/rules/50_sonicwall_rules.xml
XML | 92 lines | 63 code | 14 blank | 15 comment | 0 complexity | 377b89a9722f6f7a3925cc3adee24e13 MD5 | raw file
1<!-- @(#) $Id: sonicwall_rules.xml,v 1.4 2010/03/04 20:12:33 dcid Exp $ 2 - Official SonicWall rules for OSSEC. 3 - 4 - Copyright (C) 2009 Trend Micro Inc. 5 - All rights reserved. 6 - 7 - This program is a free software; you can redistribute it 8 - and/or modify it under the terms of the GNU General Public 9 - License (version 2) as published by the FSF - Free Software 10 - Foundation. 11 - 12 - License details: http://www.ossec.net/en/licensing.html 13 --> 14 15 16<!-- SonicWall Log messages --> 17<group name="syslog,sonicwall,"> 18 <rule id="4800" level="0"> 19 <decoded_as>sonicwall</decoded_as> 20 <description>SonicWall messages grouped.</description> 21 </rule> 22 23 <rule id="4801" level="8"> 24 <if_sid>4800</if_sid> 25 <status>^1</status> 26 <description>SonicWall critical message.</description> 27 </rule> 28 29 <rule id="4802" level="8"> 30 <if_sid>4800</if_sid> 31 <status>^2</status> 32 <description>SonicWall critical message.</description> 33 </rule> 34 35 <rule id="4803" level="4"> 36 <if_sid>4800</if_sid> 37 <status>^3</status> 38 <description>SonicWall error message.</description> 39 </rule> 40 41 <rule id="4804" level="3"> 42 <if_sid>4800</if_sid> 43 <status>^4</status> 44 <description>SonicWall warning message.</description> 45 </rule> 46 47 <rule id="4805" level="0"> 48 <if_sid>4800</if_sid> 49 <status>^5</status> 50 <description>SonicWall notice message.</description> 51 </rule> 52 53 <rule id="4806" level="0"> 54 <if_sid>4800</if_sid> 55 <status>^6</status> 56 <description>SonicWall informational message.</description> 57 </rule> 58 59 <rule id="4807" level="0"> 60 <if_sid>4800</if_sid> 61 <status>^7</status> 62 <description>SonicWall debug message.</description> 63 </rule> 64 65 <rule id="4810" level="3"> 66 <if_sid>4806</if_sid> 67 <id>^236$</id> 68 <description>Firewall administrator login.</description> 69 <group>authentication_success,</group> 70 </rule> 71 72 <rule id="4811" level="9"> 73 <if_sid>4801</if_sid> 74 <id>^30$|^32$</id> 75 <description>Firewall authentication failure.</description> 76 <group>authentication_failed,</group> 77 </rule> 78 79 <rule id="4850" level="10" frequency="6" timeframe="120" ignore="60"> 80 <if_matched_sid>4804</if_matched_sid> 81 <description>Multiple firewall warning messages.</description> 82 <group>service_availability,</group> 83 </rule> 84 85 <rule id="4851" level="10" frequency="6" timeframe="120" ignore="60"> 86 <if_matched_sid>4803</if_matched_sid> 87 <description>Multiple firewall error messages.</description> 88 <group>service_availability,</group> 89 </rule> 90</group> <!-- SonicWall --> 91 92<!-- EOF -->