It's a known issue. I don't think anyone's fixed it yet. Well, no one's adopted the WUI and started putting any work into it. Good luck!
On Tue, Sep 13, 2011 at 8:27 PM, Alexander Rikmanis <[email protected]> wrote: > Log files are parsed incorrectly. > here is the raw log file from ossec and what wui shows to me: > ---------------------------------------------------------------------------------------------- > WUI: > 2011 Sep 14 10:10:13 Rule Id: 5501 level: 3 > Location: (manager) aa.bb.cc.dd->/var/log/secure > Src IP: 8:10:14 takapu sshd[10373]: pam_unix(sshd:session): session > opened for user sw by (uid=0) > ^^^^^^^^^^^^^^^^^^^^^^^^ > Login session opened. > ** Alert 1315951847.1022810: - pam,syslog,authentication_success, > 2011 Sep 14 10:10:47 (manager) aa.bb.cc.dd->/var/log/secure > Rule: 5501 (level 3) -> 'Login session opened.' > Sep 13 18:10:50 takapu su: pam_unix(su-l:session): session opened for > user root by sw(uid=1001) > ------------------------------------------------------------------------- > Raw log: > ** Alert 1315951813.1022534: - pam,syslog,authentication_success, > 2011 Sep 14 10:10:13 (manager) 67.225.152.209->/var/log/secure > Rule: 5501 (level 3) -> 'Login session opened.' > Sep 13 18:10:14 takapu sshd[10373]: pam_unix(sshd:session): session > opened for user sw by (uid=0) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Look at "Src IP" field - there is a date there. And the first symbol > is gone. > > here is the screenshot: [IMG]http://i52.tinypic.com/n1xn9i.png[/IMG] >
