+++ /dev/null
-**Phase 1: Completed pre-decoding.
- full event: 'Apr 27 15:22:23 niban sudo: dcid : TTY=pts/4 ; PWD=/home/dcid ; USER=root ; COMMAND=/usr/bin/tail /var/log/snort/alert.fast'
- hostname: 'niban'
- program_name: 'sudo'
- log: ' dcid : TTY=pts/4 ; PWD=/home/dcid ; USER=root ; COMMAND=/usr/bin/tail /var/log/snort/alert.fast'
-
-**Phase 2: Completed decoding.
- decoder: 'sudo'
- dstuser: 'dcid'
- url: '/home/dcid'
- srcuser: 'root'
- status: '/usr/bin/tail /var/log/snort/alert.fast'
-
-**Phase 3: Completed filtering (rules).
- Rule id: '5403'
- Level: '4'
- Description: 'First time user executed sudo.'
-**Alert to be generated.
-
-