Ryan, Thank you for taking the time to address this! We rely on WUI, and don't want to add DB in order to get a GUI view of the data, so thanks again.
Scott Klauminzer Director of Information Technology & Security Sent from my iPad On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: > > Ok, finished playing around with the code and testing it with my logs and it > should now work with OSSEC 2.6 again. If anyone runs into problems with the > patch just poke me and I'll see if I can help out. > > Below are links to a patchfile and a tar.gz with the changed files. The > important changes are in lib/os_lib_alerts.php the other files are more or > less just cosmetic changes making the alerts a bit easier to read, and > previous fixes already posted on this list. > > http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch > http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz > > List of all changes ( http://www.dopefish.de/archives/1154 ) > - Works with the OSSEC 2.6 alert log file format > - Changed Rule ID Link to better work with the new OSSEC documentation wiki > - Added “user” field to alert output > - Widened the layout by a few pixels (to 1000px) and changed the CSS /alert > layout to make the individual alerts better readable > - Moved some of the hardcoded formatting to CSS > > Ryan > > > On 6/23/2012 9:56 AM, Mike Disley wrote: >> Ryan, >> You are awesome. Those of us using this "dead" and "junk" tool will be most >> appreciative. >> >> Cheers, >> Mike >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Ryan Schulze >> Sent: Friday, June 22, 2012 8:01 PM >> To: [email protected] >> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >> >> On 6/21/2012 2:47 PM, dan (ddp) wrote: >>>> I prefer a fix or solution. I'm not a developer and not intended to >>>> be... >>>> >>> Hire someone who knows PHP. >>> >>> WUI is junk. No one seems to be able to get it working properly. >>> >>> >> Aww WUI isn't that bad, considering the poor thing has to parse logfiles I >> find it does a pretty good job. Since OSSEC supports writing alerts to a >> database, recoding WUI to (optionally) use the database backend for pulling >> the alert data would be cool (any motivated PHP programmers out there / on >> the list willing to do it?). >> >> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be >> that in 2.6 the lines "Src IP:" and "User:" are optional in the alert logs >> (depending on if they have values or not). Should be easy enough to fix, and >> by the end of the weekend I should have enough test data to see if my little >> hotfix works or breaks. >> >> Will keep the thread updated with my progress :-) >> >> >> >> >
