On Sun, Aug 9, 2015 at 12:29 PM, theresa mic-snare
rockprinz...@gmail.com wrote:
such a shame that WUI is no longer supported/developed.
i understand that they rather focus on improving OSSEC than work on a web
tool that displays the alerts.
i understand that ELK (especially logstash and
Hello, Daniel!
You can also try LightSIEM: https://github.com/dsvetlov/lightsiem
It's free and open source project based on ELK stack. It allows search in
alerts and logs and create visualizations based on received alerts.
If you are familiar with ELK stack, it will be very easy for you to
such a shame that WUI is no longer supported/developed.
i understand that they rather focus on improving OSSEC than work on a web
tool that displays the alerts.
i understand that ELK (especially logstash and kibana) do the job nicely...
but WUI was the perfect pick for my thesis project (test
I'm using OSSEC Server Virtual Appliance 2.8.2 and last night I configured
a few domain controllers to send it their logs. When I came in today, the
WUI is displaying an error of:
Warning: fopen(/var/ossec/logs/alerts/alerts.log): failed to open stream:
Value too large for defined data type
Well, you need to give correct permissions to apache as wui is running
under apache uid..
Eeeo
8.8.2015 8.27 ip. Daniel Twardowski noghrisli...@gmail.com kirjoitti:
I'm using OSSEC Server Virtual Appliance 2.8.2 and last night I configured
a few domain controllers to send it their logs. When
Thanks for the quick response.
I chown'ed alerts.log from ossec.ossec to ossec.apache and still got the
error.
I then chmod'ed alerts.log from 640 to 666 and still got the error.
Alerts.log is still growing, though. Up to 4.2G.
On Saturday, August 8, 2015 at 3:29:32 PM UTC-4, Eero Volotinen
Well,
Check memory_limit on php also.
Ossec wui is no longer supported. You should use kibana+elastic search
instead of it.
Eero
Eero
Thanks for the quick response.
I chown'ed alerts.log from ossec.ossec to ossec.apache and still got the
error.
I then chmod'ed alerts.log from 640 to 666 and
Interesting that ossec-wui isn't supported. I downloaded the appliance
right from ossec.net and was following the instructions.
Went through my running processes and checked out their configs... sure
enough, kibana is also included.
Opened up a browser to localhost:5601 and Kibana is still
