On Sun, Jun 24, 2012 at 3:16 PM, [email protected] <[email protected]> wrote: > Ryan, > > Thank you for taking the time to address this! We rely on WUI, and don't want > to add DB in order to get a GUI view of the data, so thanks again. >
You rely on it, but couldn't be bothered to spend the short amount of time it would take to fix this issue? > Scott Klauminzer > Director of Information Technology & Security > > Sent from my iPad > > On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: > >> >> Ok, finished playing around with the code and testing it with my logs and it >> should now work with OSSEC 2.6 again. If anyone runs into problems with the >> patch just poke me and I'll see if I can help out. >> >> Below are links to a patchfile and a tar.gz with the changed files. The >> important changes are in lib/os_lib_alerts.php the other files are more or >> less just cosmetic changes making the alerts a bit easier to read, and >> previous fixes already posted on this list. >> >> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch >> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz >> >> List of all changes ( http://www.dopefish.de/archives/1154 ) >> - Works with the OSSEC 2.6 alert log file format >> - Changed Rule ID Link to better work with the new OSSEC documentation wiki >> - Added “user” field to alert output >> - Widened the layout by a few pixels (to 1000px) and changed the CSS /alert >> layout to make the individual alerts better readable >> - Moved some of the hardcoded formatting to CSS >> >> Ryan >> >> >> On 6/23/2012 9:56 AM, Mike Disley wrote: >>> Ryan, >>> You are awesome. Those of us using this "dead" and "junk" tool will be >>> most appreciative. >>> >>> Cheers, >>> Mike >>> >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Ryan Schulze >>> Sent: Friday, June 22, 2012 8:01 PM >>> To: [email protected] >>> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >>> >>> On 6/21/2012 2:47 PM, dan (ddp) wrote: >>>>> I prefer a fix or solution. I'm not a developer and not intended to >>>>> be... >>>>> >>>> Hire someone who knows PHP. >>>> >>>> WUI is junk. No one seems to be able to get it working properly. >>>> >>>> >>> Aww WUI isn't that bad, considering the poor thing has to parse logfiles I >>> find it does a pretty good job. Since OSSEC supports writing alerts to a >>> database, recoding WUI to (optionally) use the database backend for pulling >>> the alert data would be cool (any motivated PHP programmers out there / on >>> the list willing to do it?). >>> >>> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be >>> that in 2.6 the lines "Src IP:" and "User:" are optional in the alert logs >>> (depending on if they have values or not). Should be easy enough to fix, >>> and by the end of the weekend I should have enough test data to see if my >>> little hotfix works or breaks. >>> >>> Will keep the thread updated with my progress :-) >>> >>> >>> >>> >>
