GEN:SID 1:611
Message RSERVICES rlogin login failure
Summary This event is generated when a remote login attempt using rlogin fails.
Impact Someone has tried to login using rlogin and failed
Detailed Information This rule generates an event when a login failure message generated by rlogind is seen. rlogin is used on UNIX systems for remote connectivity and remote command execution.  

Multiple events may indicate that an attacker is attempting a brute force password guessing attack.
Affected Systems  
Attack Scenarios An attacker finds a machine with rlogin service running and proceeds to guess the password remotely by connecting multiple times.
Ease of Attack Simple, no exploit software required
Corrective Action Investigate logs on the target host for further details and more signs of suspicious activity

Use ssh for remote access instead of rlogin.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0651

Arachnids:
http://www.whitehats.com/info/IDS392
Rule References arachnids: 392