[Bug 220] New: vpopmail decoder and rules not work propertly
ossec-b...@dipsy.under-linux.org
Summary: vpopmail decoder and rules not work propertly
Product: OSSEC
Version: 2.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ossec core
AssignedTo: osse...@ossec.net
ReportedBy: al...@westside.kielce.pl
I added some examples of vpopmail records on wiki
http://www.ossec.net/wiki/index.php/Vpopmail (Section 3).
Original vpopmail decoder ties to decode only pop3, there is more protocols and
the syntax is a little different.
I made some changes in decoder.xml and in vpopmail_rule and now it works form
me. :)
8<--
Top entries for 'Rule':
------------------------------------------------
9904 - Vpopmail successful login. |17 |
9901 - Login failed accessing the pop3 server. |8 |
9902 - Attempt to login to vpopmail with inv.. |1 |
9903 - Attempt to login to vpopmail with emp.. |1 |
8<--EOT
I attach my patch.
--
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
ossec-b...@dipsy.under-linux.org
------- Comment #1 from al...@westside.kielce.pl 2009-07-13 09:37 -------
Created an attachment (id=68)
--> (http://www.ossec.net/bugs/attachment.cgi?id=68&action=view)
My patch for correct interpreting vpopmail incidents.
ossec-b...@dipsy.under-linux.org
------- Comment #3 from al...@westside.kielce.pl 2009-07-24 06:20 -------
(In reply to comment #2)
> Fixed on the latest snapshot.
> http://ossec.net/files/snapshots/ossec-hids-090723.tar.gz
>
> Can you try it out to make sure everything is fine?
>
> thanks,
>
> fv22
>
I installed this version, it looks correct. I need some time to check all
cases. ;-)
BTW, in this snapshot bug 219 probably is corrected.