<div dir="ltr"><div>Hello</div><div> </div><div> </div><div>I am trying to create Pattern-DB for the following Authorization messages coming from O/S.</div><div>Can you help on creating a matching rule .</div><div> </div><div>Note: I do not have PATTERN-DB parser utility.I am going to create the db-parser.xml manually and put this rules inside the file.</div><div> </div><div>2014-09-28T14:12:44-04:00 abcdef01-app/abcdef01-app sshd[11019]: [ID 800047 auth.notice] Failed password for root from 100.200.255.01 port 54438 ssh2<br>2014-09-28T14:03:46-04:00 abcdef01-app/abcdef01-app sshd[27420]: [ID 800047 auth.notice] Failed publickey for root from 100.200.255.02 port 59219 ssh2<br>2014-09-28T14:08:28-04:00 abcdef01-app/abcdef01-app sshd[3954]: [ID 800047 auth.notice] Failed keyboard-interactive for root from 100.200.255.03 port 65410 ssh2<br>2014-09-28T14:10:11-04:00 abcdef01-app/abcdef01-app sshd[5222]: [ID 293258 auth.error] libsldap: Status: 49 Mesg: openConnection: simple bind failed - Invalid credentials<br><br clear="all"><br>Thanks & Regards<br>Kaladhar
</div></div>