+++ /dev/null
-[User login failed.]
-log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[23164]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost= user=osaudit
-log 2 pass = Jun 28 23:01:27 xxxx auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=lipjigaglgihgoeadcdaa.p.salmon@xxx.xxx.xxx.xxx rhost=91.195.103.44
-
-rule = 5503
-alert = 5
-decoder = pam
-
-[Attempt to login with an invalid user.]
-log 1 pass = Nov 11 22:46:29 localhost vsftpd(pam_unix)[25073]: check pass; user unknown
-
-rule = 5504
-alert = 5
-decoder = pam
-
-[Login session opened.]
-log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session opened for user news by (uid=0)
-
-rule = 5501
-alert = 3
-decoder = pam
-
-[Login session closed.]
-log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session closed for user news
-
-rule = 5502
-alert = 3
-decoder = pam
-
-[User missed the password more than one time]
-log 1 pass = Nov 11 22:46:29 localhost sshd(pam_unix)[15794]: 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.3.1 user=root
-
-rule = 2502
-alert = 10
-decoder = pam
-