user_id.name in ssh.rules - id 1913 expsoing name as "invalid"
Unsure if this is intended or not, but in rule id 1913 in ssh.rules, this idmef field is currently set to:
which prints either illegal or invalid as opposed to the username actually in the syslog message, which would be exposed as:
at any rate, figured i would mention it here.
#1 Updated by Yoann VANDOORSELAERE almost 16 years ago
- Status changed from New to Closed
- Resolution set to fixed
(In r9670) Fix by Scott Olihovik <firstname.lastname@example.org>: invalid user.user_id(0).name assignement in SSH rule 1913 (fix #243).
#2 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
- Target version deleted (