Ryan, You are awesome. Those of us using this "dead" and "junk" tool will be most appreciative.
Cheers, Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Schulze Sent: Friday, June 22, 2012 8:01 PM To: [email protected] Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui On 6/21/2012 2:47 PM, dan (ddp) wrote: >> I prefer a fix or solution. I'm not a developer and not intended to >> be... >> > Hire someone who knows PHP. > > WUI is junk. No one seems to be able to get it working properly. > > Aww WUI isn't that bad, considering the poor thing has to parse logfiles I find it does a pretty good job. Since OSSEC supports writing alerts to a database, recoding WUI to (optionally) use the database backend for pulling the alert data would be cool (any motivated PHP programmers out there / on the list willing to do it?). As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be that in 2.6 the lines "Src IP:" and "User:" are optional in the alert logs (depending on if they have values or not). Should be easy enough to fix, and by the end of the weekend I should have enough test data to see if my little hotfix works or breaks. Will keep the thread updated with my progress :-)
