1 <!-- @(#) $Id: ./etc/rules/sonicwall_rules.xml, 2011/09/08 dcid Exp $
3 - Official SonicWall rules for OSSEC.
5 - Copyright (C) 2009 Trend Micro Inc.
8 - This program is a free software; you can redistribute it
9 - and/or modify it under the terms of the GNU General Public
10 - License (version 2) as published by the FSF - Free Software
13 - License details: http://www.ossec.net/en/licensing.html
17 <!-- SonicWall Log messages -->
18 <group name="syslog,sonicwall,">
19 <rule id="4800" level="0">
20 <decoded_as>sonicwall</decoded_as>
21 <description>SonicWall messages grouped.</description>
24 <rule id="4801" level="8">
27 <description>SonicWall critical message.</description>
30 <rule id="4802" level="8">
33 <description>SonicWall critical message.</description>
36 <rule id="4803" level="4">
39 <description>SonicWall error message.</description>
42 <rule id="4804" level="3">
45 <description>SonicWall warning message.</description>
48 <rule id="4805" level="0">
51 <description>SonicWall notice message.</description>
54 <rule id="4806" level="0">
57 <description>SonicWall informational message.</description>
60 <rule id="4807" level="0">
63 <description>SonicWall debug message.</description>
66 <rule id="4810" level="3">
69 <description>Firewall administrator login.</description>
70 <group>authentication_success,</group>
73 <rule id="4811" level="9">
76 <description>Firewall authentication failure.</description>
77 <group>authentication_failed,</group>
80 <rule id="4850" level="10" frequency="6" timeframe="120" ignore="60">
81 <if_matched_sid>4804</if_matched_sid>
82 <description>Multiple firewall warning messages.</description>
83 <group>service_availability,</group>
86 <rule id="4851" level="10" frequency="6" timeframe="120" ignore="60">
87 <if_matched_sid>4803</if_matched_sid>
88 <description>Multiple firewall error messages.</description>
89 <group>service_availability,</group>
91 </group> <!-- SonicWall -->