##### # # Copyright (C) 2004 G Ramon Gomez <gene at gomezbrothers dot com> # All Rights Reserved # # This file is part of the Prelude-LML program. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; see the file COPYING. If not, write to # the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. # ##### ##### # # The rules included here were developed using BIG-IP Kernel 4.5PTF-06 Build25. # Please report any inconsistencies on other versions to G Ramon Gomez at the # address provided above # ##### #LOG:Jun 10 14:03:08 12.4.18.135 bigconf.cgi: AUDIT -- Create MEMBER 10.5.253.52:0 (Parent: POOL SMDEMO) User: admin regex=AUDIT -- (\w+) (?!VIPPORT)(\w+) ([\d\.]+).+User: (\S+); \ classification.text=Load balancer $1 audit; \ id=3600; \ revision=1; \ analyzer(0).name=Big-IP; \ analyzer(0).manufacturer=F5; \ analyzer(0).class=Load Balancer; \ assessment.impact.severity=low; \ assessment.impact.type=other; \ assessment.impact.completion=succeeded; \ assessment.impact.description=Bigconf performed a $1 on $3, of object type $2.; \ source(0).user.category=os-device; \ source(0).user.user_id(0).type=current-user; \ source(0).user.user_id(0).name=$4; \ target(0).node.address(0).category=ipv4-addr; \ target(0).node.address(0).address=$3; \ last; #LOG:Jun 10 18:05:43 12.4.18.135 bigconf.cgi: AUDIT -- Delete POOL SMDEMO User: admin regex=AUDIT -- (\w+) (\w+) (\w+)\s+User: (\S+); \ classification.text=Load balancer $1 audit; \ id=3601; \ revision=1; \ analyzer(0).name=Big-IP; \ analyzer(0).manufacturer=F5; \ analyzer(0).class=Load Balancer; \ assessment.impact.severity=low; \ assessment.impact.type=other; \ assessment.impact.completion=succeeded; \ assessment.impact.description=Bigconf performed a $1 on $3, of object type $2.; \ source(0).user.category=os-device; \ source(0).user.user_id(0).type=current-user; \ source(0).user.user_id(0).name=$4; \ last; #LOG:Jun 14 07:06:05 12.34.56.78 kernel: security: UDP port denial 90.12.34.56:20031 -> 78.90.12.34:20031 #regex=security: (\S+) .*port denial ([\d\.]+):(\d+) -> ([\d\.]+):(\d+); \ # classification.text=Packet denied; \ # id=3602; \ # revision=1; \ # analyzer(0).name=Big-IP; \ # analyzer(0).manufacturer=F5; \ # analyzer(0).class=Load Balancer; \ # assessment.impact.severity=medium; \ # assessment.impact.description=A packet was dropped by the Big-IP.; \ # source(0).service.iana_protocol_name=$1; \ # source(0).node.address(0).category=ipv4-addr; \ # source(0).node.address(0).address=$2; \ # source(0).service.port=$3; \ # target(0).service.iana_protocol_name=$1; \ # target(0).node.address(0).category=ipv4-addr; \ # target(0).node.address(0).address=$4; \ # target(0).service.port=$5; \ # last