Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > b1ec5baa9373391a50c6029874bd2a23 > files > 14

prelude-lml-1.0.1-4.mga4.x86_64.rpm

#####
#
# Copyright (C) 2006 G Ramon Gomez <gene at gomezbrothers dot com>
# All Rights Reserved
#
# This file is part of the Prelude-LML program.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING.  If not, write to
# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
#
#####

#####
#
# The rules included here were developed using BIG-IP Kernel 4.5PTF-06 Build25.
# Please report any inconsistencies on other versions to G Ramon Gomez at the
# address provided above
#
#####

#LOG:AUG 14 08:31:13 smf-custlog-02 1/1 88 NETMAN-2: Generic:LINK DOWN for e3
regex=NETMAN-\d: Generic:LINK DOWN for (\S+); \
 classification.text=Interface down; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=NETMAN; \
 id=4700; \
 revision=2; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.completion=succeeded; \
 assessment.impact.type=dos; \
 assessment.impact.severity=medium; \
 assessment.impact.description=Interface $1 status changed to down; \
 target(0).interface=$1; \
 additional_data(0).type=string; \
 additional_data(0).meaning=New state; \
 additional_data(0).data=down; \
 last

#LOG:AUG 16 06:45:00 smf-custlog-02 1/1 1022 NETMAN-6: CLMcmd: wr mem,neteng@12.34.56.78
#LOG:AUG 16 00:12:35 smf-custlog-02 1/1 49169 NETMAN-6: CLMcmd: wr memory ,neteng@90.12.34.56
regex=NETMAN-\d: CLMcmd: wr (\S+)\s*,(\S+)@([\d\.]+); \
 classification.text=Configuration written to $1; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=NETMAN; \
 id=4701; \
 revision=2; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=low; \
 assessment.impact.type=admin; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Configuration was stored on $1; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$3; \
 source(0).user.category=os-device; \
 source(0).user.user_id(0).type=current-user; \
 source(0).user.user_id(0).name=$2; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Destination device; \
 additional_data(0).data=$1; \
 last

#LOG:AUG 16 07:31:45 smf-custlog-02 1/1 1065 NETMAN-6: CLMcmd: exit,neteng@12.34.56.78
regex=NETMAN-\d: CLMcmd: (.+)\s*,(\S+)@([\d\.]+); \
 classification.text=Command audit; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=NETMAN; \
 id=4702; \
 revision=2; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=low; \
 assessment.impact.completion=succeeded; \
 assessment.impact.type=admin; \
 assessment.impact.description=The command $1 was executed; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$3; \
 source(0).user.category=os-device; \
 source(0).user.category=application; \
 source(0).user.user_id(0).type=current-user; \
 source(0).user.user_id(0).name=$2; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Command; \
 additional_data(0).data=$1; \
 last

#LOG:AUG 16 00:13:46 smf-custlog-02 1/1 49172 SSHD-4: Access attempted by  from 12.34.56.78 port 1106
#LOG:AUG 16 07:31:52 smf-custlog-02 1/1 1067 SSHD-4: Access attempted by neteng from 12.34.56.78 port 1121
regex=SSHD-\d: Access attempted by (.*) from ([\d\.]+) port (\d+); \
 classification.text=User login; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=SSHD; \
 id=4703; \
 revision=3; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=medium; \
 assessment.impact.type=admin; \
 assessment.impact.completion=failed; \
 assessment.impact.description=User $1 failed login; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 source(0).service.port=$3; \
 target(0).service.port=22; \
 target(0).user.category=os-device; \
 target(0).user.user_id(0).type=target-user; \
 target(0).user.user_id(0).name=$1; \
 last

#LOG:AUG 16 07:31:57 smf-custlog-02 1/1 1069 NETMAN-6: CLM: Login neteng@12.34.56.78
regex=NETMAN-\d: CLM: Login (\S+)@([\d\.]+); \
 classification.text=User login; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=NETMAN; \
 id=4704; \
 revision=3; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=low; \
 assessment.impact.type=admin; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=This message appears when a user is authenticated successfully and a management session starts.; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).user.category=os-device; \
 target(0).user.user_id(0).type=target-user; \
 target(0).user.user_id(0).name=$1; \
 last

#LOG:AUG 18 05:44:35 smf-custlog-02 1/1 3201 IPV4-4: Duplicate IP address detected: 12.34.56.78 00-0a-b8-68-2d-8c
regex=IPV4-\d: Duplicate IP address detected: ([\d\.]+) ([a-f\d\-]+); \
 classification.text=Duplicate IP; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=IPV4; \
 id=4705; \
 revision=2; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=high; \
 assessment.impact.completion=succeeded; \
 assessment.impact.type=other; \
 assessment.impact.description=An IP currently in use by the CSS has been detected as in use by another device on the network.; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$1; \
 source(0).node.address(1).category=mac; \
 source(0).node.address(1).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

#LOG:AUG 16 06:46:56 smf-custlog-02 1/1 49124 NETMAN-2: Enterprise:Service Transition:web1-rw -> suspended
regex=NETMAN-\d: Enterprise:Service Transition:(\S+) -> (\S+); \
 classification.text=Service $2; \
 classification.reference(0).origin=vendor-specific; \
 classification.reference(0).meaning=css_subsystem; \
 classification.reference(0).name=NETMAN; \
 id=4706; \
 revision=2; \
 analyzer(0).name=CSS; \
 analyzer(0).manufacturer=Cisco; \
 analyzer(0).class=Load Balancer; \
 assessment.impact.severity=medium; \
 assessment.impact.type=dos; \
 assessment.impact.description=Service $1 is $2; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Service name; \
 additional_data(0).data=$1; \
 last

#TODO: More rules (lots of stuff left in my logs to go through)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional