projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec-testing / tests / exim.ini
diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini
new file mode 100644 (file)
index 0000000..f685365
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/exim.ini
@@ -0,0 +1,29 @@
+[auth failure]
+log 1 pass = 2017-01-23 03:44:14 dovecot_login authenticator failed for (hydra) [10.101.1.18]:35686: 535 Incorrect authentication data (set_id=user)
+log 2 pass = 2017-01-24 05:22:29 dovecot_plain authenticator failed for (test) [::1]:39454: 535 Incorrect authentication data (set_id=test)
+
+rule = 13006
+alert = 5
+decoder = windows-date-format
+
+[exim connection]
+log 1 pass = 2017-01-24 03:09:46 SMTP connection from [10.101.1.10]:55010 (TCP/IP connection count = 1)
+
+rule = 13008
+alert = 0
+decoder = windows-date-format
+
+[exim connection lost]
+log 1 pass = 2017-01-24 02:53:13 SMTP connection from (hydra) [10.101.1.10]:53682 lost
+
+rule = 13009
+alert = 1
+decoder = windows-date-format
+
+[exim syntax/protocol error]
+log 1 pass = 2017-01-24 05:36:23 SMTP call from (000000) [::1]:39480 dropped: too many syntax or protocol errors (last command was "123")
+
+rule = 13010
+alert = 5
+decoder = windows-date-format
+
ossec-hids