+++ /dev/null
-**Phase 1: Completed pre-decoding.
- full event: 'Sep 11 01:40:59 bogus.com su: ericx to root on /dev/ttyu0'
- hostname: 'bogus.com'
- program_name: 'su'
- log: 'ericx to root on /dev/ttyu0'
-
-**Phase 2: Completed decoding.
- decoder: 'su'
- srcuser: 'ericx'
- dstuser: 'root'
-
-**Phase 3: Completed filtering (rules).
- Rule id: '5305'
- Level: '4'
- Description: 'First time (su) is executed by user.'
-**Alert to be generated.
-
-
projects / ossec-hids.git / blobdiff