1 <!-- @(#) $Id: ./etc/rules/postgresql_rules.xml, 2011/09/08 dcid Exp $
3 - Official PostgreSQL rules for OSSEC.
5 - Copyright (C) 2009 Trend Micro Inc.
8 - This program is a free software; you can redistribute it
9 - and/or modify it under the terms of the GNU General Public
10 - License (version 2) as published by the FSF - Free Software
13 - License details: http://www.ossec.net/en/licensing.html
17 <!-- PostgreSQL Log messages -->
18 <group name="postgresql_log,">
19 <rule id="50500" level="0">
20 <decoded_as>postgresql_log</decoded_as>
21 <description>PostgreSQL messages grouped.</description>
24 <rule id="50501" level="0">
25 <if_sid>50500</if_sid>
27 <description>PostgreSQL log message.</description>
30 <rule id="50502" level="0">
31 <if_sid>50500</if_sid>
32 <status>^NOTICE|INFO</status>
33 <description>PostgreSQL informational message.</description>
36 <rule id="50503" level="4">
37 <if_sid>50500</if_sid>
38 <status>^ERROR</status>
39 <description>PostgreSQL error message.</description>
42 <rule id="50504" level="5">
43 <if_sid>50500</if_sid>
44 <status>^FATAL</status>
45 <description>PostgreSQL error message.</description>
48 <rule id="50505" level="0">
49 <if_sid>50500</if_sid>
50 <status>^DEBUG</status>
51 <description>PostgreSQL debug message.</description>
54 <rule id="50510" level="0">
55 <if_sid>50501</if_sid>
56 <match> duration: | statement: </match>
57 <description>Database query.</description>
60 <rule id="50511" level="3">
61 <if_sid>50501</if_sid>
62 <match>connection authorized</match>
63 <description>Database authentication success.</description>
64 <group>authentication_success,</group>
67 <rule id="50512" level="9">
68 <if_sid>50504</if_sid>
69 <match>authentication failed</match>
70 <description>Database authentication failure.</description>
71 <group>authentication_failed,</group>
74 <rule id="50520" level="12">
75 <if_sid>50504</if_sid>
76 <match>terminating connection due</match>
77 <description>Database shutdown message.</description>
78 <group>service_availability,</group>
81 <rule id="50521" level="12">
82 <if_sid>50501</if_sid>
83 <match>aborting any active transactions|shutting down</match>
84 <description>Database shutdown message.</description>
85 <group>service_availability,</group>
88 <rule id="50580" level="10" frequency="6" timeframe="120" ignore="60">
89 <if_matched_sid>50504</if_matched_sid>
90 <description>Multiple database errors.</description>
91 <group>service_availability,</group>
94 <rule id="50581" level="10" frequency="6" timeframe="120" ignore="60">
95 <if_matched_sid>50503</if_matched_sid>
96 <description>Multiple database errors.</description>
97 <group>service_availability,</group>
100 </group> <!-- POSTGRESQL -->