**Phase 1: Completed pre-decoding.
full event: '023 Nov 26 16:10:49 (bd-2)
192.168.110.3->/var/log/mysql/mysql.log 20231126
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON *
. * FROM \'test6\'@\'localhost\'',0'
hostname: 'alienvault'
program_name: '(null)'
log: '023 Nov 26 16:10:49 (bd-2)
192.168.110.3->/var/log/mysql/mysql.log 20231126
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON *
. * FROM \'test6\'@\'localhost\'',0'
**Phase 2: Completed decoding.
decoder: 'maria_user_audit'
**Phase 3: Completed filtering (rules).
Rule id: '196003'
Level: '7'
Description: 'Maria User edited'
**Alert to be generated.
AV - Alert - "1700993449" --> RID: "196003"; RL: "7"; RG: "mariadb,"; RC:
"Maria User edited"; USER: "None"; SRCIP: "None"; HOSTNAME: "(bd-2)
192.168.110.3->/var/log/mysql/mysql.log"; LOCATION: "(bd-2)
192.168.110.3->/var/log/mysql/mysql.log"; EVENT: "[INIT]20231126
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON *
. * FROM \'test6\'@\'localhost\'',0[END]";
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/e1f04532-76c7-4daf-8405-c3ea88a7815fn%40googlegroups.com.
