hi i did some fixes for me see bellow
root@ossec:/root# diff ossec-wui-0.3/lib/os_lib_alerts.php ossec-wui-patch/os_lib_alerts.php
328a329 > /* old 330a332,335 > */> $evt_msg[$msg_id] = preg_replace("/</", "<", $evt_msg[$msg_id]); > $evt_msg[$msg_id] = preg_replace("/>/", ">", $evt_msg[$msg_id]);
>
360a366
> /*
363c369,371
< $alert->user = $evt_user;
---
> */
> $evt_user = preg_replace("/</", "<", $evt_user);
> $evt_user = preg_replace("/>/", ">", $evt_user);
364a373,374
> $alert->user = $evt_user;
> /*
366a377,381
> */
>
> $evt_srcip = preg_replace("/</", "<", $evt_srcip);
> $evt_srcip = preg_replace("/>/", ">", $evt_srcip);
>
842c857,858
< fseek($fp, $seek_place, "SEEK_SET");
---
> /* bugfix http://osdir.com/ml/ossec-list/2010-06/msg00016.html */
> fseek($fp, $seek_place, SEEK_SET);
root@ossec:/root# diff ossec-wui-0.3/lib/os_lib_syscheck.php
ossec-wui-patch/os_lib_syscheck.php
43a44
> /* old
45a47,50
> */
>
> $buffer = preg_replace("/</", "<", $buffer);
> $buffer = preg_replace("/>/", ">", $buffer);
for me works
i attach the patched libs to this mail
holger
On 02/28/2012 10:05 AM, PJG wrote:
All, I saw a post back to last year about the WUI not displaying logs correctly. Did anyone get this fixed? (I was going reply to that post but couldn't, so have opened this new one). Reason being, is that despite it's limitations, it's still a very quick and easy first place to look for logs. I've built it into my Incident response procedures, and would really like it to work. Now I know I can deploy Splunk to do a similar things, but the OSSEC wui is a very simple tool, to view very powerful logs. If I had the skills I would look into fixing it, but unfortunately I don't. Has anyone else been able to wave their magic wand? Cheers... Pip
<<attachment: os_lib_alerts.php>>
<<attachment: os_lib_syscheck.php>>
