X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Fossec-testing%2Ftests%2Fnetscreen.ini;fp=contrib%2Fossec-testing%2Ftests%2Fnetscreen.ini;h=92de03d803b3df591097ddb4820bd2b7aaaa1823;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/contrib/ossec-testing/tests/netscreen.ini b/contrib/ossec-testing/tests/netscreen.ini
new file mode 100644
index 0000000..92de03d
--- /dev/null
+++ b/contrib/ossec-testing/tests/netscreen.ini
@@ -0,0 +1,28 @@
+[Firewall configuration changed.]
+log 1 pass = 2014-05-23T10:25:58.681222-04:00 10.10.10.1 ssg5-serial: NetScreen device_id=0275112227993284  [Root]system-information-00767: System configuration saved by netscreen via web from host 10.10.10.101 to 10.10.10.1:443 by netscreen. (2014-05-23 10:58:17)
+
+rule = 4509
+alert = 8
+decoder = netscreenfw
+
+[Firewall policy changed.]
+log 1 pass = 2014-05-23T10:29:55.704201-04:00 10.10.10.1 ssg5-serial: NetScreen device_id=0275112227993284  [Root]system-notification-00018: Policy (5, Trust->Untrust, 10.10.10.0/24->172.16.19.0/24,ANY, Permit) was modified by netscreen via web from host 10.10.10.101 to 10.10.10.1:443. (2014-05-23 11:02:13)
+
+rule = 4508
+alert = 8
+decoder = netscreenfw
+
+[Successfull admin login to the Netscreen firewall]
+log 1 pass = 2014-05-23T10:39:20.681154-04:00 10.10.10.1 ssg5-serial: NetScreen device_id=0275112227993284  [Root]system-warning-00515: Management session via SSH from 10.10.10.100:0 for admin netscreen has timed out (2014-05-23 11:11:39)
+
+rule = 4507
+alert = 8
+decoder = netscreenfw
+
+[syn flood]
+log 1 pass = Jul  7 05:02:34 ssg5.17.168.192.in-addr.arpa ssg5: NetScreen device_id=ssg5  [Root]system-emergency-00005: SYN flood! From 192.168.18.53:41437 to 192.168.17.251:9612, proto TCP (zone Untrust int  ethernet0/0). Occurred 1 times. (2016-07-07 05:02:32)
+
+rule = 4560
+alert = 3
+decoder = netscreenfw
+