[Lognorm] liblognorm - segfault issue - Debian Wheezy

Champ Clark III [Softwink] champ at softwink.com
Mon Mar 21 16:11:36 CET 2011 

	Sorry,  I forgot to attach the cisco-normalize.rulebase.  Here
it is.  I hope it doesnt get stripped. 
-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.
-------------- next part --------------
# Sagan cisco.rulebase
# Copyright (c) 2009-2011, Softwink, Inc.
# All rights reserved.
#
# This file is used in conjunction with liblognorm.
#
# Please submit any custom rules or ideas to sagan-submit at softwink.com or the sagan-sigs mailing list
#
#*************************************************************
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
#  following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#*************************************************************

prefix=
#
#  1w3d: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 192.168.0.1

rule=: %uptime:word% %authfail:word% Authentication failure for SNMP req from host %src-ip:ipv4%

# Access denied URL http://www.example.com/somethings.txt SRC 192.168.0.1 DEST 10.10.10.10 on interface inside

rule=: Access denied URL %url:word% SRC %src-ip:ipv4% DEST %dst-ip:ipv4% on interface %interface:word%

# Caused by WebVPN or IPSec
# AAA user authentication Successful : server =  10.10.10.10 : user = domain\bob

rule=: AAA user authentication Successful : server =  %ip-src:ipv4% : user = %username:word%
rule=: AAA user authentication Rejected : reason = %reason:word% : server = %ip-src:ipv4% : user = %username:word%

# User authentication failed: Uname: timothy

rule=: User authentication failed: Uname: %username:word% 

# Space at the end of this line! 
# %ASA-6-315011: SSH session from 192.168.0.1  on interface Outside2 for user "test" disconnected by SSH server, reason: "Internal error" (0x00)
#                SSH session from 10.20.10.200 on interface Outside2 for user "root" disconnected by SSH server, reason: "Internal error" (0x00)

rule=: SSH session from %src-ip:ipv4% on interface %interface:word% for user %username:quoted-string% disconnected by SSH server, reason: %reason:quoted-string% %code:word% 
rule=: SSH session from %src-ip:ipv4%  on interface %interface:word% for user %username:quoted-string% disconnected by SSH server, reason: %reason:quoted-string% %code:word%

rule=: Configured from console by %tty:word:% (%ip:ipv4%)
rule=: Authentication failure for %proto:word% req from host %ip:ipv4%
rule=: Attempted to connect to %servname:word% from %ip:ipv4%

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20110321/71464aec/attachment.pgp>

More information about the Lognorm mailing list