Sophie: prelude-lml-1.0.1-4.mga4 x86

prelude-lml-1.0.1-4.mga4.x86_64.rpm

#####
#
# Copyright (C) 2012 <operador@sesabe.mooo.com>
# All Rights Reserved
#
# This file is part of the Prelude-LML program.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING.  If not, write to
# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
#
#####


#####
#
# Rules to monitor the SSLVPN of Juniper
# 
#####

#Mar 30 15:11:50 xx.xx.xx.xx Juniper: 2012-03-30 15:11:50 - Namexxx - [200.49.92.226] Root::System(xx)[] - Login failed.  Reason: Failed
regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\((\S+) (\S+)\)\[\] - Login failed.  Reason: Failed; \
 classification.text=SSLVPN - Login failed.; \
 id=50001; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=medium; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Login failed. Reason: Failed; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

#Mar 30 14:36:29 xx.xx.xx.xx Juniper: 2012-03-30 14:36:29 - Namexxx - [190.132.169.34] Root::user(xx)[] - Login failed.  Reason: NoRoles
regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\((\S+) (\S+)\)\[\] - Login failed.  Reason: NoRoles; \
 classification.text=SSLVPN - Login failed.; \
 id=50002; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=medium; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=Login failed. Reason: NoRoles; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

#Apr 10 12:23:33 xx.xx.xx.xx Juniper: 2012-04-10 12:23:33 - Namexxx - [127.0.0.1] Root::System()[] - The current virus signature list imported successfully
regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - The current virus signature list imported successfully; \
 classification.text=SSLVPN - Virus Signature Update; \
 id=50003; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=info; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=SSLVPN - The current virus signature list download and imported successfully.; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - The current patch management data imported successfully; \
 classification.text=SSLVPN - Patch Management Update; \
 id=50004; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=info; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=SSLVPN - The current patch management data download and imported successfully.; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - Unable to download current patch management; \
 classification.text=SSLVPN - Patch Management Update Failed; \
 id=50005; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=high; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=SSLVPN - Patch Management download Failed.; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - Unable to download current virus signature; \
 classification.text=SSLVPN - Virus Signature Update Failed; \
 id=50006; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=high; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=SSLVPN - Virus Signature download Failed.; \
 additional_data(0).type=string; \
 additional_data(0).meaning=User Name; \
 additional_data(0).data=$3; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$2; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$1; \
 last

regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - Node '(\S+)' deactivated in cluster; \
 classification.text=Failover: deactivated in cluster; \
 id=50007; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=high; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=deactivated in cluster; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$1; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$2; \
 last

regex=Juniper:+.+ - (\S+) - \[([\d\.]+)\] Root::(\S+)\(\)\[\] - Node '(\S+)' activated in cluster; \
 classification.text=Failover: activated in cluster; \
 id=50008; \
 revision=1; \
 analyzer(0).name=Juniper SA; \
 analyzer(0).manufacturer=www.juniper.net; \
 analyzer(0).class=SSLVPN; \
 assessment.impact.severity=high; \
 assessment.impact.type=file; \
 assessment.impact.completion=succeeded; \
 assessment.impact.description=activated in cluster; \
 source(0).node.address(0).category=ipv4-addr; \
 source(0).node.address(0).address=$1; \
 target(0).node.address(0).category=ipv4-addr; \
 target(0).node.address(0).address=$2; \
 last