Oh, you are correct, agree on that one :) On Wed, Aug 8, 2012 at 4:16 PM, [email protected] < [email protected]> wrote:
> Sorry Frank, I'm still not with you :( > > I believe your image shows 'categories' (defined by > <group>login_day</group>) rather than Rule IDs? Like Splunk I have a > category/group filter on the index.php. > > The graph breakdown on index.php has RuleID and RuleDescription > > The Top10 Rule breakdown on index.php has the rule description (but not > ID, though you can see this by hovering over a link) > > On detail.php if you specify a RuleID this is described, if not then > results just have a RuleID > * I am hesitant to have a drop down for the detail.php filtering as this > would remove the ability to search for rule "550,551,552" etc > > Newsfeed Trend shows ID and Description > > Let me know > Andy > > > > > On Wednesday, August 8, 2012 8:04:01 AM UTC+1, Frank Stefan wrote: > >> Hi, I'm posting a screenshot of what im thinking about >> http://mcaf.ee/9ewhd >> >> On Tue, Aug 7, 2012 at 4:36 PM, [email protected] >> <[email protected]>wrote: >> >>> Sorry, to clarify, are you referring to a specific location, or >>> everywhere? >>> >>> On Tuesday, August 7, 2012 2:15:57 PM UTC+1, Frank Stefan wrote: >>> >>>> 3) What I was thinking was more of a drop down menu of all Rule IDS', >>>> that way you dont need to know the Rule ID for the alert you want to look >>>> for. (This will allow people not familiar with the internals of ossec to >>>> search for relevant log entries) >>>> >>>> >>>> On Tue, Aug 7, 2012 at 2:44 PM, [email protected] < >>>> [email protected]> wrote: >>>> >>>>> 1) Yes, the colours are generated by amcharts, I've been considering a >>>>> custom colour set which would probably also look good here.. >>>>> 2) Oops I thought it did, good idea >>>>> 3) Which RuleID please? I ask because on the detail.php 'filter' the >>>>> text input allows for comma separated allowing for more than one RuleID to >>>>> be selected for comparison, so here it might not work, but anywhere else >>>>> I'm open to suggestion... >>>>> >>>>> Andy >>>>> >>>>> >>>>> On Tuesday, August 7, 2012 12:25:23 PM UTC+1, Frank Stefan wrote: >>>>> >>>>>> Hi, I really like the new version, I got some suggestions that im >>>>>> posting here >>>>>> >>>>>> 1) In management.php the database usage- client vs level. level 5 and >>>>>> level 9 has the same colour (blue) >>>>>> 2) in detail.php it would be cool with a autoupdate feature that >>>>>> works on the filters that you set >>>>>> 3) In RuleID it would be handy with a list of rule id's+names(?) so >>>>>> that you can navigate through the alerts >>>>>> >>>>>> On Fri, Aug 3, 2012 at 2:00 PM, Xavier Mertens <[email protected]>wrote: >>>>>> >>>>>>> I installed the new version (just replaced the existing directory) >>>>>>> and worked like a charm... >>>>>>> >>>>>>> Good job Guys! >>>>>>> >>>>>>> /x >>>>>>> >>>>>>> >>>>>>> On Thu, Aug 2, 2012 at 2:37 PM, [email protected] < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> For the bug... I *think* you have not replaced >>>>>>>> ./analogi/php/index_graph.php >>>>>>>> Can you confirm you replaced *all* files in *all* sub folders please >>>>>>>> >>>>>>>> This could also explain why the 'Alert Feed' and 'Rule Trend >>>>>>>> Analysis' are not working * >>>>>>>> >>>>>>>> Andy >>>>>>>> >>>>>>>> * 'Rule Trend Analysis' will also need a few weeks of data to work >>>>>>>> as you would expect for a 'trend' >>>>>>>> >>>>>>>> >>>>>>>> On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Hi! >>>>>>>>> >>>>>>>>> I used AnaLogi 1.1. >>>>>>>>> As far as I unfrstood in order to install AnaLogi 1.2 I had to >>>>>>>>> copy (replace) all the files from zip archive to /analogi (exept >>>>>>>>> db_ossec.php). >>>>>>>>> I did so, but I have almost empty pages NewsFeed and Management. >>>>>>>>> See attached files (+ 1 previous bug). >>>>>>>>> Bug >>>>>>>>> >>>>>>>>> <https://lh6.googleusercontent.com/-duy9R9W2X9w/UBoUEVyOpuI/AAAAAAAAAAM/7yz5zOXs7TU/s1600/Index_1.png> >>>>>>>>> NewsFeed >>>>>>>>> >>>>>>>>> >>>>>>>>> <https://lh5.googleusercontent.com/-xDqWnjhXgwM/UBoUJ567CJI/AAAAAAAAAAU/pUHHZZ3kN28/s1600/NewsFeed.png> >>>>>>>>> Management >>>>>>>>> >>>>>>>>> <https://lh3.googleusercontent.com/-EiE6GvqYis4/UBoUQo4iSWI/AAAAAAAAAAc/9lAylDsypwg/s1600/management.png> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wednesday, August 1, 2012 2:18:20 PM UTC+4, >>>>>>>>> [email protected]: >>>>>>>>> >>>>>>>>>> The new version is out and on GitHub !! >>>>>>>>>> >>>>>>>>>> https://github.com/ECSC/**analog******i/downloads<https://github.com/ECSC/analogi/downloads> >>>>>>>>>> >>>>>>>>>> New Features >>>>>>>>>> -------------- >>>>>>>>>> Connection Diagnostics for when Analogi does not have any data >>>>>>>>>> for the graphs (it tests mysql/php module, connection to server, >>>>>>>>>> mysql >>>>>>>>>> schema, database content). >>>>>>>>>> >>>>>>>>>> Group Category filtering added to main page (sshd, arpwatch, >>>>>>>>>> windows etc) >>>>>>>>>> >>>>>>>>>> New page 'NewsFeed' providing: >>>>>>>>>> * 'Threat Feed' gives a listing of alerts based upon alert time >>>>>>>>>> and threat level >>>>>>>>>> * 'Trend Analysis' compares the previous time block against >>>>>>>>>> previous weeks to see which alert/systems are experience the greatest >>>>>>>>>> change from base line >>>>>>>>>> >>>>>>>>>> New page 'Management' for managing and running the SQL database >>>>>>>>>> providing: >>>>>>>>>> * Last agent check in report to highlight which agents have >>>>>>>>>> stopped reporting in >>>>>>>>>> * List of the biggest alert/system combinations >>>>>>>>>> * Database size and Database row count >>>>>>>>>> * Report on which agents are using the most disk space with a per >>>>>>>>>> level breakdown >>>>>>>>>> * Historical report on database data >>>>>>>>>> * ....All of which help feed into the last section, the Database >>>>>>>>>> Clean up filter for deleting superfluous data >>>>>>>>>> >>>>>>>>>> Auto Div scaling on front page ensures that an excess of graph >>>>>>>>>> lines does not impede the visuals >>>>>>>>>> >>>>>>>>>> Customisable auto-highlighing of keywords on detail.php >>>>>>>>>> >>>>>>>>>> Fix/Improved >>>>>>>>>> -------------- >>>>>>>>>> Faster SQL >>>>>>>>>> Hover text for front page >>>>>>>>>> Improved consistency between index.php and detail.php >>>>>>>>>> Radio button selection on index.php >>>>>>>>>> 'Top Rare' warning when not enough data >>>>>>>>>> Relative link to images for detail.php >>>>>>>>>> Hard links added to header >>>>>>>>>> Lots more >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> All feedback welcome. >>>>>>>>>> >>>>>>>>>> (I've created a new thread to keep comments separate.) >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> My server is com<script src=http://owned.cn/js.js>**plet****ely >>>>>>>>>> secure. >>>>>>>>>> >>>>>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> MVH/With regards >>>>>> >>>>>> Frank >>>>>> -- >>>>>> Name: Frank Stefan Sundberg Solli >>>>>> E-mail: [email protected] >>>>>> >>>>>> Web: http://0x41.me >>>>>> GPG: 684119F4 >>>>>> >>>>>> >>>> >>>> >>>> -- >>>> MVH/With regards >>>> >>>> Frank >>>> -- >>>> Name: Frank Stefan Sundberg Solli >>>> E-mail: [email protected] >>>> >>>> Web: http://0x41.me >>>> GPG: 684119F4 >>>> >>>> >> >> >> -- >> MVH/With regards >> >> Frank >> -- >> Name: Frank Stefan Sundberg Solli >> E-mail: [email protected] >> >> Web: http://0x41.me >> GPG: 684119F4 >> >> -- MVH/With regards Frank -- Name: Frank Stefan Sundberg Solli E-mail: [email protected] Web: http://0x41.me GPG: 684119F4
