2 - Official Cisco IOS rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
16 <group name="syslog,cisco_ios,">
17 <rule id="4700" level="0">
18 <decoded_as>cisco-ios</decoded_as>
19 <description>Grouping of Cisco IOS rules.</description>
22 <rule id="4710" level="9">
25 <description>Cisco IOS emergency message.</description>
29 <rule id="4711" level="5">
32 <description>Cisco IOS alert message.</description>
35 <rule id="4712" level="5">
38 <description>Cisco IOS critical message.</description>
41 <rule id="4713" level="4">
44 <description>Cisco IOS error message.</description>
47 <rule id="4714" level="4">
50 <description>Cisco IOS warning message.</description>
53 <rule id="4715" level="0">
56 <description>Cisco IOS notification message.</description>
59 <rule id="4716" level="0">
62 <description>Cisco IOS informational message.</description>
65 <rule id="4717" level="0">
68 <description>Cisco IOS debug message.</description>
71 <rule id="4721" level="3">
73 <id>^%SYS-5-CONFIG</id>
74 <description>Cisco IOS router configuration changed.</description>
75 <group>config_changed,</group>
78 <rule id="4722" level="3">
80 <id>^%SEC_LOGIN-5-LOGIN_SUCCESS</id>
81 <description>Successful login to the router.</description>
82 <group>authentication_success,</group>
85 <rule id="4724" level="9">
87 <id>^%SEC_LOGIN-4-LOGIN_FAILED</id>
88 <description>Failed login to the router.</description>
89 <group>authentication_failed,</group>
92 </group> <!-- SYSLOG,CISCO IOS -->