I'm starting to play with logstash. Before that I played a bit with splunk. I mostly use email though.
On Fri, Jun 10, 2011 at 2:26 PM, 2secureit <[email protected]> wrote: > What do you use to monitor the data? It happens on the realtime page > and the initial index page. I am not familiar enough with the wui, > just started playing with it two days ago. > > Thanks, > Dan > @0xjudd > > On Jun 10, 2:03 pm, "dan (ddp)" <[email protected]> wrote: >> Hi 2secureit, >> >> On Fri, Jun 10, 2011 at 1:28 PM, 2secureit <[email protected]> wrote: >> > As you can see below the Src IP: field is not parsing correctly? Can >> > someone point me in the right direction to fix. Thanks--- >> >> > 2011 Jun 10 13:21:28 Rule Id: 581 level: 8 >> > Location: ossec-server->/var/log/nmap-out.log >> > Src IP: 2.168.1.126 (), open ports: >> > Host information added. >> > ** Alert 1307726488.94736: mail - ossec,hostinfo, >> > 2011 Jun 10 13:21:28 telos-nessus->/var/log/nmap-out.log >> > Rule: 581 (level 8) -> 'Host information added.' >> > Host: 192.168.1.127 (), open ports: >> >> I won't use the wui, which .php file does not appear on?
