Hi People, I want to say Thanks!!!!!! to Ryan Who take the time to fix the WUI. Now it works so well. By the other side I think the WUI is the official tool from OSSEC to view the logs so I don't understand why should I need to look for other apps to do the job of the WUI. In the meanwhile I suggest you (Dan) to publish the WUI with the changes made by Ryan, me and other users are going to be very grateful. Once again Thak you very much...
El martes, 26 de junio de 2012 09:37:03 UTC-4:30, Sasse, Fred (DNR) escribió: > Thank you Dan. > > I sure hope the WUI is not a show stopper for most of the people > interested in OSSEC HIDS. > With the other options for a browser front end there should be no reason > to complain. > FYI with the Splunk free edition and Splunk app you can continue to use > both Splunk and the OSSEC WUI. > I will explore the other browser front ends also. > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Monday, June 25, 2012 1:01 PM > To: [email protected] > Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui > > On Mon, Jun 25, 2012 at 12:14 PM, Sasse, Fred (DNR) < > [email protected]> wrote: > > Hello everyone, what is the most popular tool to view the OSSEC logs in > a browser, if not the WUI? > > What are the best alternatives while the community works on the WUI? > > Thanks ! > > > > There are some great alternatives out there. Some free, some less free. > The ones I'm listing are good enough that I think wasting resources on the > WUI would be a super silly thing to do. > > I like logstash and graylog2. They're great projects, pretty easy to > setup, quick, and easy to learn. > Others like ELSA. There's a small amount of OSSEC related traffic on their > mailing list. I think the project is neat, but haven't tried it. > Splunk is still available, and still a great product. The free version may > or may not fit your needs. > Octopussy is one I keep meaning to try, but haven't gotten around to yet. > I think its use of perl would fit in with my grumpiness. > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > On Behalf Of dan (ddp) > > Sent: Monday, June 25, 2012 10:05 AM > > To: [email protected] > > Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui > > > > On Mon, Jun 25, 2012 at 10:57 AM, [email protected] < > [email protected]> wrote: > >> Dan, > >> > >> It provides a service, even if the display was not as effective as it > could be. I know my environment well enough to glean the valuable info from > WUI. With a cleaner interface, others in my organization will be able to > leverage this as well. > >> > >> I understand your feeling that all should help the cause, and agree. > This issue was obviously a higher priority for Ryan, and I thank him for > working on it. > >> > > > > Yes, I feel that everyone should contribute. But more importantly I feel > that if your business relies on a piece of software, taking care of that > software is important. Even if you're not sharing, it's hard to believe > that you'd put up with a broken tool without devoting a little time to fix > it. > > > >> You could do the same. > >> > > > > I could, but I won't. I think the WUI is currently so bad that > encouraging its use does more harm than good. There are good alternatives > for viewing logs, why would I thank someone for pushing a bad one? > > > >> Scott Klauminzer > >> Director of Information Technology & Security > >> > >> Sent from my iPad > >> > >> On Jun 25, 2012, at 7:11 AM, "dan (ddp)" <[email protected]> wrote: > >> > >>> On Sun, Jun 24, 2012 at 3:16 PM, [email protected] > >>> <[email protected]> wrote: > >>>> Ryan, > >>>> > >>>> Thank you for taking the time to address this! We rely on WUI, and > don't want to add DB in order to get a GUI view of the data, so thanks > again. > >>>> > >>> > >>> You rely on it, but couldn't be bothered to spend the short amount > >>> of time it would take to fix this issue? > >>> > >>>> Scott Klauminzer > >>>> Director of Information Technology & Security > >>>> > >>>> Sent from my iPad > >>>> > >>>> On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: > >>>> > >>>>> > >>>>> Ok, finished playing around with the code and testing it with my > logs and it should now work with OSSEC 2.6 again. If anyone runs into > problems with the patch just poke me and I'll see if I can help out. > >>>>> > >>>>> Below are links to a patchfile and a tar.gz with the changed files. > The important changes are in lib/os_lib_alerts.php the other files are more > or less just cosmetic changes making the alerts a bit easier to read, and > previous fixes already posted on this list. > >>>>> > >>>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch > >>>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.t > >>>>> g > >>>>> z > >>>>> > >>>>> List of all changes ( http://www.dopefish.de/archives/1154 ) > >>>>> - Works with the OSSEC 2.6 alert log file format > >>>>> - Changed Rule ID Link to better work with the new OSSEC > >>>>> documentation wiki > >>>>> - Added "user" field to alert output > >>>>> - Widened the layout by a few pixels (to 1000px) and changed the > >>>>> CSS /alert layout to make the individual alerts better readable > >>>>> - Moved some of the hardcoded formatting to CSS > >>>>> > >>>>> Ryan > >>>>> > >>>>> > >>>>> On 6/23/2012 9:56 AM, Mike Disley wrote: > >>>>>> Ryan, > >>>>>> You are awesome. Those of us using this "dead" and "junk" tool > will be most appreciative. > >>>>>> > >>>>>> Cheers, > >>>>>> Mike > >>>>>> > >>>>>> > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: [email protected] > >>>>>> [mailto:[email protected]] On Behalf Of Ryan Schulze > >>>>>> Sent: Friday, June 22, 2012 8:01 PM > >>>>>> To: [email protected] > >>>>>> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC > >>>>>> Wui > >>>>>> > >>>>>> On 6/21/2012 2:47 PM, dan (ddp) wrote: > >>>>>>>> I prefer a fix or solution. I'm not a developer and not > >>>>>>>> intended to be... > >>>>>>>> > >>>>>>> Hire someone who knows PHP. > >>>>>>> > >>>>>>> WUI is junk. No one seems to be able to get it working properly. > >>>>>>> > >>>>>>> > >>>>>> Aww WUI isn't that bad, considering the poor thing has to parse > logfiles I find it does a pretty good job. Since OSSEC supports writing > alerts to a database, recoding WUI to (optionally) use the database backend > for pulling the alert data would be cool (any motivated PHP programmers out > there / on the list willing to do it?). > >>>>>> > >>>>>> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems > to be that in 2.6 the lines "Src IP:" and "User:" are optional in the alert > logs (depending on if they have values or not). Should be easy enough to > fix, and by the end of the weekend I should have enough test data to see if > my little hotfix works or breaks. > >>>>>> > >>>>>> Will keep the thread updated with my progress :-) > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > > > > > > >
