Speaking for myself, it was not immediately obvious that the wui was a "dead" project, though it is quickly obvious that it doesn't work as expected.
Does the wui just need some development effort or is it in need of full-fledfed adoption by someone to act as project manager? Is there a project page describing its abandoned state that people are overlooking? I've got some skill and cycles I'd put towards fixing the wui, but such effort should probably be managed to avoid needless duplication of effort, etc. --ScottVR On Sep 14, 2011, at 9:06 AM, "dan (ddp)" <[email protected]> wrote: > Out of curiosity, why did you revert to an ancient version of OSSEC > instead of fixing or replacing WUI (which has been a dead project for > years)? > > On Wed, Sep 14, 2011 at 8:57 AM, Mike Disley > <[email protected]> wrote: >> I had the same issue when I upgraded to ver 2.6. I rolled back to 2.3 and >> the problem went away. >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Alexander Rikmanis >> Sent: Tuesday, September 13, 2011 8:28 PM >> To: ossec-list >> Subject: [ossec-list] ossec-wui BUG >> >> Log files are parsed incorrectly. >> here is the raw log file from ossec and what wui shows to me: >> ---------------------------------------------------------------------------------------------- >> WUI: >> 2011 Sep 14 10:10:13 Rule Id: 5501 level: 3 >> Location: (manager) aa.bb.cc.dd->/var/log/secure Src IP: 8:10:14 takapu >> sshd[10373]: pam_unix(sshd:session): session opened for user sw by (uid=0) >> ^^^^^^^^^^^^^^^^^^^^^^^^ Login session opened. >> ** Alert 1315951847.1022810: - pam,syslog,authentication_success, >> 2011 Sep 14 10:10:47 (manager) aa.bb.cc.dd->/var/log/secure >> Rule: 5501 (level 3) -> 'Login session opened.' >> Sep 13 18:10:50 takapu su: pam_unix(su-l:session): session opened for user >> root by sw(uid=1001) >> ------------------------------------------------------------------------- >> Raw log: >> ** Alert 1315951813.1022534: - pam,syslog,authentication_success, >> 2011 Sep 14 10:10:13 (manager) 67.225.152.209->/var/log/secure >> Rule: 5501 (level 3) -> 'Login session opened.' >> Sep 13 18:10:14 takapu sshd[10373]: pam_unix(sshd:session): session opened >> for user sw by (uid=0) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Look at "Src IP" >> field - there is a date there. And the first symbol is gone. >> >> here is the screenshot: [IMG]http://i52.tinypic.com/n1xn9i.png[/IMG] >>
