What do people use the wui for? Maybe it'd be easier to create something new that does a subset of what the WUI does. Other products do the "log viewing" bit much better than WUI ever could, so working on that bit is silly. That pretty much leaves the syscheck db stuff. Anything else?
On Thu, Oct 20, 2011 at 1:02 PM, James M Pulver <[email protected]> wrote: > Replying somewhat belatedly, I also would like to see the WUI updated to work > with 2.6 line of OSSEC. I'm not a programmer really though so I don't know > that I would be able to do much... But there is interest I think. > -- > James Pulver > Information Technology Area Supervisor > LEPP Computer Group > Cornell University > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Scott VR > Sent: Wednesday, September 14, 2011 10:29 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [ossec-list] ossec-wui BUG > > Speaking for myself, it was not immediately obvious that the wui was a "dead" > project, though it is quickly obvious that it doesn't work as expected. > > Does the wui just need some development effort or is it in need of > full-fledfed adoption by someone to act as project manager? Is there a > project page describing its abandoned state that people are overlooking? I've > got some skill and cycles I'd put towards fixing the wui, but such effort > should probably be managed to avoid needless duplication of effort, etc. > > --ScottVR > > > > On Sep 14, 2011, at 9:06 AM, "dan (ddp)" <[email protected]> wrote: > >> Out of curiosity, why did you revert to an ancient version of OSSEC >> instead of fixing or replacing WUI (which has been a dead project for >> years)? >> >> On Wed, Sep 14, 2011 at 8:57 AM, Mike Disley >> <[email protected]> wrote: >>> I had the same issue when I upgraded to ver 2.6. I rolled back to 2.3 and >>> the problem went away. >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Alexander Rikmanis >>> Sent: Tuesday, September 13, 2011 8:28 PM >>> To: ossec-list >>> Subject: [ossec-list] ossec-wui BUG >>> >>> Log files are parsed incorrectly. >>> here is the raw log file from ossec and what wui shows to me: >>> ---------------------------------------------------------------------------------------------- >>> WUI: >>> 2011 Sep 14 10:10:13 Rule Id: 5501 level: 3 >>> Location: (manager) aa.bb.cc.dd->/var/log/secure Src IP: 8:10:14 takapu >>> sshd[10373]: pam_unix(sshd:session): session opened for user sw by (uid=0) >>> ^^^^^^^^^^^^^^^^^^^^^^^^ Login session opened. >>> ** Alert 1315951847.1022810: - pam,syslog,authentication_success, >>> 2011 Sep 14 10:10:47 (manager) aa.bb.cc.dd->/var/log/secure >>> Rule: 5501 (level 3) -> 'Login session opened.' >>> Sep 13 18:10:50 takapu su: pam_unix(su-l:session): session opened for user >>> root by sw(uid=1001) >>> ------------------------------------------------------------------------- >>> Raw log: >>> ** Alert 1315951813.1022534: - pam,syslog,authentication_success, >>> 2011 Sep 14 10:10:13 (manager) 67.225.152.209->/var/log/secure >>> Rule: 5501 (level 3) -> 'Login session opened.' >>> Sep 13 18:10:14 takapu sshd[10373]: pam_unix(sshd:session): session opened >>> for user sw by (uid=0) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Look at "Src IP" >>> field - there is a date there. And the first symbol is gone. >>> >>> here is the screenshot: [IMG]http://i52.tinypic.com/n1xn9i.png[/IMG] >>> >
