Yeah, this is beyond me at the moment. I don't think I stand a chance at understanding the code without running it, and I'm not installing it on my systems.
On Fri, Jun 10, 2011 at 2:35 PM, Chuck Little <[email protected]> wrote: > Example from the wui (index.php) > > Latest events > > 2011 Jun 10 00:00:43 Rule Id: 591 level: 3 > Location: (rigel) 10.0.55.7->ossec-logcollector > Src IP: ile rotated (inode changed): '/var/log/maillog'. > Log file rotated. > ** Alert 1307685694.192: - ossec, > 2011 Jun 10 00:01:34 arcturus->ossec-logcollector > Rule: 591 (level 3) -> 'Log file rotated.' > ossec: File rotated (inode changed): '/var/log/maillog'. > > -Chuck > > On 6/10/11 12:03 PM, dan (ddp) wrote: >> Hi 2secureit, >> >> On Fri, Jun 10, 2011 at 1:28 PM, 2secureit <[email protected]> wrote: >>> As you can see below the Src IP: field is not parsing correctly? Can >>> someone point me in the right direction to fix. Thanks--- >>> >>> >>> 2011 Jun 10 13:21:28 Rule Id: 581 level: 8 >>> Location: ossec-server->/var/log/nmap-out.log >>> Src IP: 2.168.1.126 (), open ports: >>> Host information added. >>> ** Alert 1307726488.94736: mail - ossec,hostinfo, >>> 2011 Jun 10 13:21:28 telos-nessus->/var/log/nmap-out.log >>> Rule: 581 (level 8) -> 'Host information added.' >>> Host: 192.168.1.127 (), open ports: >> >> I won't use the wui, which .php file does not appear on? >
