I am currently using the webui just fine in SLES11. I have ordered the OSSEC-HIDS book and it is on its way.
I have a dumb database question. I followed the directions to send output the mysql database here: http://www.ossec.net/doc/manual/output/database-output.html Everything seems to go OK with the mysql commands to do this. However, I am not convinced that everything in the /var/ossec/logs is going to the database. Is there a way to check this? My dumb question is this: If database output is enabled, should everything that is in /var/ossec/ logs also be in the mysql "ossec" database? I understand the webui does not use the database output, and only uses the logs in /var/ossec/logs. That is fine with me.
