2 - Official Solaris BSM Auditing rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
16 <!-- Solaris BSM Log messages -->
17 <group name="syslog,solaris_bsm,">
18 <rule id="6100" level="0">
19 <decoded_as>solaris_bsm</decoded_as>
20 <description>Solaris BSM Auditing messages grouped.</description>
23 <rule id="6101" level="5">
25 <status>^failed</status>
26 <description>Auditing session failed.</description>
29 <rule id="6102" level="0">
32 <description>Auditing session succeeded.</description>
35 <rule id="6103" level="3">
38 <description>Login session succeeded.</description>
39 <group>authentication_success,</group>
42 <rule id="6104" level="5">
45 <description>Login session failed.</description>
46 <group>authentication_failed,</group>
49 <rule id="6105" level="3">
52 <description>User successfully changed UID.</description>
53 <group>authentication_success,</group>
56 <rule id="6106" level="5">
59 <description>User failed to change UID (user id).</description>
60 <group>authentication_failed,</group>
62 </group> <!-- SOLARIS BSM -->