1 <!-- @(#) $Id: ./etc/rules/cisco-ios_rules.xml, 2011/09/08 dcid Exp $
3 - Official Cisco IOS rules for OSSEC.
5 - Copyright (C) 2009 Trend Micro Inc.
8 - This program is a free software; you can redistribute it
9 - and/or modify it under the terms of the GNU General Public
10 - License (version 2) as published by the FSF - Free Software
13 - License details: http://www.ossec.net/en/licensing.html
17 <group name="syslog,cisco_ios,">
18 <rule id="4700" level="0">
19 <decoded_as>cisco-ios</decoded_as>
20 <description>Grouping of Cisco IOS rules.</description>
23 <rule id="4710" level="9">
26 <description>Cisco IOS emergency message.</description>
30 <rule id="4711" level="5">
33 <description>Cisco IOS alert message.</description>
36 <rule id="4712" level="5">
39 <description>Cisco IOS critical message.</description>
42 <rule id="4713" level="4">
45 <description>Cisco IOS error message.</description>
48 <rule id="4714" level="4">
51 <description>Cisco IOS warning message.</description>
54 <rule id="4715" level="0">
57 <description>Cisco IOS notification message.</description>
60 <rule id="4716" level="0">
63 <description>Cisco IOS informational message.</description>
66 <rule id="4717" level="0">
69 <description>Cisco IOS debug message.</description>
72 <rule id="4721" level="3">
74 <id>^%SYS-5-CONFIG</id>
75 <description>Cisco IOS router configuration changed.</description>
76 <group>config_changed,</group>
79 <rule id="4722" level="3">
81 <id>^%SEC_LOGIN-5-LOGIN_SUCCESS</id>
82 <description>Successful login to the router.</description>
83 <group>authentication_success,</group>
86 <rule id="4724" level="9">
88 <id>^%SEC_LOGIN-4-LOGIN_FAILED</id>
89 <description>Failed login to the router.</description>
90 <group>authentication_failed,</group>
93 </group> <!-- SYSLOG,CISCO IOS -->