On Mon, Jun 25, 2012 at 10:57 AM, [email protected] <[email protected]> wrote: > Dan, > > It provides a service, even if the display was not as effective as it could > be. I know my environment well enough to glean the valuable info from WUI. > With a cleaner interface, others in my organization will be able to leverage > this as well. > > I understand your feeling that all should help the cause, and agree. This > issue was obviously a higher priority for Ryan, and I thank him for working > on it. >
Yes, I feel that everyone should contribute. But more importantly I feel that if your business relies on a piece of software, taking care of that software is important. Even if you're not sharing, it's hard to believe that you'd put up with a broken tool without devoting a little time to fix it. > You could do the same. > I could, but I won't. I think the WUI is currently so bad that encouraging its use does more harm than good. There are good alternatives for viewing logs, why would I thank someone for pushing a bad one? > Scott Klauminzer > Director of Information Technology & Security > > Sent from my iPad > > On Jun 25, 2012, at 7:11 AM, "dan (ddp)" <[email protected]> wrote: > >> On Sun, Jun 24, 2012 at 3:16 PM, [email protected] >> <[email protected]> wrote: >>> Ryan, >>> >>> Thank you for taking the time to address this! We rely on WUI, and don't >>> want to add DB in order to get a GUI view of the data, so thanks again. >>> >> >> You rely on it, but couldn't be bothered to spend the short amount of >> time it would take to fix this issue? >> >>> Scott Klauminzer >>> Director of Information Technology & Security >>> >>> Sent from my iPad >>> >>> On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: >>> >>>> >>>> Ok, finished playing around with the code and testing it with my logs and >>>> it should now work with OSSEC 2.6 again. If anyone runs into problems with >>>> the patch just poke me and I'll see if I can help out. >>>> >>>> Below are links to a patchfile and a tar.gz with the changed files. The >>>> important changes are in lib/os_lib_alerts.php the other files are more or >>>> less just cosmetic changes making the alerts a bit easier to read, and >>>> previous fixes already posted on this list. >>>> >>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch >>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz >>>> >>>> List of all changes ( http://www.dopefish.de/archives/1154 ) >>>> - Works with the OSSEC 2.6 alert log file format >>>> - Changed Rule ID Link to better work with the new OSSEC documentation wiki >>>> - Added “user” field to alert output >>>> - Widened the layout by a few pixels (to 1000px) and changed the CSS >>>> /alert layout to make the individual alerts better readable >>>> - Moved some of the hardcoded formatting to CSS >>>> >>>> Ryan >>>> >>>> >>>> On 6/23/2012 9:56 AM, Mike Disley wrote: >>>>> Ryan, >>>>> You are awesome. Those of us using this "dead" and "junk" tool will be >>>>> most appreciative. >>>>> >>>>> Cheers, >>>>> Mike >>>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] [mailto:[email protected]] On >>>>> Behalf Of Ryan Schulze >>>>> Sent: Friday, June 22, 2012 8:01 PM >>>>> To: [email protected] >>>>> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >>>>> >>>>> On 6/21/2012 2:47 PM, dan (ddp) wrote: >>>>>>> I prefer a fix or solution. I'm not a developer and not intended to >>>>>>> be... >>>>>>> >>>>>> Hire someone who knows PHP. >>>>>> >>>>>> WUI is junk. No one seems to be able to get it working properly. >>>>>> >>>>>> >>>>> Aww WUI isn't that bad, considering the poor thing has to parse logfiles >>>>> I find it does a pretty good job. Since OSSEC supports writing alerts to >>>>> a database, recoding WUI to (optionally) use the database backend for >>>>> pulling the alert data would be cool (any motivated PHP programmers out >>>>> there / on the list willing to do it?). >>>>> >>>>> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems to be >>>>> that in 2.6 the lines "Src IP:" and "User:" are optional in the alert >>>>> logs (depending on if they have values or not). Should be easy enough to >>>>> fix, and by the end of the weekend I should have enough test data to see >>>>> if my little hotfix works or breaks. >>>>> >>>>> Will keep the thread updated with my progress :-) >>>>> >>>>> >>>>> >>>>> >>>>
