| Event 0 (id:0x88167a8 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1531 |
| 31 | rawsnare.procname | vstr | unkn | sshd |
| 30 | rawsnare.ppid | int | unkn | 1 |
| 29 | rawsnare.pid | int | unkn | 617 |
| 28 | rawsnare.egid | int | unkn | 0 |
| 27 | rawsnare.euid | int | unkn | 0 |
| 26 | rawsnare.rgid | int | unkn | 0 |
| 25 | rawsnare.ruid | int | unkn | 0 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 18:59:50 2005 +741764 us (1131645590.741764) |
| 13 | udp.msg | bstr | unkn | . . . . . . . . . . sC. Q. . . . . . . . . . . . . . . . . . . . . . i. . . . . . . sshd. . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 18:59:50 2005 +743332 us (1131645590.743332) |
| 7 | udp.event | int | mono | 15 |
| Event 1 (id:0x88254a0 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 49 | rawsnare.target_sid | int | unkn | -1 |
| 48 | rawsnare.target_rid | int | unkn | -1 |
| 47 | rawsnare.target_id | int | unkn | 10042 |
| 32 | rawsnare.retcode | int | unkn | 0 |
| 31 | rawsnare.procname | vstr | unkn | sshd |
| 30 | rawsnare.ppid | int | unkn | 617 |
| 29 | rawsnare.pid | int | unkn | 1531 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 0 |
| 26 | rawsnare.rgid | int | unkn | 0 |
| 25 | rawsnare.ruid | int | unkn | 0 |
| 24 | rawsnare.syscall | vstr | unkn | (208) SYS_setresuid32 |
| 23 | rawsnare.class | int | unkn | 8 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 18:59:51 2005 +322562 us (1131645591.322562) |
| 13 | udp.msg | bstr | unkn | . . . . (. ). . . sC. . . . . . . . . . . . . . . . d. . . . . . . . . . . i. . . sshd. . . . . . . . . . . . F. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 18:59:51 2005 +323771 us (1131645591.323771) |
| 7 | udp.event | int | mono | 17 |
| Event 2 (id:0x884a368 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 120 | sshd.proto | vstr | unkn | ssh2 |
| 119 | sshd.src_port | int | unkn | 47480 |
| 118 | sshd.src_ip | ipv4 | unkn | 10.0.0.142 (testhost2) |
| 117 | sshd.user | vstr | unkn | demouser |
| 116 | sshd.method | vstr | unkn | password |
| 115 | sshd.action | vstr | unkn | Failed |
| 21 | syslog.msg | vstr | unkn | Failed password for demouser from 10.0.0.142 port 47480 ssh2 |
| 20 | syslog.prog | vstr | unkn | sshd |
| 19 | syslog.pid | int | unkn | 1531 |
| 15 | syslog.severity | vstr | unkn | (6) Informational: informational messages |
| 14 | syslog.facility | vstr | unkn | (10) security/authorization messages |
| 13 | udp.msg | bstr | unkn | <86>sshd[1531]: Failed password for demouser from 10.0.0.142 port 47480 ssh2. |
| 12 | udp.dst_port | int | unkn | 10514 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 18:59:55 2005 +78156 us (1131645595.078156) |
| 7 | udp.event | int | mono | 25 |
| Event 3 (id:0x88406f8 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 120 | sshd.proto | vstr | unkn | ssh2 |
| 119 | sshd.src_port | int | unkn | 47480 |
| 118 | sshd.src_ip | ipv4 | unkn | 10.0.0.142 (testhost2) |
| 117 | sshd.user | vstr | unkn | demouser |
| 116 | sshd.method | vstr | unkn | password |
| 115 | sshd.action | vstr | unkn | Failed |
| 21 | syslog.msg | vstr | unkn | Failed password for demouser from 10.0.0.142 port 47480 ssh2 |
| 20 | syslog.prog | vstr | unkn | sshd |
| 19 | syslog.pid | int | unkn | 1531 |
| 15 | syslog.severity | vstr | unkn | (6) Informational: informational messages |
| 14 | syslog.facility | vstr | unkn | (10) security/authorization messages |
| 13 | udp.msg | bstr | unkn | <86>sshd[1531]: Failed password for demouser from 10.0.0.142 port 47480 ssh2. |
| 12 | udp.dst_port | int | unkn | 10514 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:00 2005 +678877 us (1131645600.678877) |
| 7 | udp.event | int | mono | 27 |
| Event 4 (id:0x884f020 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1533 |
| 31 | rawsnare.procname | vstr | unkn | sshd |
| 30 | rawsnare.ppid | int | unkn | 617 |
| 29 | rawsnare.pid | int | unkn | 1531 |
| 28 | rawsnare.egid | int | unkn | 0 |
| 27 | rawsnare.euid | int | unkn | 0 |
| 26 | rawsnare.rgid | int | unkn | 0 |
| 25 | rawsnare.ruid | int | unkn | 0 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:00 2005 +740659 us (1131645600.740659) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC3M. . . . . . . . . . . . . . . . . . . . . . . . . . i. . . sshd. . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:00 2005 +741694 us (1131645600.741694) |
| 7 | udp.event | int | mono | 38 |
| Event 5 (id:0x88512f8 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 49 | rawsnare.target_sid | int | unkn | 0 |
| 48 | rawsnare.target_rid | int | unkn | 0 |
| 47 | rawsnare.target_id | int | unkn | 100 |
| 32 | rawsnare.retcode | int | unkn | 0 |
| 31 | rawsnare.procname | vstr | unkn | sshd |
| 30 | rawsnare.ppid | int | unkn | 1531 |
| 29 | rawsnare.pid | int | unkn | 1533 |
| 28 | rawsnare.egid | int | unkn | 0 |
| 27 | rawsnare.euid | int | unkn | 0 |
| 26 | rawsnare.rgid | int | unkn | 0 |
| 25 | rawsnare.ruid | int | unkn | 0 |
| 24 | rawsnare.syscall | vstr | unkn | (214) SYS_setgid32 |
| 23 | rawsnare.class | int | unkn | 8 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:00 2005 +743816 us (1131645600.743816) |
| 13 | udp.msg | bstr | unkn | . . . . (. . . . . sC. Y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . sshd. . . . . . . . . . . . d. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:00 2005 +744819 us (1131645600.744819) |
| 7 | udp.event | int | mono | 39 |
| Event 6 (id:0x8851f98 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1571 |
| 31 | rawsnare.procname | vstr | unkn | bash |
| 30 | rawsnare.ppid | int | unkn | 1531 |
| 29 | rawsnare.pid | int | unkn | 1533 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +634089 us (1131645602.634089) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. . . . F. . . F. . . d. . . d. . . #. . . . . . . . . . . bash. . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +636212 us (1131645602.636212) |
| 7 | udp.event | int | mono | 147 |
| Event 7 (id:0x8852028 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1574 |
| 31 | rawsnare.procname | vstr | unkn | man |
| 30 | rawsnare.ppid | int | unkn | 1533 |
| 29 | rawsnare.pid | int | unkn | 1571 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +662794 us (1131645602.662794) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. . . . F. . . F. . . d. . . d. . . &. . . #. . . . . . . man. . . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +663732 us (1131645602.663732) |
| 7 | udp.event | int | mono | 153 |
| Event 8 (id:0x885a0e8 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1575 |
| 31 | rawsnare.procname | vstr | unkn | sh |
| 30 | rawsnare.ppid | int | unkn | 1571 |
| 29 | rawsnare.pid | int | unkn | 1574 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +668696 us (1131645602.668696) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. 4. . F. . . F. . . d. . . d. . . '. . . &. . . #. . . sh. . . . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +669734 us (1131645602.669734) |
| 7 | udp.event | int | mono | 155 |
| Event 9 (id:0x885a310 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1578 |
| 31 | rawsnare.procname | vstr | unkn | sh |
| 30 | rawsnare.ppid | int | unkn | 1574 |
| 29 | rawsnare.pid | int | unkn | 1575 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +670923 us (1131645602.670923) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. <. . F. . . F. . . d. . . d. . . *. . . '. . . &. . . sh. . . . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +671965 us (1131645602.671965) |
| 7 | udp.event | int | mono | 158 |
| Event 10 (id:0x885a930 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1579 |
| 31 | rawsnare.procname | vstr | unkn | sh |
| 30 | rawsnare.ppid | int | unkn | 1574 |
| 29 | rawsnare.pid | int | unkn | 1575 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +671442 us (1131645602.671442) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. >. . F. . . F. . . d. . . d. . . +. . . '. . . &. . . sh. . . . . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +672412 us (1131645602.672412) |
| 7 | udp.event | int | mono | 159 |
| Event 11 (id:0x885b0f8 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1583 |
| 31 | rawsnare.procname | vstr | unkn | nroff |
| 30 | rawsnare.ppid | int | unkn | 1575 |
| 29 | rawsnare.pid | int | unkn | 1578 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +706920 us (1131645602.706920) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sCh. . . F. . . F. . . d. . . d. . . /. . . *. . . '. . . nroff. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +707919 us (1131645602.707919) |
| 7 | udp.event | int | mono | 172 |
| Event 12 (id:0x8859e40 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1584 |
| 31 | rawsnare.procname | vstr | unkn | groff |
| 30 | rawsnare.ppid | int | unkn | 1578 |
| 29 | rawsnare.pid | int | unkn | 1583 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +713720 us (1131645602.713720) |
| 13 | udp.msg | bstr | unkn | . . . . . . . . . . sC. . . . F. . . F. . . d. . . d. . . 0. . . /. . . *. . . groff. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +714657 us (1131645602.714657) |
| 7 | udp.event | int | mono | 174 |
| Event 13 (id:0x8859dd0 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 1585 |
| 31 | rawsnare.procname | vstr | unkn | groff |
| 30 | rawsnare.ppid | int | unkn | 1578 |
| 29 | rawsnare.pid | int | unkn | 1583 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (2) SYS_fork |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +714071 us (1131645602.714071) |
| 13 | udp.msg | bstr | unkn | . . . . . . . . . . sCW. . . F. . . F. . . d. . . d. . . 1. . . /. . . *. . . groff. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +715002 us (1131645602.715002) |
| 7 | udp.event | int | mono | 175 |
| Event 14 (id:0x885b380 1 ref) | ||||
|---|---|---|---|---|
| FID | Field | Type | Monotony | Data content |
| 32 | rawsnare.retcode | int | unkn | 0 |
| 31 | rawsnare.procname | vstr | unkn | troff |
| 30 | rawsnare.ppid | int | unkn | 1583 |
| 29 | rawsnare.pid | int | unkn | 1584 |
| 28 | rawsnare.egid | int | unkn | 100 |
| 27 | rawsnare.euid | int | unkn | 10042 |
| 26 | rawsnare.rgid | int | unkn | 100 |
| 25 | rawsnare.ruid | int | unkn | 10042 |
| 24 | rawsnare.syscall | vstr | unkn | (1) SYS_exit |
| 23 | rawsnare.class | int | unkn | 2 |
| 22 | rawsnare.time | timeval | mono | Thu Nov 10 19:00:02 2005 +867850 us (1131645602.867850) |
| 13 | udp.msg | bstr | unkn | . . . . . . ". . . sC. >. . F. . . F. . . d. . . d. . . . . . . 0. . . /. . . troff. . . . . . . . . . . |
| 12 | udp.dst_port | int | unkn | 6262 |
| 9 | udp.src_addr | ipv4 | unkn | 10.0.0.42 (testhost) |
| 8 | udp.time | timeval | mono | Thu Nov 10 19:00:02 2005 +868924 us (1131645602.868924) |
| 7 | udp.event | int | mono | 179 |
Generated by Orchids. Thu Nov 10 19:00:24 2005