-<!-- @(#) $Id: ftpd_rules.xml,v 1.6 2008/08/05 18:54:23 dcid Exp $
+<!-- @(#) $Id$
- Official ftpd rules for OSSEC.
- Author: Ahmet Ozturk
- License: http://www.ossec.net/en/licensing.html
<description>FTP authentication failure.</description>
<group>authentication_failed,</group>
</rule>
+
+ <rule id="11113" level="5">
+ <if_sid>11100</if_sid>
+ <regex>^login \S+ from \S+ failed</regex>
+ <description>FTP authentication failure.</description>
+ <group>authentication_failed,</group>
+ </rule>
</group> <!-- SYSLOG,FTPD -->