1[rshd: illegal]
2log 1 pass = Dec 17 10:49:23 hostname rshd[347339]: Connection from 10.217.223.31 on illegal port
3log 2 fail = Dec 17 10:49:23 hostname rhsd[347339]: Connection from 10.217.223.31 on illegal port
4
5rule = 2551
6alert = 10
7decoder = rshd
8
9