--- /dev/null
+[samba: denied connect]
+log 1 pass = Dec 18 18:06:28 hostname smbd[832]: Denied connection from (192.168.3.23)
+
+
+rule = 13102
+alert = 5
+decoder = smbd
+
+[samba: connect denied]
+log 1 pass = Dec 18 18:06:28 hostname smbd[832]: Denied connection from (192.168.3.23)
+
+
+rule = 13102
+alert = 5
+decoder = smbd
+
+[samba: permission denied]
+log 1 fail = Dec 18 18:06:28 hostname smbd[17535]: Permission denied user not allowed to delete, pause, or resume print job. User name: ahmet. Printer name: prnq1.
+log 2 fail = Dec 18 18:06:28 hostname smbd[17535]: Permission denied\-\- user not allowed to delete, pause, or resume print job. User name: ahmet. Printer name: prnq1.
+
+rule = 13102
+alert = 5
+decoder = smbd
projects / ossec-hids.git / blobdiff