projects / ossec-hids.git / blob
? search:


9ad2d73ab06c6c664f94272e67a6ae34232abf15
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / logtesting / 31 / res
1 **Phase 1: Completed pre-decoding.
2        full event: 'May 26 19:40:41 enigma sudo: dcid : TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/usr/bin/tail /var/log/secure'
3        hostname: 'enigma'
4        program_name: 'sudo'
5        log: 'dcid : TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/usr/bin/tail /var/log/secure'
6
7 **Phase 2: Completed decoding.
8        decoder: 'sudo'
9        dstuser: 'dcid'
10        url: '/var/www/htdocs'
11        srcuser: 'root'
12        status: '/usr/bin/tail /var/log/secure'
13
14 **Phase 3: Completed filtering (rules).
15        Rule id: '5403'
16        Level: '4'
17        Description: 'First time user executed sudo.'
18 **Alert to be generated.
19
20
ossec-hids