faxm0dem/gist:1e6dbe303e033a43acb5 Secret

## gistfile1.xml
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='4' pub_date='2014-03-03'>

  <ruleset name='imapd' id='de06a259-90c2-49b6-b6c0-8867a04700bb'>
    <patterns>
       <pattern>imapd</pattern>
    </patterns>
    <rules>
      <rule provider='patterndb' id='fa06330e-9157-43b3-98f7-649b0f3de812' class='system'>
        <patterns>
          <pattern>connect from @ESTRING:: @(@ESTRING::)@</pattern>
        </patterns>
      </rule>
    </rules>
  </ruleset>

  <ruleset name='pam_unix' id='72d75cb0-0107-4d12-b0bf-cea36ddf7f38'>
    <description>
      This ruleset covers the unix pam module in linux
    </description>
    <patterns>
    <!-- in this order, the test_message doesn't match -->
      <pattern>sshd</pattern>
      <pattern>imapd</pattern>
    <!-- in this order, it does
      <pattern>sshd</pattern>
      <pattern>imapd</pattern>
    -->
    </patterns>
    <rules>
      <rule provider='patterndb' id='d490b769-1042-4576-918e-c441c65f3a59' class='system'>
        <patterns>
          <pattern>pam_unix(@ESTRING:usracct.application::@@ESTRING:usracct.service:)@: authentication failure; logname=@ESTRING:temp.logname: @uid=@NUMBER::@ euid=@NUMBER::@ tty=@ESTRING:temp.tty: @ruser=@ESTRING:usracct.username: @rhost=</pattern>
        </patterns>
        <examples>
          <example>
            <test_message program='imapd'>pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.2.179  user=czanik</test_message>
          </example>
        </examples>
      </rule>

    </rules>
  </ruleset>

</patterndb>
	<?xml version='1.0' encoding='UTF-8'?>
	<patterndb version='4' pub_date='2014-03-03'>

	<ruleset name='imapd' id='de06a259-90c2-49b6-b6c0-8867a04700bb'>
	<patterns>
	<pattern>imapd</pattern>
	</patterns>
	<rules>
	<rule provider='patterndb' id='fa06330e-9157-43b3-98f7-649b0f3de812' class='system'>
	<patterns>
	<pattern>connect from @ESTRING:: @(@ESTRING::)@</pattern>
	</patterns>
	</rule>
	</rules>
	</ruleset>

	<ruleset name='pam_unix' id='72d75cb0-0107-4d12-b0bf-cea36ddf7f38'>
	<description>
	This ruleset covers the unix pam module in linux
	</description>
	<patterns>
	<!-- in this order, the test_message doesn't match -->
	<pattern>sshd</pattern>
	<pattern>imapd</pattern>
	<!-- in this order, it does
	<pattern>sshd</pattern>
	<pattern>imapd</pattern>
	-->
	</patterns>
	<rules>
	<rule provider='patterndb' id='d490b769-1042-4576-918e-c441c65f3a59' class='system'>
	<patterns>
	<pattern>pam_unix(@ESTRING:usracct.application::@@ESTRING:usracct.service:)@: authentication failure; logname=@ESTRING:temp.logname: @uid=@NUMBER::@ euid=@NUMBER::@ tty=@ESTRING:temp.tty: @ruser=@ESTRING:usracct.username: @rhost=</pattern>
	</patterns>
	<examples>
	<example>
	<test_message program='imapd'>pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.2.179 user=czanik</test_message>
	</example>
	</examples>
	</rule>

	</rules>
	</ruleset>

	</patterndb>