Dan, It provides a service, even if the display was not as effective as it could be. I know my environment well enough to glean the valuable info from WUI. With a cleaner interface, others in my organization will be able to leverage this as well.
I understand your feeling that all should help the cause, and agree. This issue was obviously a higher priority for Ryan, and I thank him for working on it. You could do the same. Scott Klauminzer Director of Information Technology & Security Sent from my iPad On Jun 25, 2012, at 7:11 AM, "dan (ddp)" <[email protected]> wrote: > On Sun, Jun 24, 2012 at 3:16 PM, [email protected] > <[email protected]> wrote: >> Ryan, >> >> Thank you for taking the time to address this! We rely on WUI, and don't >> want to add DB in order to get a GUI view of the data, so thanks again. >> > > You rely on it, but couldn't be bothered to spend the short amount of > time it would take to fix this issue? > >> Scott Klauminzer >> Director of Information Technology & Security >> >> Sent from my iPad >> >> On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: >> >>> >>> Ok, finished playing around with the code and testing it with my logs and >>> it should now work with OSSEC 2.6 again. If anyone runs into problems with >>> the patch just poke me and I'll see if I can help out. >>> >>> Below are links to a patchfile and a tar.gz with the changed files. The >>> important changes are in lib/os_lib_alerts.php the other files are more or >>> less just cosmetic changes making the alerts a bit easier to read, and >>> previous fixes already posted on this list. >>> >>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch >>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz >>> >>> List of all changes ( http://www.dopefish.de/archives/1154 ) >>> - Works with the OSSEC 2.6 alert log file format >>> - Changed Rule ID Link to better work with the new OSSEC documentation wiki >>> - Added “user” field to alert output >>> - Widened the layout by a few pixels (to 1000px) and changed the CSS /alert >>> layout to make the individual alerts better readable >>> - Moved some of the hardcoded formatting to CSS >>> >>> Ryan >>> >>> >>> On 6/23/2012 9:56 AM, Mike Disley wrote: >>>> Ryan, >>>> You are awesome. Those of us using this "dead" and "junk" tool will be >>>> most appreciative. >>>> >>>> Cheers, >>>> Mike >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:[email protected]] On >>>> Behalf Of Ryan Schulze >>>> Sent: Friday, June 22, 2012 8:01 PM >>>> To: [email protected] >>>> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >>>> >>>> On 6/21/2012 2:47 PM, dan (ddp) wrote: >>>>>> I prefer a fix or solution. I'm not a developer and not intended to >>>>>> be... >>>>>> >>>>> Hire someone who knows PHP. >>>>> >>>>> WUI is junk. No one seems to be able to get it working properly. >>>>> >>>>> >>>> Aww WUI isn't that bad, considering the poor thing has to parse logfiles I >>>> find it does a pretty good job. Since OSSEC supports writing alerts to a >>>> database, recoding WUI to (optionally) use the database backend for >>>> pulling the alert data would be cool (any motivated PHP programmers out >>>> there / on the list willing to do it?). >>>> >>>> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be >>>> that in 2.6 the lines "Src IP:" and "User:" are optional in the alert logs >>>> (depending on if they have values or not). Should be easy enough to fix, >>>> and by the end of the weekend I should have enough test data to see if my >>>> little hotfix works or breaks. >>>> >>>> Will keep the thread updated with my progress :-) >>>> >>>> >>>> >>>> >>>
