini
@@ -0,0 +1,29 @@
+[auth failure]
+log 1 pass = 2017-01-23 03:44:14 dovecot_login authenticator failed for (hydra) [10.101.1.18]:35686: 535 Incorrect authentication data (set_id=user)
+log 2 pass = 2017-01-24 05:22:29 dovecot_plain authenticator failed for (test) [::1]:39454: 535 Incorrect authentication data (set_id=test)
+
+rule = 13006
+alert = 5
+decoder = windows-date-format
+
+[exim connection]
+log 1 pass = 2017-01-24 03:09:46 SMTP connection from [10.101.1.10]:55010 (TCP/IP connection count = 1)
+
+rule = 13008
+alert = 0
+decoder = windows-date-format
+
+[exim connection lost]
+log 1 pass = 2017-01-24 02:53:13 SMTP connection from (hydra) [10.101.1.10]:53682 lost
+
+rule = 13009
+alert = 1
+decoder = windows-date-format
+
+[exim syntax/protocol error]
+log 1 pass = 2017-01-24 05:36:23 SMTP call from (000000) [::1]:39480 dropped: too many syntax or protocol errors (last command was "123")
+
+rule = 13010
+alert = 5
+decoder = windows-date-format
+