2 - Official SonicWall rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
16 <!-- SonicWall Log messages -->
17 <group name="syslog,sonicwall,">
18 <rule id="4800" level="0">
19 <decoded_as>sonicwall</decoded_as>
20 <description>SonicWall messages grouped.</description>
23 <rule id="4801" level="8">
26 <description>SonicWall critical message.</description>
29 <rule id="4802" level="8">
32 <description>SonicWall critical message.</description>
35 <rule id="4803" level="4">
38 <description>SonicWall error message.</description>
41 <rule id="4804" level="3">
44 <description>SonicWall warning message.</description>
47 <rule id="4805" level="0">
50 <description>SonicWall notice message.</description>
53 <rule id="4806" level="0">
56 <description>SonicWall informational message.</description>
59 <rule id="4807" level="0">
62 <description>SonicWall debug message.</description>
65 <rule id="4810" level="3">
68 <description>Firewall administrator login.</description>
69 <group>authentication_success,</group>
72 <rule id="4811" level="9">
75 <description>Firewall authentication failure.</description>
76 <group>authentication_failed,</group>
79 <rule id="4850" level="10" frequency="6" timeframe="120" ignore="60">
80 <if_matched_sid>4804</if_matched_sid>
81 <description>Multiple firewall warning messages.</description>
82 <group>service_availability,</group>
85 <rule id="4851" level="10" frequency="6" timeframe="120" ignore="60">
86 <if_matched_sid>4803</if_matched_sid>
87 <description>Multiple firewall error messages.</description>
88 <group>service_availability,</group>
90 </group> <!-- SonicWall -->