X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fasterisk.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fasterisk.ini;h=fffff0827553d7db5d2665d6902f9625125e35f3;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/asterisk.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/asterisk.ini
new file mode 100644
index 0000000..fffff08
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/asterisk.ini
@@ -0,0 +1,15 @@
+[login failed]
+log 1 pass = Aug 29 07:21:05 hostname asterisk[3284]: NOTICE[3734]: chan_sip.c:28088 in handle_request_register: Registration from '"3810" <sip:3810@1.2.3.4:5060>' failed for '37.8.26.31:5065' - Wrong password
+log 2 pass = Dec 16 18:02:04 asterisk1 asterisk[31774]: NOTICE[31787]: chan_sip.c:11242 in handle_request_register: Registration from '"503"<sip:503@192.168.1.107>' failed for '192.168.1.137' - Wrong password
+
+rule = 6210
+alert = 5
+decoder = asterisk
+
+[invalid extension]
+log 1 pass = Aug 30 16:02:29 hostname asterisk[3284]: NOTICE[3734][C-00001c7a]: chan_sip.c:25650 in handle_request_invite: Call from '' (89.163.146.112:5071) to extension '70046313115067' rejected because extension not found in context 'default'.
+
+rule = 6258
+alert = 5
+decoder = asterisk
+