[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: decoder.xml (HEAD) [dcid]
Module name: ossec-hids
Changes by: dcid 07/09/28 22:18:28
Modified files:
decoder.xml
Log message:
Description: Fixing one decoder that wasn't working. Few small fixes...
Reviewed by: dcid
Bug:
Index: decoder.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/decoder.xml,v
diff -u -r1.128 -r1.129
--- decoder.xml 17 Sep 2007 02:52:36 -0000 1.128
+++ decoder.xml 29 Sep 2007 01:18:27 -0000 1.129
@@ -42,16 +42,17 @@
euid=0 tty=ssh ruser= rhost=10.0.3.1 user=root
- Nov 17 21:41:22 localhost su[8060]: (pam_unix) session opened for user root by (uid=0)
- Nov 11 22:46:29 localhost vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=1.2.3.4
+ - Sep 28 15:28:58 server login: pam_unix(login:session): session opened for user carl by LOGIN(uid=0)
+ - Sep 28 15:35:18 server sshd[123]: pam_unix(sshd:session): session opened for user carl by (uid=0)
-->
<decoder name="pam">
<program_name>(pam_unix)$</program_name>
</decoder>
<decoder name="pam">
- <program_name>^vsftpd</program_name>
+ <program_name>^vsftpd|^login</program_name>
<prematch>^pam_unix</prematch>
</decoder>
-
<decoder name="pam-host-user">
<parent>pam</parent>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.