+ - rshd decoder
+ - Example message:
+ - Dec 17 10:49:23 hostname rshd[347339]: Connection from 10.217.223.31 on illegal port
+ -->
+<decoder name="rshd">
+ <program_name>^rshd$</program_name>
+</decoder>
+
+<decoder name="rshd-illegal-connection">
+ <parent>rshd</parent>
+ <regex>^Connection from (\S+) on illegal port$</regex>
+ <order>srcip</order>
+</decoder>
+
+
+
+<!--
+ - cimserver decoder
+ - Example messages:
+ - Dec 18 18:06:28 hostname cimserver[18575]: PGS17200: Authentication failed for user jones_b.
+ - Dec 18 18:06:29 hostname cimserver[18575]: PGS17200: Authentication failed for user domain\jones_b.
+ -->
+<decoder name="cimserver">
+ <program_name>^cimserver$</program_name>
+</decoder>
+
+<decoder name="cimserver-failed-authentication">
+ <parent>cimserver</parent>
+ <prematch>^\w+: Authentication failed for user </prematch>
+ <regex offset="after_prematch">^(\S+).$</regex>
+ <order>user</order>
+</decoder>
+
+
+
+<!--