Skip to content

Commit

Permalink
Merge pull request #9540 from wazuh/9499_new_ios_ruleset
Browse files Browse the repository at this point in the history
  • Loading branch information
@72nomada
72nomada committed Aug 17, 2021
2 parents 5758c47 + efd0ab4 commit af255be
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions ruleset/decoders/0065-cisco-ios_decoders.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,3 +270,22 @@ Details: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/
<regex>%(\w+)-(\d)-(\w+):</regex>
<order>cisco.facility, cisco.severity, cisco.mnemonic</order>
</decoder>

<!-- Cisco IOS
- Extracts the ID of cisco ios messages IF NOT IDS/ACL log.
- Modified according CISCO documentation: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
- Log line: Jul 29 20:08:37 UTC: %FTD-session-6-305012: Teardown dynamic TCP translation from INTF-INSIDE-1:10.40.1.239/60914 to INTF-INET-SWKO:209.137.221.2/60914 duration 0:00:00
-->

<decoder name="cisco-ios-default">
<parent>cisco-ios</parent>
<regex>%(\w+)-session-(\d)-(\w+): </regex>
<order>cisco.facility,cisco.severity,cisco.mnemonic</order>
</decoder>

<decoder name="cisco-ios-default">
<parent>cisco-ios</parent>
<regex>%\w+-session-\d-\w+: (\.*) duration (\d+:\d+:\d+)</regex>
<order>message,duration</order>
</decoder>

0 comments on commit af255be

Please sign in to comment.