Am Mittwoch, 15. Juli 2015 19:49:18 UTC+2 schrieb dan (ddpbsd): > > > On Jul 15, 2015 1:44 PM, "theresa mic-snare" <[email protected] > <javascript:>> wrote: > > > > oh yeah, there are tons of messages like this in the apache error log > > > > PHP Warning: > fopen(./tmp/output-tmp.1-57-8cd5679a49c37a4583dfa34473436ab4.php): failed > to open stream: No such file or directory in > /var/www/html/ossec-wui/lib/os_lib_alerts.php on line 39 > > > > So make sure that temp file isn't getting created. What are the > owner/group and perma of the tmp dir? >
hmm there's no tmp dir in /var/www/html/ossec-wui the owner/group and perma of the /var/ossec/tmp dir however are: root:apache and 770 > > @dan: what do you use instead? logstash and kibana? > > > > I don't use anything currently, but the elk stack has worked fine for me > in the past. Graylog2 was also decent. Splunk was ok except for the > 500mb/day limit on the free version. > > > Am Mittwoch, 15. Juli 2015 19:07:32 UTC+2 schrieb dan (ddpbsd): > >> > >> > >> On Jul 9, 2015 5:36 PM, "theresa mic-snare" <[email protected]> > wrote: > >> > > >> > hi all, > >> > > >> > yes, it's me again ;) > >> > > >> > i've cloned the ossec-wui from github.com > >> > and wanted to search my alerts. > >> > > >> > in the time frame i put from yesterday (e.g 2017-07-08) and till now > >> > Minimum Level: all > >> > SrcIP: a specific IP that I got through the notification emails (and > that I can also find in the alerts.log) > >> > other than that everything is default. > >> > > >> > at the bottom of the page it says: > >> > Total alerts found: 3339 > >> > Output divided in 4 pages. > >> > > >> > and > >> > Page 1 (338 alerts) > >> > Nothing returned (or search expired). > >> > > >> > which is crazy, because there was only 1 alert from this specific IP. > >> > > >> > also no alert is actually showing up, unlike in the alerts.log or in > the email notification. > >> > > >> > what i'm doing wrong here? > >> > > >> > I could also attach a screenshot if need be.... > >> > > >> > >> Are there any related log messages in the webserver's log files? I > don't use the wui (it's currently a dead project), but I kinda remember it > logging when things went wrong. > >> > >> > thanks theresa > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
