2 - Official PostgreSQL rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
16 <!-- PostgreSQL Log messages -->
17 <group name="postgresql_log,">
18 <rule id="50500" level="0">
19 <decoded_as>postgresql_log</decoded_as>
20 <description>PostgreSQL messages grouped.</description>
23 <rule id="50501" level="0">
24 <if_sid>50500</if_sid>
26 <description>PostgreSQL log message.</description>
29 <rule id="50502" level="0">
30 <if_sid>50500</if_sid>
31 <status>^NOTICE|INFO</status>
32 <description>PostgreSQL informational message.</description>
35 <rule id="50503" level="4">
36 <if_sid>50500</if_sid>
37 <status>^ERROR</status>
38 <description>PostgreSQL error message.</description>
41 <rule id="50504" level="5">
42 <if_sid>50500</if_sid>
43 <status>^FATAL</status>
44 <description>PostgreSQL error message.</description>
47 <rule id="50505" level="0">
48 <if_sid>50500</if_sid>
49 <status>^DEBUG</status>
50 <description>PostgreSQL debug message.</description>
53 <rule id="50510" level="0">
54 <if_sid>50501</if_sid>
55 <match> duration: | statement: </match>
56 <description>Database query.</description>
59 <rule id="50511" level="3">
60 <if_sid>50501</if_sid>
61 <match>connection authorized</match>
62 <description>Database authentication success.</description>
63 <group>authentication_success,</group>
66 <rule id="50512" level="9">
67 <if_sid>50504</if_sid>
68 <match>authentication failed</match>
69 <description>Database authentication failure.</description>
70 <group>authentication_failed,</group>
73 <rule id="50520" level="12">
74 <if_sid>50504</if_sid>
75 <match>terminating connection due</match>
76 <description>Database shutdown messge.</description>
77 <group>service_availability,</group>
80 <rule id="50521" level="12">
81 <if_sid>50501</if_sid>
82 <match>aborting any active transactions|shutting down</match>
83 <description>Database shutdown messge.</description>
84 <group>service_availability,</group>
87 <rule id="50580" level="10" frequency="6" timeframe="120" ignore="60">
88 <if_matched_sid>50504</if_matched_sid>
89 <description>Multiple database errors.</description>
90 <group>service_availability,</group>
93 <rule id="50581" level="10" frequency="6" timeframe="120" ignore="60">
94 <if_matched_sid>50503</if_matched_sid>
95 <description>Multiple database errors.</description>
96 <group>service_availability,</group>
99 </group> <!-- POSTGRESQL -->