sagan_log_example

[**] [1:5000027] [SU] Successful su as root [**]
[Classification: successful-admin] [Priority: 1] [127.0.0.1]
2019-07-25 00:16:06 192.168.0.1:514 -> 192.168.0.1:514 authpriv info
Message:  Successful su for root by mestre
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000027]

[**] [1:5000131] [SYSLOG] New user added to the system [**]
[Classification: system-event] [Priority: 2] [127.0.0.1]
2019-07-25 00:17:01 192.168.0.1:514 -> 192.168.0.1:514 authpriv info
Message:  new user: name=pepecito, UID=1002, GID=1002, home=/home/pepecito, shell=/bin/bash
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000131]

[**] [1:5000377] [SYSLOG] Information for a user was changed [**]
[Classification: system-event] [Priority: 2] [127.0.0.1]
2019-07-25 00:17:08 192.168.0.1:514 -> 192.168.0.1:514 authpriv info
Message:  changed user 'pepecito' information
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000377]

[**] [1:5000131] [SYSLOG] New user added to the system [**]
[Classification: system-event] [Priority: 2] [127.0.0.1]
2019-07-25 13:18:45 192.168.0.1:514 -> 192.168.0.1:514 authpriv info
Message:  new user: name=pepecito3, UID=1003, GID=1003, home=/home/pepecito3, shell=/bin/bash
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000131]

[**] [1:5000377] [SYSLOG] Information for a user was changed [**]
[Classification: system-event] [Priority: 2] [127.0.0.1]
2019-07-25 13:18:52 192.168.0.1:514 -> 192.168.0.1:514 authpriv info
Message:  changed user 'pepecito3' information
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000377]

[**] [1:5000133] [SU] Successful sudo to ROOT executed [**]
[Classification: successful-admin] [Priority: 1] [127.0.0.1]
2019-07-25 14:37:14 192.168.0.1:514 -> 192.168.0.1:514 authpriv notice
Message:    mestre : TTY=pts/1 ; PWD=/home/mestre ; USER=root ; COMMAND=/usr/sbin/chroot /jaula-sid/
[Xref => http://wiki.quadrantsec.com/bin/view/Main/5000133]