X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Flogtesting%2F9%2Fres;fp=contrib%2Flogtesting%2F9%2Fres;h=2f97bf033b6f43dbbf2c51bf626738e6e1d88e9a;hp=0000000000000000000000000000000000000000;hb=ff0e686ac67bbd82b60c277eb324910dbc60f65f;hpb=33a81e69474ae91ecec4e991debe59e26bb330fd

diff --git a/contrib/logtesting/9/res b/contrib/logtesting/9/res
new file mode 100644
index 0000000..2f97bf0
--- /dev/null
+++ b/contrib/logtesting/9/res
@@ -0,0 +1,12 @@
+**Phase 1: Completed pre-decoding.
+       full event: 'type=SYSCALL msg=audit(1307045440.943:148): arch=c000003e syscall=59 success=yes exit=0 a0=de1fa8 a1=de23a8 a2=dc3008 a3=7fff1db3cc60 items=2 ppid=11719 pid=12140 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 ses=4294967295 comm="wget" exe="/tmp/wget" key="webserver-watch-tmp"'
+       hostname: 'melancia'
+       program_name: '(null)'
+       log: 'type=SYSCALL msg=audit(1307045440.943:148): arch=c000003e syscall=59 success=yes exit=0 a0=de1fa8 a1=de23a8 a2=dc3008 a3=7fff1db3cc60 items=2 ppid=11719 pid=12140 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 ses=4294967295 comm="wget" exe="/tmp/wget" key="webserver-watch-tmp"'
+
+**Phase 2: Completed decoding.
+       decoder: 'auditd'
+       action: 'SYSCALL'
+       id: '148'
+       status: 'yes'
+       extra_data: '/tmp/wget'