Hello all,
I have two different kind of logs: one from a firewall and one from a ssh
hosts.
I'd like to write a rule that :
firstly match when I recognize a ssh flow into the firewall logs, secondly
when a user enter failed password, finaly when he succeed to login and all
for the same IP address for the ssh host.
"Pair" works for 2 elements, what about 3 or more ? Have I to use context ?
Thanks
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
