Merge tag 'upstream/2.7'

[ossec-hids.git] / contrib / logtesting / 9 / res

diff --git a/contrib/logtesting/9/res b/contrib/logtesting/9/res
new file mode 100644 (file)
index 0000000..2f97bf0
--- /dev/null
+++ b/contrib/logtesting/9/res
@@ -0,0 +1,12 @@
+**Phase 1: Completed pre-decoding.
+       full event: 'type=SYSCALL msg=audit(1307045440.943:148): arch=c000003e syscall=59 success=yes exit=0 a0=de1fa8 a1=de23a8 a2=dc3008 a3=7fff1db3cc60 items=2 ppid=11719 pid=12140 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 ses=4294967295 comm="wget" exe="/tmp/wget" key="webserver-watch-tmp"'
+       hostname: 'melancia'
+       program_name: '(null)'
+       log: 'type=SYSCALL msg=audit(1307045440.943:148): arch=c000003e syscall=59 success=yes exit=0 a0=de1fa8 a1=de23a8 a2=dc3008 a3=7fff1db3cc60 items=2 ppid=11719 pid=12140 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 ses=4294967295 comm="wget" exe="/tmp/wget" key="webserver-watch-tmp"'
+
+**Phase 2: Completed decoding.
+       decoder: 'auditd'
+       action: 'SYSCALL'
+       id: '148'
+       status: 'yes'
+       extra_data: '/tmp/wget'