Hi, All! Not sure if this interests you, but I develop SIEM for OSSEC and Snort based on Elasticsearch, Kibana and Logstash. Kibana provides very nice modern web-ui. If you have any questions feel free to ask me here in github project.
https://github.com/dsvetlov/lightsiem пт, 12 июня 2015 г. в 19:17, Robert Micallef <[email protected]>: > Hi Andy, > > Not sure if this interests you but just so you know Analogi also works > perfectly with OSSEC v2.8.1. > > Once again thanks for providing such a nice interface. Helps a lot. > > Thanks, > Robert > > On 31 January 2013 at 15:48, Robert Micallef <[email protected]> wrote: > >> Hi Andy, >> >> It could have been permissions. Actually, it probably was permissions. I >> think you are right and when I copied from the old server it inherited the >> same permissions of the server. As I said it is working now, so I can't >> take a screenshot. I remember messing with permissions on our test server >> but didn't check the permissions for the production server since copying >> everything worked. >> >> About the time, thanks for that. I see you even left templates yourself >> :). So far everything works well. Thank you very much. >> >> Robert >> >> >> On 30 January 2013 18:04, Andy <[email protected]> wrote: >> >>> Hi Robert, >>> >>> I would need to see a picture of what is on screen to advise >>> (permissions, and absolute file paths come to mind). If anyone sees this >>> again, screen shot (including full URL) would help, and also consider >>> checking the apache logs, and the browser debugger (Firefox is >>> ctrl+shift+j). I would need this to have a think. >>> >>> The graphs should always display. If there is no data matching your >>> query then the graph should be empty. The latest version of AnaLogi has >>> some functionality on the main page to check for database connectivity, >>> database structure, whether the database is populated etc.. .so if you >>> didn't see these errors I would imagine the problem was to do with the >>> javascript graphing functionality (and not OSSEC/database/data). >>> >>> Ah, AM/PM, something I somehow missed. If you look in config.php you >>> will see a variable $glb_detailtimestamp, this uses the PHP date format, >>> you can change this config variable and the date format on all/most pages >>> should update for you. >>> For syntax look at #Example 4 on: >>> http://php.net/manual/en/function.date.php >>> >>> I planned for this knowing different cultures would prefer different >>> formats :) >>> >>> Andy >>> >>> >>> >>> On Tuesday, January 29, 2013 2:29:13 PM UTC, Robert Micallef wrote: >>> >>>> Hi Andy, >>>> >>>> Just FYI I replaced the files for the GUI with the ones we were using >>>> in the old server and now everything works. I don't know why it didn't work >>>> with the files downloaded from github. Anyway it is working well now. >>>> Thanks for your work. >>>> >>>> Robert >>>> >>>> On Tuesday, January 29, 2013 12:01:23 PM UTC+1, Robert Micallef wrote: >>>>> >>>>> Dear Andy, >>>>> >>>>> I installed the GUI on the actual logging server a few days ago. The >>>>> ossec installation was also performed on that same day. The graphs are not >>>>> appearing. Do you know of any particular dependencies I might have not >>>>> installed on the new server? I installed apache with php. The GUI loads >>>>> but >>>>> the graphs do not. I thought that maybe there needs to be a few days of >>>>> data in the database before the graphs get generated but it has been 3 >>>>> days >>>>> now. >>>>> >>>>> I also noticed that when going to detail.php, the alerts' timestamps >>>>> are not in 24HR format and nor are they followed with AM or PM. It doesn't >>>>> really make a difference, but I thought you'd want to know about it. >>>>> >>>>> Thanks a lot. >>>>> >>>>> Robert >>>>> >>>>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
