2016-04-12 10:15:11,756 next-test.com proftpd[29403] next-test.com
(hostname.com[78.131.92.4]): USER testnext (Login failed): Incorrect
password.
2016-04-12 10:15:30,894 next-test.com proftpd[29431] next-test.com
(hostname.com[78.131.92.4]): USER testnext: Login successful.
root@next-test:/var/ossec# /var/ossec/bin/ossec-logtest
2016/04/12 10:22:21 ossec-testrule: INFO: Reading local decoder file.
2016/04/12 10:22:21 ossec-testrule: INFO: Started (pid: 29992).
ossec-testrule: Type one log per line.
2016-04-12 10:15:11,756 next-test.com proftpd[29403] next-test.com
(hostname.com[78.131.92.4]): USER testnext (Login failed): Incorrect
password.
**Phase 1: Completed pre-decoding.
full event: '2016-04-12 10:15:11,756 next-test.com proftpd[29403]
next-test.com (hostname.com[78.131.92.4]): USER testnext (Login failed):
Incorrect password.'
hostname: 'next-test'
program_name: '(null)'
log: '2016-04-12 10:15:11,756 next-test.com proftpd[29403]
next-test.com (hostname.com[78.131.92.4]): USER testnext (Login failed):
Incorrect password.'
**Phase 2: Completed decoding.
No decoder matched.
**Phase 3: Completed filtering (rules).
Rule id: '2501'
Level: '5'
Description: 'User authentication failure.'
**Alert to be generated.
2016-04-12 10:15:11,756 next-test.com proftpd[29403] next-test.com
(hostname.com[78.131.92.4]): USER testnext (Login failed): Incorrect
password.
**Phase 1: Completed pre-decoding.
full event: '2016-04-12 10:15:11,756 next-test.com proftpd[29403]
next-test.com (hostname.com[78.131.92.4]): USER testnext (Login failed):
Incorrect password.'
hostname: 'next-test'
program_name: '(null)'
log: '2016-04-12 10:15:11,756 next-test.com proftpd[29403]
next-test.com (hostname.com[78.131.92.4]): USER testnext (Login failed):
Incorrect password.'
**Phase 2: Completed decoding.
No decoder matched.
**Phase 3: Completed filtering (rules).
Rule id: '2501'
Level: '5'
Description: 'User authentication failure.'
**Alert to be generated.
вторник, 12 апреля 2016 г., 15:31:34 UTC+4 пользователь dan (ddpbsd)
написал:
>
> On Tue, Apr 12, 2016 at 7:17 AM, <[email protected] <javascript:>> wrote:
> > Sorry, i missed the commit
> >
> https://github.com/ddpbsd/ossec-hids/commit/a7b69e873e070ea01e346d79c43b403920029801
>
> > Now my proftpd logs are not processed by ossec.
> >
>
> Can you provide log samples?
>
> > Also, if possible, please add to apt-repo deb-src packages to help
> recompile
> > ossec.
> > I tried to rebuild deb packages, but failed.
> >
> > четверг, 7 апреля 2016 г., 22:14:19 UTC+4 пользователь Jesus Linares
> > написал:
> >>
> >> What commit do you mean?
> >>
> >> On Tuesday, April 5, 2016 at 8:06:17 PM UTC+2, [email protected] wrote:
> >>>
> >>> Hello!
> >>> I very interested in this commit for support proftpd logs.
> >>>
> >>> Is there're any plans on new ossec deb packages, that will include
> this
> >>> commit ?
> >>> Or better way is build ossec myself ?
> >>>
> >>> Thank you!
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
