X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=etc%2Fdecoder.xml;h=cb07a9301bf4d675289fbaad0a0333a3c379bd44;hb=db2a2e0952d5d340d1b4fecb92b604caae2c553e;hp=c809108565f180d0b87c71b69efa27a7b48bfea1;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git
diff --git a/etc/decoder.xml b/etc/decoder.xml
index c809108..cb07a93 100755
--- a/etc/decoder.xml
+++ b/etc/decoder.xml
@@ -1,4 +1,4 @@
-
+
+ ^rshd$
+
+
+
+ rshd
+ ^Connection from (\S+) on illegal port$
+ srcip
+
+
+
+
+
+
+ ^cimserver$
+
+
+
+ cimserver
+ ^\w+: Authentication failed for user
+ ^(\S+).$
+ user
+
+
+
+
+
^ftpd|^in.ftpd
@@ -415,6 +459,13 @@
srcip
+
+ ftpd
+ ^login \S+ from \S+ failed.
+ ^login (\S+) from (\S+) failed.$
+ user, srcip
+
+
windows
- ^MSWinEventLog\t\d\t\.+\t\d+\t\w\w\w \w\w\w \d\d \d\d
+ ^MSWinEventLog\t\d\t\.+\t\d+\t\w\w\S+ \w\w\w \d\d \d\d
^:\d\d:\d\d \d\d\d\d\t(\d+)\t(\.+)
\t(\.+)\t\.+\t(\.+)\t(\.+)\t
id, extra_data, user, status, system_name