Re: [ossec-list] Re: Error in message formating on OSSEC Wui

Sat, 23 Jun 2012 20:29:11 -0700
Ok, finished playing around with the code and testing it with my logs and it should now work with OSSEC 2.6 again. If anyone runs into problems with the patch just poke me and I'll see if I can help out. 


Below are links to a patchfile and a tar.gz with the changed files. The 
important changes are in lib/os_lib_alerts.php the other files are more 
or less just cosmetic changes making the alerts a bit easier to read, 
and previous fixes already posted on this list.


http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch
http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz

List of all changes ( http://www.dopefish.de/archives/1154 )
- Works with the OSSEC 2.6 alert log file format
- Changed Rule ID Link to better work with the new OSSEC documentation wiki
- Added “user” field to alert output

- Widened the layout by a few pixels (to 1000px) and changed the CSS 
/alert layout to make the individual alerts better readable

- Moved some of the hardcoded formatting to CSS

Ryan


On 6/23/2012 9:56 AM, Mike Disley wrote:

Ryan,
You are awesome.  Those of us using this "dead" and "junk" tool will be most 
appreciative.

Cheers,
Mike



-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Ryan Schulze
Sent: Friday, June 22, 2012 8:01 PM
To: [email protected]
Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui

On 6/21/2012 2:47 PM, dan (ddp) wrote:

I prefer a fix or solution. I'm not a developer and not intended to
be...


Hire someone who knows PHP.

WUI is junk. No one seems to be able to get it working properly.



Aww WUI isn't that bad, considering the poor thing has to parse logfiles I find 
it does a pretty good job. Since OSSEC supports writing alerts to a database, 
recoding WUI to (optionally) use the database backend for pulling the alert 
data would be cool (any motivated PHP programmers out there / on the list 
willing to do it?).

As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be that in 2.6 the lines 
"Src IP:" and "User:" are optional in the alert logs (depending on if they have 
values or not). Should be easy enough to fix, and by the end of the weekend I should have enough 
test data to see if my little hotfix works or breaks.

Will keep the thread updated with my progress :-)



































					Reply via email to