--- /dev/null
+**Phase 1: Completed pre-decoding.
+ full event: 'Nov 24 18:18:28 gandalf pop3d: LOGIN FAILED, ip=[::ffff:1.2.3.4]'
+ hostname: 'gandalf'
+ program_name: 'pop3d'
+ log: 'LOGIN FAILED, ip=[::ffff:1.2.3.4]'
+
+**Phase 2: Completed decoding.
+ decoder: 'courier'
+ srcip: '::ffff:1.2.3.4'
+
+**Phase 3: Completed filtering (rules).
+ Rule id: '3902'
+ Level: '5'
+ Description: 'Courier (imap/pop3) authentication failed.'
+**Alert to be generated.
+
+
projects / ossec-hids.git / blobdiff