Creating Authentication Failure Alerts for Sophos Firewall
41 views
Skip to first unread message
Satiswaran Selva Sakeram
Nov 18, 2025, 8:35:39 PM (4 days ago) Nov 18
to Wazuh | Mailing List
Hi Team,Â
I'm currently trying to create an alert for my sophos firewall to detect authentication login, i've tested with logtest and its successful but the alert doesn't show up on the portal when i do a simulation login failure
Here is the result from logtest
[root@localhost ~]# sudo /var/ossec/bin/wazuh-logtest
Starting wazuh-logtest v4.12.0
Type one log per line
messageid="17507" log_type="Event" log_component="GUI" log_subtype="Admin" status="Failed" user="admin" src_ip="103.51.160.10" message="admin couldn't sign in to web admin console. wrong credentials"
** Wazuh-Logtest: WARNING: (7612): Rule ID '82100' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82101' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82102' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82103' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82104' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82105' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64270' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64271' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64272' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64273' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64274' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64275' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87700' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87701' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87702' is duplicated. Only the first occurrence will be considered.
**Phase 1: Completed pre-decoding.
    full event: 'messageid="17507" log_type="Event" log_component="GUI" log_subtype="Admin" status="Failed" user="admin" src_ip="103.51.160.10" message="admin couldn't sign in to web admin console. wrong credentials"'
**Phase 2: Completed decoding.
    name: 'sophos-admin'
**Phase 3: Completed filtering (rules).
    id: '70040'
    level: '8'
    description: 'Sophos Admin Login Failed: user  from '
    groups: '['local', 'syslog', 'sshd', 'sophos', 'sophos', 'authentication_failed']'
    firedtimes: '1'
    mail: 'True'
**Alert to be generated.
Here is the decoder
<decoder name="sophos-admin">
 <prematch>messageid="17507"</prematch>
 <regex>user="([^"]+)" src_ip="([^"]+)"</regex>
 <order>user,src_ip</order>
</decoder>
Here is the local rules
<!-- Local rules -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!-- Example -->
<group name="local,syslog,sshd,sophos,">
 <!--
 Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port 1066 ssh2
 -->
 <rule id="100001" level="5">
  <if_sid>5716</if_sid>
  <srcip>1.1.1.1</srcip>
  <description>sshd: authentication failed from IP 1.1.1.1.</description>
  <group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
 </rule>
 <rule id="70040" level="8">
  <decoded_as>sophos-admin</decoded_as>
  <match>status="Failed"</match>
  <description>Sophos Admin Login Failed: user $(user) from $(src_ip)</description>
  <group>sophos,authentication_failed,</group>
 </rule>
</group>
need your assistance to check why there is no alert on the wazuh portal
Thanks,
Satis
[root@localhost ~]# sudo /var/ossec/bin/wazuh-logtest
Starting wazuh-logtest v4.12.0
Type one log per line
messageid="17507" log_type="Event" log_component="GUI" log_subtype="Admin" status="Failed" user="admin" src_ip="103.51.160.10" message="admin couldn't sign in to web admin console. wrong credentials"
** Wazuh-Logtest: WARNING: (7612): Rule ID '82100' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82101' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82102' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82103' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82104' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '82105' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64270' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64271' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64272' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64273' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64274' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '64275' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87700' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87701' is duplicated. Only the first occurrence will be considered.
** Wazuh-Logtest: WARNING: (7612): Rule ID '87702' is duplicated. Only the first occurrence will be considered.
**Phase 1: Completed pre-decoding.
    full event: 'messageid="17507" log_type="Event" log_component="GUI" log_subtype="Admin" status="Failed" user="admin" src_ip="103.51.160.10" message="admin couldn't sign in to web admin console. wrong credentials"'
**Phase 2: Completed decoding.
    name: 'sophos-admin'
**Phase 3: Completed filtering (rules).
    id: '70040'
    level: '8'
    description: 'Sophos Admin Login Failed: user  from '
    groups: '['local', 'syslog', 'sshd', 'sophos', 'sophos', 'authentication_failed']'
    firedtimes: '1'
    mail: 'True'
**Alert to be generated.
Here is the decoder
<decoder name="sophos-admin">
 <prematch>messageid="17507"</prematch>
 <regex>user="([^"]+)" src_ip="([^"]+)"</regex>
 <order>user,src_ip</order>
</decoder>
Here is the local rules
<!-- Local rules -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!-- Example -->
<group name="local,syslog,sshd,sophos,">
 <!--
 Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port 1066 ssh2
 -->
 <rule id="100001" level="5">
  <if_sid>5716</if_sid>
  <srcip>1.1.1.1</srcip>
  <description>sshd: authentication failed from IP 1.1.1.1.</description>
  <group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
 </rule>
 <rule id="70040" level="8">
  <decoded_as>sophos-admin</decoded_as>
  <match>status="Failed"</match>
  <description>Sophos Admin Login Failed: user $(user) from $(src_ip)</description>
  <group>sophos,authentication_failed,</group>
 </rule>
</group>
need your assistance to check why there is no alert on the wazuh portal
Thanks,
Satis
Satiswaran Selva Sakeram
Nov 19, 2025, 9:30:55 AM (4 days ago) Nov 19
to Wazuh | Mailing List
Hi Team,Â
Just checking for an update
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/mpuNqsBQ1gI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/9fdead9e-4caf-4c62-9575-bf4f8f2f1783n%40googlegroups.com.
Javier Rosas
Nov 19, 2025, 6:03:50 PM (3 days ago) Nov 19
to Wazuh | Mailing List
Hi Satiswaran
Since the rule and decoder work correctly in wazuh-logtest, the next step is to confirm whether the Wazuh Manager is actually receiving the real log from the Sophos firewall.
wazuh-logtest only validates the rule logic, but it does not confirm that the event is arriving to the manager, so an alert will not appear in the portal unless the log is really being ingested.
Please check the following log files on the manager
/var/ossec/logs/archives/archives.log
/var/ossec/logs/ossec.log
If the event is not present there, it means the Sophos firewall is not sending the log to Wazuh, or it is sending it in a different format than the one used in your logtest sample. Once the manager is receiving the event, the rule 70040 will fire correctly and the alert will show up in the Wazuh dashboard.
Satiswaran Selva Sakeram
Nov 19, 2025, 10:02:08 PM (3 days ago) Nov 19
to Wazuh | Mailing List
Hi Javier,
Made some changes to the decoders and rules
Local decoder
<!-- Local Decoders -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!--
- Allowed static fields:
- location - where the log came from (only on FTS)
- srcuser - extracts the source username
- dstuser - extracts the destination (target) username
- user - an alias to dstuser (only one of the two can be used)
- srcip - source ip
- dstip - dst ip
- srcport - source port
- dstport - destination port
- protocol - protocol
- id - event id
- url - url of the event
- action - event action (deny, drop, accept, etc)
- status - event status (success, failure, etc)
- extra_data - Any extra data
-->
<decoder name="local_decoder_example">
<program_name>local_decoder_example</program_name>
</decoder>
<!-- UNIVERSAL SOPHOS LOGIN FAILURE DECODER -->
<decoder name="sophos-login-fail-1">
<prematch>status="Failed"</prematch>
</decoder>
<decoder name="sophos-login-fail-2">
<parent>sophos-login-fail-1</parent>
<regex>user_name="([^"]+)"</regex>
<order>user</order>
</decoder>
<decoder name="sophos-login-fail-3">
<parent>sophos-login-fail-1</parent>
<regex>user="([^"]+)"</regex>
<order>user</order>
</decoder>
<decoder name="sophos-login-fail-4">
<parent>sophos-login-fail-1</parent>
<regex>src_ip="?([0-9\.]+)"?</regex>
<order>src_ip</order>
</decoder>
Local rules
<!-- Local rules -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!-- Example -->
<group name="local,syslog,sshd,sophos,">
<!--
Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port
1066 ssh2
-->
<rule id="100001" level="5">
<if_sid>5716</if_sid>
<srcip>1.1.1.1</srcip>
<description>sshd: authentication failed from IP 1.1.1.1.</description>
<group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
</rule>
<rule id="70050" level="7">
<decoded_as>sophos-login-fail-1</decoded_as>
<match>status="Failed"</match>
<description>Sophos Login Failure Detected</description>
<group>sophos,login_failed,authentication_failed,</group>
</rule>
</group>
When i run this command sudo grep 'log_component="VPN Portal
Authentication"' /var/ossec/logs/archives/archives.log, i get the following
result
2025 Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:07 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:11 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:13 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
and when i run
[root@localhost ~]# sudo grep 'sophos' /var/ossec/logs/ossec.log
2025/11/20 01:01:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'AGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:01:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:10:33 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'e=\"Allowed\" status=\"Allow\" priority=Notice
duration=0 fw_rule_id=2 fw_rule_name=\"Internet Access Rule\"
fw_rule_section=\"Local rule\" nat_rule_id=3 nat_rule_name=\"Internet
Access Rule\" policy_type=1 sdwan_profile_id_request=0
sdwan_profile_name_request=\"\" sdwan_profile_id_reply=0
sdwan_profile_name_reply=\"\" gw_id_request=0 gw_name_request=\"\"
gw_id_reply=0 gw_name_reply=\"\" sdwan_route_id_request=0
sdwan_route_name_request=\"\" sdwan_route_id_reply=0
sdwan_route_name_reply=\"\" user_name=\"\" user_gp=\"\" iap=12
ips_policy_id=0 appfilter_policy_id=5 application=\"DNS\"
application_risk=1 application_technology=\"Network Protocol\"
application_category=\"Infrastructure\" vlan_id=\"\" ether_type=IPv4
(0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port11\"
in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"28121635\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"03:19:08","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"28121635","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:14:19 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 05:10:01 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'rc_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 06:01:13 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 08:02:01 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:24:47 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'p= tran_src_port=0 tran_dst_ip= tran_dst_port=0
srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"\" dstzone=\"\"
dir_disp=\"\" connevent=\"Interim\" connid=\"4212340789\" vconnid=\"\"
hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:33:23","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"4212340789","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"51.10.21.150","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:24:51 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ame":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.16.102.23","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:27:53 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'1","src_ip":"10.10.10.17","src_mac":"e6:4a:30:31:db:3d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:48 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'vel":3,"description":"Traffic Allowed: from
10.0.1.216 to
57.144.152.192","id":"70022","firedtimes":56,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763602907.10126073","full_log":"device=\"SFW\"
date=2025-11-20 time=09:50:24 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"QUIC\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2357345286\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:24","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"2357345286","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:50 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2357345286\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:26","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"2357345286","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:52 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
':"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"34.96.106.127","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:54 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'":"USA","dst_ip":"151.101.3.6","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.126","src_mac":"1a:96:ff:da:1b:dc","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'_name":"XGS136","dst_country_code":"SGP","dst_ip":"47.246.174.103","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:58 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': ':"ICMP ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:00 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'ication_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=1a:96:ff:da:1b:dc dst_mac=
src_ip=10.0.1.126 src_country_code=R1 dst_ip=52.102.104.142
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3970798702\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:36","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"3970798702","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"52.102.104.142","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.126","src_mac":"1a:96:ff:da:1b:dc","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:04 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'sdwan_route_id_reply=0
sdwan_route_name_reply=\"\" user_name=\"\" user_gp=\"\" iap=12
ips_policy_id=0 appfilter_policy_id=5 application=\"\" application_risk=0
application_technology=\"\" application_category=\"\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.30 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"884001082\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:40","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"884001082","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.30","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:06 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'g_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:42","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"884001082","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"51.10.10.118","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:22 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'rc_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:40 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.30","src_mac":"9e:26:9c:95:82:1f","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:42 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.16.102.23","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:44 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'st->/var/ossec/logs/archives/archives.log 2025
Nov 20 09:43:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 09:43:09 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:53 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:09 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:53 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:27 localhost->103.250.57.10 device=\"SFW\" date=2025-11-20
time=09:50:04 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"069010517719\" log_type=\"Event\"
log_component=\"VPN Portal Authentication\" log_subtype=\"Authentication\"
status=\"Failed\" priority=Notice user_name=\"noctest\" usergroupname=\"\"
auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"wrong credentials\"
src_ip=103.51.160.10 message=\"User noctest failed to login to VPN portal
through Local authentication mechanism because of wrong credentials\"
name=\"\" src_mac=","predecoder":{"timestamp":"2025 Nov 20
09:43:41"},"decoder":{"name":"sophos-login-fail-1"},"location":"/var/ossec/logs/archives/archives.log"}'
2025/11/20 09:43:53 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'terface":"Port2","ips_policy_id":"0","log_component":"ICMP ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:53:23 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'im","connid":"3592130013","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:53:43 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'n_src_port=0 tran_dst_ip= tran_dst_port=0
srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"\" dstzone=\"\"
dir_disp=\"\" connevent=\"Interim\" connid=\"3198104808\" vconnid=\"\"
hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:18","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3198104808","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:54:17 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ps":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763603655.12642646","full_log":"device=\"SFW\"
date=2025-11-20 time=10:02:52 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=216.239.50.55 src_country_code=GBR dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3080187890\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:52","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3080187890","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"216.239.50.55","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:56:37 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"HKG","src_ip":"45.113.192.3","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:56:39 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '5:14 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.29 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"1886606104\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:05:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"1886606104","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.29","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:58:06 wazuh-logcollector: INFO: (1950): Analyzing file:
'/var/ossec/logs/test_sophos.log'.
2025/11/20 09:58:11 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:58:14 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"172.253.69.217","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:24 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\"
log_type=\"Firewalle":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568908.105204","full_log":"Nov
20 00:15:07 bluzen sshd[282375]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:07","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:25 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
usame":"localhost.localdomain"},"id":"1763568908.105204","full_log":"Nov 20
00:15:07 bluzen sshd[282375]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:07","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" applica: Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":144,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.105632","full_log":"Nov
20 00:15:12 localhost sshd[23600]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:12","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:27 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP
protoc"AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.105632","full_log":"Nov
20 00:15:12 localhost sshd[23600]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:12","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"418523265\" vconnid=\"\" hb_health=\"No Heartbeat\"
message=\"d"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.106060","full_log":"Nov
20 00:15:48 localhost sshd[9835]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:48","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:29 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"418523265\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:24:07","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"418523265","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","pricalhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:27:31.694+0800","rule":{"level":5,"description":"syslog:
Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":290,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":15+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":48,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763569643.253366","full_log":"device=\"SFW\"
date=2025-11-20 time=00:35:59 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"161248591\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:35:59","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"161248591","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:47 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:33:21.999+0800","rule":{"level":5,"description":"syslog:
Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":415,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"176357,"appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"1902158440","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:48 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:32:55.011+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.100","id":"70022","firedtimes":58,"mail":false,"groups":["soph"srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:51 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:35.445+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":74,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763570555.474198","full_log":"device=\"SFW\"
date=2025-11-20 time=00:51:11 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"613497368\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:51:11","timezone":"+08","appfilter_p"CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763570550.473344","full_log":"Nov
20 00:42:29 bluzen sshd[282570]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:42:29","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:52 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:35.445+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":74,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763570555.474198","full_log":"device=\"SFW\"
date=2025-11-20 time=00:51:11 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"613497368\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:51:11","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"613497368","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.106.83)","predecoder":{"program_name":"sshd","timestamp":"Nov
20
00:42:29","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:07:40","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"1509743704","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.30","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:12 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:06.983+0800","rule":{"level":3,"description":"Successful
sudo to ROOT
executed.","id":"5402","mitre":{"id":["T1548.003"],"tactic":["Privilege
Escalation","Defense Evasion"],"technique":["Sudo and Sudo
Caching"]},"fir,"application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"692297445","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:13 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:14:16.198+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":14,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568856.94329","full_log":"device=\"SFW\"
date=2025-11-20 time=00:22:52 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice
duration=051.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:44.568+0800","rule":{"level":5,"description":"syslog:
Coce_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:40 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '800","rule":{"level":3,"description":"Traffic
Allowed: from 121.59.124.65 to
103.250.57.10","id":"70022","firedtimes":35,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763607157.21482787","full_log":"device=\"SFW\"
date=2025-11-20 time=11:01:14 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=121.59.124.65 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2062740583\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:01:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"2062740583","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:55:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'e=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.250.57.9 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3241980137\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:04:04","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3241980137","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.250.57.9","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:56:32 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'97","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:57:10 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'cy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"142.251.230.215","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:57:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'col":"ICMP","device":"SFW","date":"2025-11-20","time":"11:06:02","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"3827601468","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"172.217.194.101","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:58:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:07:32","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"550554037","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"17.253.150.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:58:58 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'ion=\"\" application_risk=0
application_technology=\"\" application_category=\"\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.29 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"4227013026\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:07:34","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"4227013026","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.29","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 11:00:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
't":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763607629.23437064","full_log":"device=\"SFW\"
date=2025-11-20 time=11:09:06 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=74.125.37.235 src_country_code=USA dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2957595456\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:09:06","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"2957595456","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"74.125.37.235","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
[root@localhost ~]#
>>> <https://groups.google.com/d/msgid/wazuh/9fdead9e-4caf-4c62-9575-bf4f8f2f1783n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
Made some changes to the decoders and rules
Local decoder
<!-- Local Decoders -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!--
- location - where the log came from (only on FTS)
- srcuser - extracts the source username
- dstuser - extracts the destination (target) username
- user - an alias to dstuser (only one of the two can be used)
- srcip - source ip
- dstip - dst ip
- srcport - source port
- dstport - destination port
- protocol - protocol
- id - event id
- url - url of the event
- action - event action (deny, drop, accept, etc)
- status - event status (success, failure, etc)
- extra_data - Any extra data
-->
<decoder name="local_decoder_example">
<program_name>local_decoder_example</program_name>
</decoder>
<!-- UNIVERSAL SOPHOS LOGIN FAILURE DECODER -->
<decoder name="sophos-login-fail-1">
<prematch>status="Failed"</prematch>
</decoder>
<decoder name="sophos-login-fail-2">
<parent>sophos-login-fail-1</parent>
<regex>user_name="([^"]+)"</regex>
<order>user</order>
</decoder>
<decoder name="sophos-login-fail-3">
<parent>sophos-login-fail-1</parent>
<regex>user="([^"]+)"</regex>
<order>user</order>
</decoder>
<decoder name="sophos-login-fail-4">
<parent>sophos-login-fail-1</parent>
<regex>src_ip="?([0-9\.]+)"?</regex>
<order>src_ip</order>
</decoder>
Local rules
<!-- Local rules -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015, Wazuh Inc. -->
<!-- Example -->
<group name="local,syslog,sshd,sophos,">
<!--
Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port
1066 ssh2
-->
<rule id="100001" level="5">
<if_sid>5716</if_sid>
<srcip>1.1.1.1</srcip>
<description>sshd: authentication failed from IP 1.1.1.1.</description>
<group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
</rule>
<decoded_as>sophos-login-fail-1</decoded_as>
<match>status="Failed"</match>
<description>Sophos Login Failure Detected</description>
<group>sophos,login_failed,authentication_failed,</group>
</rule>
</group>
When i run this command sudo grep 'log_component="VPN Portal
Authentication"' /var/ossec/logs/archives/archives.log, i get the following
result
2025 Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:07 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:10 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:11 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:54:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:26 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:24 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:22 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:20 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:18 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:16 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:14 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:12 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:04 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:02 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:53:00 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:58 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:56 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:54 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:52 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:50 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:13 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:10 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:52:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:44 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:43 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:20 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc5" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc5 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
2025 Nov 20 10:55:14 localhost->/var/ossec/logs/archives/archives.log 2025
Nov 20 10:55:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 10:55:08 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:55:06 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:40 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:38 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
10:52:36 localhost->103.250.57.10 device="SFW" date=2025-11-20
time=11:01:13 timezone="+08" device_name="XGS136" device_id=X13300GHM96WCE0
log_id="069010517719" log_type="Event" log_component="VPN Portal
Authentication" log_subtype="Authentication" status="Failed"
priority=Notice user_name="testnoc4" usergroupname="" auth_client="N/A"
auth_mechanism="Local" reason="wrong credentials" src_ip=103.51.160.10
message="User testnoc4 failed to login to VPN portal through Local
authentication mechanism because of wrong credentials" name="" src_mac=
and when i run
[root@localhost ~]# sudo grep 'sophos' /var/ossec/logs/ossec.log
2025/11/20 01:01:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'AGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:01:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:10:33 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'e=\"Allowed\" status=\"Allow\" priority=Notice
duration=0 fw_rule_id=2 fw_rule_name=\"Internet Access Rule\"
fw_rule_section=\"Local rule\" nat_rule_id=3 nat_rule_name=\"Internet
Access Rule\" policy_type=1 sdwan_profile_id_request=0
sdwan_profile_name_request=\"\" sdwan_profile_id_reply=0
sdwan_profile_name_reply=\"\" gw_id_request=0 gw_name_request=\"\"
gw_id_reply=0 gw_name_reply=\"\" sdwan_route_id_request=0
sdwan_route_name_request=\"\" sdwan_route_id_reply=0
sdwan_route_name_reply=\"\" user_name=\"\" user_gp=\"\" iap=12
ips_policy_id=0 appfilter_policy_id=5 application=\"DNS\"
application_risk=1 application_technology=\"Network Protocol\"
application_category=\"Infrastructure\" vlan_id=\"\" ether_type=IPv4
(0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"Port11\"
in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"28121635\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"03:19:08","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"28121635","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 03:14:19 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 05:10:01 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'rc_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 06:01:13 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 08:02:01 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:24:47 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'p= tran_src_port=0 tran_dst_ip= tran_dst_port=0
srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"\" dstzone=\"\"
dir_disp=\"\" connevent=\"Interim\" connid=\"4212340789\" vconnid=\"\"
hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:33:23","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"4212340789","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"51.10.21.150","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:24:51 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ame":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.16.102.23","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:27:53 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'1","src_ip":"10.10.10.17","src_mac":"e6:4a:30:31:db:3d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:48 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'vel":3,"description":"Traffic Allowed: from
10.0.1.216 to
57.144.152.192","id":"70022","firedtimes":56,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763602907.10126073","full_log":"device=\"SFW\"
date=2025-11-20 time=09:50:24 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"QUIC\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2357345286\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:24","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"2357345286","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:50 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2357345286\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:26","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"2357345286","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:52 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
':"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"34.96.106.127","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:54 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'":"USA","dst_ip":"151.101.3.6","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.126","src_mac":"1a:96:ff:da:1b:dc","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'_name":"XGS136","dst_country_code":"SGP","dst_ip":"47.246.174.103","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:41:58 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': ':"ICMP ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:00 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'ication_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=1a:96:ff:da:1b:dc dst_mac=
src_ip=10.0.1.126 src_country_code=R1 dst_ip=52.102.104.142
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3970798702\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:36","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"3970798702","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"52.102.104.142","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.126","src_mac":"1a:96:ff:da:1b:dc","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:04 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'sdwan_route_id_reply=0
sdwan_route_name_reply=\"\" user_name=\"\" user_gp=\"\" iap=12
ips_policy_id=0 appfilter_policy_id=5 application=\"\" application_risk=0
application_technology=\"\" application_category=\"\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.30 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"884001082\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:40","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"884001082","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.30","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:42:06 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'g_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:42","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"884001082","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"51.10.10.118","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:22 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'rc_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:40 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.30","src_mac":"9e:26:9c:95:82:1f","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:42 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.16.102.23","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:43:44 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'st->/var/ossec/logs/archives/archives.log 2025
Nov 20 09:43:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov
20 09:43:09 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:43:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:53 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:47 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:43 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:37 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:33 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:31 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:29 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:27 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:25 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:23 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:21 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:19 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:17 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:15 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:13 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:11 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:09 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:07 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:05 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:03 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:42:01 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:59 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:57 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:55 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:53 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:51 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:49 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:48 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:46 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:45 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:42 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:41 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:39 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:36 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:35 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:34 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:32 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:30 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:28 localhost->/var/ossec/logs/archives/archives.log 2025 Nov 20
09:41:27 localhost->103.250.57.10 device=\"SFW\" date=2025-11-20
time=09:50:04 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"069010517719\" log_type=\"Event\"
log_component=\"VPN Portal Authentication\" log_subtype=\"Authentication\"
status=\"Failed\" priority=Notice user_name=\"noctest\" usergroupname=\"\"
auth_client=\"N/A\" auth_mechanism=\"Local\" reason=\"wrong credentials\"
src_ip=103.51.160.10 message=\"User noctest failed to login to VPN portal
through Local authentication mechanism because of wrong credentials\"
name=\"\" src_mac=","predecoder":{"timestamp":"2025 Nov 20
09:43:41"},"decoder":{"name":"sophos-login-fail-1"},"location":"/var/ossec/logs/archives/archives.log"}'
2025/11/20 09:43:53 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'terface":"Port2","ips_policy_id":"0","log_component":"ICMP ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:53:23 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'im","connid":"3592130013","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:53:43 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'n_src_port=0 tran_dst_ip= tran_dst_port=0
srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"\" dstzone=\"\"
dir_disp=\"\" connevent=\"Interim\" connid=\"3198104808\" vconnid=\"\"
hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:18","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3198104808","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:54:17 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ps":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763603655.12642646","full_log":"device=\"SFW\"
date=2025-11-20 time=10:02:52 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=216.239.50.55 src_country_code=GBR dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3080187890\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:52","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3080187890","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"GBR","src_ip":"216.239.50.55","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:56:37 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"HKG","src_ip":"45.113.192.3","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:56:39 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '5:14 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.29 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"1886606104\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:05:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"1886606104","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.29","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:58:06 wazuh-logcollector: INFO: (1950): Analyzing file:
'/var/ossec/logs/test_sophos.log'.
2025/11/20 09:58:11 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:58:14 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"172.253.69.217","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:24 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\"
log_type=\"Firewalle":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568908.105204","full_log":"Nov
20 00:15:07 bluzen sshd[282375]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:07","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:25 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
usame":"localhost.localdomain"},"id":"1763568908.105204","full_log":"Nov 20
00:15:07 bluzen sshd[282375]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:07","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" applica: Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":144,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.105632","full_log":"Nov
20 00:15:12 localhost sshd[23600]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:12","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:27 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP
protoc"AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.105632","full_log":"Nov
20 00:15:12 localhost sshd[23600]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:12","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"418523265\" vconnid=\"\" hb_health=\"No Heartbeat\"
message=\"d"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763568912.106060","full_log":"Nov
20 00:15:48 localhost sshd[9835]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:15:48","hostname":"localhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:29 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:30.956+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":16,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568930.106915","full_log":"device=\"SFW\"
date=2025-11-20 time=00:24:07 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:ac:e2 dst_mac=
src_ip=10.0.1.196 src_country_code=R1 dst_ip=103.51.160.100
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"418523265\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:24:07","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"418523265","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","pricalhost"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/secure"}'
2025/11/20 09:59:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:27:31.694+0800","rule":{"level":5,"description":"syslog:
Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":290,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":15+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":48,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763569643.253366","full_log":"device=\"SFW\"
date=2025-11-20 time=00:35:59 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"161248591\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:35:59","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"161248591","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:47 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:33:21.999+0800","rule":{"level":5,"description":"syslog:
Connection blocked by Tcp
Wrappers.","id":"2503","mitre":{"id":["T1095"],"tactic":["Command and
Control"],"technique":["Non-Application Layer
Protocol"]},"firedtimes":415,"mail":true,"groups":["syslog","access_control","access_denied"],"pci_dss":["10.2.4"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"176357,"appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"1902158440","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:48 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:32:55.011+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.100","id":"70022","firedtimes":58,"mail":false,"groups":["soph"srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 09:59:51 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:35.445+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":74,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763570555.474198","full_log":"device=\"SFW\"
date=2025-11-20 time=00:51:11 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"613497368\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:51:11","timezone":"+08","appfilter_p"CC6.8","CC7.2","CC7.3"]},"agent":{"id":"004","name":"VMVoiceTeam","ip":"172.23.23.103","labels":{"group":"VoiceTeam"}},"manager":{"name":"localhost.localdomain"},"id":"1763570550.473344","full_log":"Nov
20 00:42:29 bluzen sshd[282570]: refused connect from 103.99.206.83
(103.99.206.83)","predecoder":{"program_name":"sshd","timestamp":"Nov 20
00:42:29","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:52 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:35.445+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.187 to
103.51.160.197","id":"70022","firedtimes":74,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763570555.474198","full_log":"device=\"SFW\"
date=2025-11-20 time=00:51:11 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5
application=\"DNS\" application_risk=1 application_technology=\"Network
Protocol\" application_category=\"Infrastructure\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
out_display_interface=\"\" src_mac=20:db:ea:6e:b0:d2 dst_mac=
src_ip=10.0.1.187 src_country_code=R1 dst_ip=103.51.160.197
dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"613497368\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"00:51:11","timezone":"+08","appfilter_policy_id":"5","application":"DNS","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"613497368","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.106.83)","predecoder":{"program_name":"sshd","timestamp":"Nov
20
00:42:29","hostname":"bluzen"},"decoder":{"parent":"sshd","name":"sshd"},"location":"/var/log/messages"}'
2025/11/20 09:59:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'ags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:07:40","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"1509743704","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.30","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:12 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:15:06.983+0800","rule":{"level":3,"description":"Successful
sudo to ROOT
executed.","id":"5402","mitre":{"id":["T1548.003"],"tactic":["Privilege
Escalation","Defense Evasion"],"technique":["Sudo and Sudo
Caching"]},"fir,"application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"692297445","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:13 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:14:16.198+0800","rule":{"level":3,"description":"Traffic
Allowed: from 10.0.1.196 to
103.51.160.100","id":"70022","firedtimes":14,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763568856.94329","full_log":"device=\"SFW\"
date=2025-11-20 time=00:22:52 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice
duration=051.160.100","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.196","src_mac":"20:db:ea:6e:ac:e2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'{"timestamp":"2025-11-20T00:42:44.568+0800","rule":{"level":5,"description":"syslog:
Coce_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.51.160.197","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.187","src_mac":"20:db:ea:6e:b0:d2","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:52:40 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '800","rule":{"level":3,"description":"Traffic
Allowed: from 121.59.124.65 to
103.250.57.10","id":"70022","firedtimes":35,"mail":false,"groups":["sophos-fw"]},"agent":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763607157.21482787","full_log":"device=\"SFW\"
date=2025-11-20 time=11:01:14 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=121.59.124.65 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2062740583\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:01:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"2062740583","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"121.59.124.65","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:55:28 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'e=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.250.57.9 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"3241980137\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:04:04","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"3241980137","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.250.57.9","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:56:32 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'97","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"203.84.130.31","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:57:10 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'cy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"142.251.230.215","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:57:26 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
'col":"ICMP","device":"SFW","date":"2025-11-20","time":"11:06:02","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"3827601468","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"172.217.194.101","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:58:56 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': '\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:07:32","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"550554037","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"USA","dst_ip":"17.253.150.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.10.10.12","src_mac":"82:0e:e2:bb:3b:2d","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 10:58:58 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json': 'ion=\"\" application_risk=0
application_technology=\"\" application_category=\"\" vlan_id=\"\"
ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\"
in_interface=\"Port2\" in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=103.51.160.29 src_country_code=SGP dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"4227013026\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:07:34","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"4227013026","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"SGP","src_ip":"103.51.160.29","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
2025/11/20 11:00:30 wazuh-maild: WARNING: Invalid JSON alert read from
'logs/alerts/alerts.json':
't":{"id":"000","name":"localhost.localdomain"},"manager":{"name":"localhost.localdomain"},"id":"1763607629.23437064","full_log":"device=\"SFW\"
date=2025-11-20 time=11:09:06 timezone=\"+08\" device_name=\"XGS136\"
device_id=X13300GHM96WCE0 log_id=\"018201500005\" log_type=\"Firewall\"
log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\"
status=\"Allow\" priority=Notice duration=0 fw_rule_id=2
fw_rule_name=\"Internet Access Rule\" fw_rule_section=\"Local rule\"
nat_rule_id=3 nat_rule_name=\"Internet Access Rule\" policy_type=1
sdwan_profile_id_request=0 sdwan_profile_name_request=\"\"
sdwan_profile_id_reply=0 sdwan_profile_name_reply=\"\" gw_id_request=0
gw_name_request=\"\" gw_id_reply=0 gw_name_reply=\"\"
sdwan_route_id_request=0 sdwan_route_name_request=\"\"
sdwan_route_id_reply=0 sdwan_route_name_reply=\"\" user_name=\"\"
user_gp=\"\" iap=12 ips_policy_id=0 appfilter_policy_id=5 application=\"\"
application_risk=0 application_technology=\"\" application_category=\"\"
vlan_id=\"\" ether_type=IPv4 (0x0800) bridge_name=\"\"
bridge_display_name=\"\" in_interface=\"Port2\"
in_display_interface=\"ST-GPON\" out_interface=\"\"
out_display_interface=\"\" src_mac=c0:42:d0:3d:d4:04 dst_mac=
src_ip=74.125.37.235 src_country_code=USA dst_ip=103.250.57.10
dst_country_code=SGP protocol=\"ICMP\" icmp_type=11 icmp_code=0 sent_pkts=0
recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
connid=\"2957595456\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"\"
appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:09:06","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"2957595456","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
Heartbeat","iap":"12","in_interface":"Port2","ips_policy_id":"0","log_component":"ICMP
ERROR
MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"USA","src_ip":"74.125.37.235","src_mac":"c0:42:d0:3d:d4:04","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
[root@localhost ~]#
>>> .
>>>
>>
Javier Rosas
Nov 20, 2025, 2:33:20 PM (3 days ago) Nov 20
to Wazuh | Mailing List
Hi,
I reviewed the logs you shared, and the log structure you tested in
wazuh-logtest does *not appear anywhere* in the actual logs received by
Wazuh.
For a decoder and rule to work, the real event must have the *same format
and fields* as the one used during the logtest simulation.
Right now, the event format you are testing:
messageid="17507" log_type="Event" log_component="GUI" ...
does *not exist* in your incoming logs. Since the structure is different,
the decoder does not match, and therefore the rule does not fire and no
alert is generated.
Please review the Sophos logging configuration and confirm:
1.
That the firewall is sending the correct log type (GUI/Admin
authentication events).
2.
That the log format matches the one used in your logtest sample.
3.
That the event you want to alert on is actually being sent via syslog to
Wazuh.
Once the real logs contain the same structure used in the decoder and rule,
the alert will be generated correctly, please also check in ossec.log
On Wednesday, November 19, 2025 at 10:02:08 PM UTC-5 Satiswaran Selva
> Heartbeat\" message=\"\"
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:24","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
>
> Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"
> 2357345286 <(235)%20734-5286>","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:24","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
>
> Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"
>
> Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
>
> ERROR
> MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
>
>
> Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
> 2025/11/20 09:41:50 wazuh-maild: WARNING: Invalid JSON alert read from
> 'logs/alerts/alerts.json': 'bridge_display_name=\"\"
> in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
> out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
> src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
> dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
> recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
> tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
> dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
> connid=\"2357345286 <(235)%20734-5286>\" vconnid=\"\" hb_health=\"No
> Heartbeat","iap":"12","in_interface":"Port11","ips_policy_id":"0","log_component":"ICMP
>
> ERROR
> MESSAGE","log_id":"018201500005","log_subtype":"Allowed","log_type":"Firewall","name":"XGS136","policy_type":"1","priority":"Notice","recv_bytes":"0","recv_pkts":"0","sent_bytes":"0","sent_pkts":"0","src_country_code":"R1","src_ip":"10.0.1.216","src_mac":"26:d6:9d:85:f3:a3","src_port":"0","srczone":"LAN","srczonetype":"LAN","sophos_fw_status_msg":"Allow","th":"No
>
>
> Heartbeat","tran_dst_port":"0","tran_src_port":"0"},"location":"103.250.57.10"}'
> 2025/11/20 09:41:50 wazuh-maild: WARNING: Invalid JSON alert read from
> 'logs/alerts/alerts.json': 'bridge_display_name=\"\"
> in_interface=\"Port11\" in_display_interface=\"Port11\" out_interface=\"\"
> out_display_interface=\"\" src_mac=26:d6:9d:85:f3:a3 dst_mac=
> src_ip=10.0.1.216 src_country_code=R1 dst_ip=57.144.152.192
> dst_country_code=SGP protocol=\"ICMP\" icmp_type=3 icmp_code=3 sent_pkts=0
> recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0
> tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\"
> dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connevent=\"Interim\"
> Heartbeat\" message=\"\"
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:26","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
>
> Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"
> 2357345286 <(235)%20734-5286>","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"57.144.152.192","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"09:50:26","timezone":"+08","appfilter_policy_id":"5","application":"QUIC","application_category":"Infrastructure","application_risk":"1","application_technology":"Network
>
> Protocol","appresolvedby":"Signature","connevent":"Interim","connid":"
> vconnid=\"\"
> hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
> app_is_cloud=0 log_occurrence=1
>
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:18","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"
> 3198104808 <(319)%20810-4808>","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
> hb_health=\"No Heartbeat\" message=\"\" appresolvedby=\"Signature\"
> app_is_cloud=0 log_occurrence=1
>
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"10:02:18","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"
> Heartbeat\" message=\"\"
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
>
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:01:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"
> 2062740583 <(206)%20274-0583>","device_id":"X13300GHM96WCE0","device_name":"XGS136","dst_country_code":"SGP","dst_ip":"103.250.57.10","dst_port":"0","duration":"0","fw_rule_id":"2","hb_health":"No
> appresolvedby=\"Signature\" app_is_cloud=0 log_occurrence=1
>
> flags=0","decoder":{"name":"sophos-fw"},"data":{"protocol":"ICMP","device":"SFW","date":"2025-11-20","time":"11:01:14","timezone":"+08","appfilter_policy_id":"5","application_risk":"0","appresolvedby":"Signature","connevent":"Interim","connid":"
Satiswaran Selva Sakeram
Nov 21, 2025, 3:56:12 AM (2 days ago) Nov 21
to Wazuh | Mailing List
Hi Team,Â
Any update on this request?
Reply all
Reply to author
Forward
0 new messages