Log Samples¶
Stuff¶
- Apache Logs
- GNU Radius
- Windows Routing and Remote Access logs
- Log Samples from Pam
- Log Samples from sshd
- Did not receive identification string (occurs during some forms of sshd DoS):
- Rule to catch multiple instances (insert into local_rules.xml):
- Software caused connection abort (occurs during some forms of sshd DoS):
- Rule to help OSSEC recognise this error as nothing serious:
- Login sucessful:
- Login failed:
- Invalid user login attempt:
- Full scan sample:
- Su log samples
- Messages from useradd, userdel, etc
- Linux Logs
- Windows Logs
- Log Samples from BSD systems
- Log entries in asl.log on OSX
- OS X IPFW Log Samples
- Log samples Mac
- FTP Logs
- Nessus scan in a web server log
- Misc. Logs
- Cisco Logs
- Log Samples for MySQL
- Log Samples for PostgreSQL
- Log Samples from PHP
- Urlscan Log samples
- Log Samples from Named
- Log samples for Checkpoint
- Log Samples from iptables
- Log Samples from the Netscreen Firewall
- Log samples from PF
- Log Samples from SonicWall
- Samples for the Windows firewall
- WIPFW
- Zone Alarm (free version) Log samples
- Courier Log samples
- Dovecot log samples
- Exchange Log Samples
- Log Samples from Exim
- Log Samples from imapd
- Log Samples for postfix
- Log Samples from Sendmail
- Log Samples for VM-POP3d
- Log Samples from vpopmail
- Log Samples for VMware ESX
- Example of web scan detected by ossec (looking for Wordpress, xmlrpc and awstats):
- Web scan sample 4:
- SSHD brute force:
- FTP Scan:
- Multiple firewall denies on the Windows firewall:
- Multiple spam attempts:
- SQL Injection attempt detected:
- Internal system possibly compromised with IrnBot:
- E-mail scan (vpopmail):
- File system full:
- Custom SQL injection against ossec.net:
- Application being installed:
- Virtual machine being shut down: