On Thu, Oct 20, 2011 at 11:06 AM, dan (ddp) <[email protected]> wrote: > What do people use the wui for? Maybe it'd be easier to create > something new that does a subset of what the WUI does. > Other products do the "log viewing" bit much better than WUI ever > could, so working on that bit is silly. That pretty much leaves the > syscheck db stuff. Anything else? >
I send my logs to ArcSight via CEF or to Splunk, depending on the site. I don't need the WebUI to view alerts. I use the WebUI to get a fast view of what agents are RED (not checking in) and why. I love that functionality. I don't need another place to view OSSEC logs at work. However, I can imagine in a local instance of OSSEC (like a home firewall), a UI to view alerts would be nice to have, but again, there is always email and the alert volume *should* be low for a home firewall.
