[ossec-list] Re: Did the WUI ever get fixed?

Thu, 01 Mar 2012 03:05:50 -0800 

Holger,

That's fantastic.... Thanks very much.

Worked a treat!

Pip

On Feb 29, 8:49 am, Holger Gläß <[email protected]> wrote:
> hi
>
>   i did some fixes for me see bellow
>
> root@ossec:/root# diff ossec-wui-0.3/lib/os_lib_alerts.php
> ossec-wui-patch/os_lib_alerts.php
> 328a329
>  > /* old
> 330a332,335
>  > */
>  >             $evt_msg[$msg_id] = preg_replace("/</", "&lt;",
> $evt_msg[$msg_id]);
>  >             $evt_msg[$msg_id] = preg_replace("/>/", "&gt;",
> $evt_msg[$msg_id]);
>  >
> 360a366
>  > /*
> 363c369,371
> <         $alert->user = $evt_user;
> ---
>  > */
>  >         $evt_user = preg_replace("/</", "&lt;", $evt_user);
>  >         $evt_user = preg_replace("/>/", "&gt;", $evt_user);
> 364a373,374
>  >         $alert->user = $evt_user;
>  > /*
> 366a377,381
>  > */
>  >
>  >         $evt_srcip = preg_replace("/</", "&lt;", $evt_srcip);
>  >         $evt_srcip = preg_replace("/>/", "&gt;", $evt_srcip);
>  >
> 842c857,858
> <             fseek($fp, $seek_place, "SEEK_SET");
> ---
>  > /* bugfixhttp://osdir.com/ml/ossec-list/2010-06/msg00016.html*/
>  >             fseek($fp, $seek_place, SEEK_SET);
>
> root@ossec:/root# diff ossec-wui-0.3/lib/os_lib_syscheck.php
> ossec-wui-patch/os_lib_syscheck.php
> 43a44
>  >         /* old
> 45a47,50
>  >         */
>  >
>  >         $buffer = preg_replace("/</", "&lt;", $buffer);
>  >         $buffer = preg_replace("/>/", "&gt;", $buffer);
>
> for me works
>
> i attach the patched libs to this mail
>
> holger
>
> On 02/28/2012 10:05 AM, PJG wrote:
>
>
>
>
>
>
>
> > All,
>
> > I saw a post back to last year about the WUI not displaying logs
> > correctly. Did anyone get this fixed? (I was going reply to that post
> > but couldn't, so have opened this new one).
>
> > Reason being, is that despite it's limitations, it's still a very
> > quick and easy first place to look for logs.
>
> > I've built it into my Incident response procedures, and would really
> > like it to work.
>
> > Now I know I can deploy Splunk to do a similar things, but the OSSEC
> > wui is a very simple tool, to view very powerful logs.
>
> > If I had the skills I would look into fixing it, but unfortunately I
> > don't.
>
> > Has anyone else been able to wave their magic wand?
>
> > Cheers...
>
> > Pip
>
>
>
>  os_lib_alerts.php
> 36KViewDownload
>
>  os_lib_syscheck.php
> 12KViewDownload

Reply via email to