--- /dev/null
+<!--
+Aug 14 10:15:25 junction.example.com smtpd[28882]: smtp-in: Failed command on session 1f55bdcdf16e28a3: "MAIL FROM:<root@junction.example.com> " => 421 4.3.0: Temporar
+y Error
+-->
+
+<group name="syslog,smtpd,">
+
+ <rule id="53500" level="0">
+ <decoded_as>smtpd</decoded_as>
+ <description>OpenSMTPd grouping.</description>
+ </rule>
+
+ <rule id="53501" level="3">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <status>Failed</status>
+ <description>Message failed.</description>
+ </rule>
+
+ <rule id="53502" level="0">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <match> New session</match>
+ <description>New session created.</description>
+ </rule>
+
+ <rule id="53503" level="0">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <match> Closing session</match>
+ <description>Session closed.</description>
+ </rule>
+
+ <rule id="53504" level="0">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <status>Accepted</status>
+ <description>Message accepted.</description>
+ </rule>
+
+ <rule id="53505" level="0">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <match>delivery: Ok</match>
+ <description>Email delivered.</description>
+ </rule>
+
+ <rule id="53506" level="2">
+ <if_sid>53501</if_sid>
+ <match>Command not supported$</match>
+ <description>SMTP command not supported.</description>
+ </rule>
+
+ <rule id="53507" level="2">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <match>IO error: No SSL error$</match>
+ <description>OpenSMTPd: no SSL</description>
+ </rule>
+
+ <rule id="53508" level="5">
+ <decoded_as>smtpd</decoded_as>
+ <if_sid>53500</if_sid>
+ <match>Server certificate verification failed</match>
+ <description>Server TLS certificate verification failed.</description>
+ </rule>
+
+</group>
projects / ossec-hids.git / blobdiff