X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=etc%2Frules%2Fsyslog_rules.xml;h=a385e43a0ed1a1cac639180f7ff8825d8a57eb98;hb=refs%2Ftags%2Fdebian%2F2.8.3-1;hp=06b61f649100952c5f927723041e70c5a5c25145;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git
diff --git a/etc/rules/syslog_rules.xml b/etc/rules/syslog_rules.xml
index 06b61f6..a385e43 100755
--- a/etc/rules/syslog_rules.xml
+++ b/etc/rules/syslog_rules.xml
@@ -1,4 +1,4 @@
-
@@ -148,10 +161,47 @@
^Authentication passed
Pop3 Authentication passed.
+
+
+ openldap
+ OpenLDAP group.
+
+
+
+ 2507
+ ACCEPT from
+ OpenLDAP connection open.
+
+
+
+ 2507
+ 2508
+
+ RESULT tag=97 err=49
+ OpenLDAP authentication failed.
+
+
+
+
+
+ rshd
+ rshd messages grouped.
+
+
+
+ 2550
+ ^Connection from \S+ on illegal port$
+ Connection to rshd from unprivileged port. Possible network scan.
+ connection_attempt,
+
+
+
+
+
@@ -265,7 +315,7 @@
5100
- ipw2200: Firmware error detected.
+ ipw2200: Firmware error detected.| ACPI Error
Kernel device error.
@@ -380,6 +430,14 @@
alert_by_email
First time (su) is executed by user.
+
+
+ 5300
+ unknown class
+ OpenBSD uses login classes, and an inappropriate login class was used.
+ A user has attempted to su to an unknown class.
+
+
@@ -458,7 +516,7 @@
9100
^GRE: \S+ from \S+ failed: status = -1
PPTPD failed message (communication error)
- poptop.sourceforge.net/dox/gre-protocol-unavailable.phtml
+ http://poptop.sourceforge.net/dox/gre-protocol-unavailable.phtml
@@ -559,6 +617,38 @@
config_changed,
Yum package deleted.
+
+
+
+ 5100
+ mptscsih
+ Grouping for the mptscrih rules.
+
+
+
+ 5100
+ mptbase
+ Grouping for the mptbase rules.
+
+
+
+ 2935
+ FAILED
+ Posible Disk failure. SCSI controller error.
+
+
+
+ 2936
+ failed
+ SCSI RAID ARRAY ERROR, drive failed.
+
+
+
+ 2936
+ degraded
+ SCSI RAID is now in a degraded status.
+
+