On Tue, Jun 26, 2012 at 12:36 PM, Dayco Telecom <[email protected]> wrote: > Hi People, I want to say Thanks!!!!!! to Ryan Who take the time to fix the > WUI. Now it works so well. By the other side I think the WUI is the official > tool from OSSEC to view the logs so I don't understand why should I need to > look for other apps to do the job of the WUI.
Is it? That's news to me. > In the meanwhile I suggest you (Dan) to publish the WUI with the changes > made by Ryan, me and other users are going to be very grateful. Once again > Thak you very much... > lol. I'll get right on that sir. Any other action items while I have my todo list out? > El martes, 26 de junio de 2012 09:37:03 UTC-4:30, Sasse, Fred (DNR) > escribió: >> >> Thank you Dan. >> >> I sure hope the WUI is not a show stopper for most of the people >> interested in OSSEC HIDS. >> With the other options for a browser front end there should be no reason >> to complain. >> FYI with the Splunk free edition and Splunk app you can continue to use >> both Splunk and the OSSEC WUI. >> I will explore the other browser front ends also. >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of dan (ddp) >> Sent: Monday, June 25, 2012 1:01 PM >> To: [email protected] >> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >> >> On Mon, Jun 25, 2012 at 12:14 PM, Sasse, Fred (DNR) >> <[email protected]> wrote: >> > Hello everyone, what is the most popular tool to view the OSSEC logs in >> > a browser, if not the WUI? >> > What are the best alternatives while the community works on the WUI? >> > Thanks ! >> > >> >> There are some great alternatives out there. Some free, some less free. >> The ones I'm listing are good enough that I think wasting resources on the >> WUI would be a super silly thing to do. >> >> I like logstash and graylog2. They're great projects, pretty easy to >> setup, quick, and easy to learn. >> Others like ELSA. There's a small amount of OSSEC related traffic on their >> mailing list. I think the project is neat, but haven't tried it. >> Splunk is still available, and still a great product. The free version may >> or may not fit your needs. >> Octopussy is one I keep meaning to try, but haven't gotten around to yet. >> I think its use of perl would fit in with my grumpiness. >> >> > -----Original Message----- >> > From: [email protected] [mailto:[email protected]] >> > On Behalf Of dan (ddp) >> > Sent: Monday, June 25, 2012 10:05 AM >> > To: [email protected] >> > Subject: Re: [ossec-list] Re: Error in message formating on OSSEC Wui >> > >> > On Mon, Jun 25, 2012 at 10:57 AM, [email protected] >> > <[email protected]> wrote: >> >> Dan, >> >> >> >> It provides a service, even if the display was not as effective as it >> >> could be. I know my environment well enough to glean the valuable info >> >> from >> >> WUI. With a cleaner interface, others in my organization will be able to >> >> leverage this as well. >> >> >> >> I understand your feeling that all should help the cause, and agree. >> >> This issue was obviously a higher priority for Ryan, and I thank him for >> >> working on it. >> >> >> > >> > Yes, I feel that everyone should contribute. But more importantly I feel >> > that if your business relies on a piece of software, taking care of that >> > software is important. Even if you're not sharing, it's hard to believe >> > that >> > you'd put up with a broken tool without devoting a little time to fix it. >> > >> >> You could do the same. >> >> >> > >> > I could, but I won't. I think the WUI is currently so bad that >> > encouraging its use does more harm than good. There are good alternatives >> > for viewing logs, why would I thank someone for pushing a bad one? >> > >> >> Scott Klauminzer >> >> Director of Information Technology & Security >> >> >> >> Sent from my iPad >> >> >> >> On Jun 25, 2012, at 7:11 AM, "dan (ddp)" <[email protected]> wrote: >> >> >> >>> On Sun, Jun 24, 2012 at 3:16 PM, [email protected] >> >>> <[email protected]> wrote: >> >>>> Ryan, >> >>>> >> >>>> Thank you for taking the time to address this! We rely on WUI, and >> >>>> don't want to add DB in order to get a GUI view of the data, so thanks >> >>>> again. >> >>>> >> >>> >> >>> You rely on it, but couldn't be bothered to spend the short amount >> >>> of time it would take to fix this issue? >> >>> >> >>>> Scott Klauminzer >> >>>> Director of Information Technology & Security >> >>>> >> >>>> Sent from my iPad >> >>>> >> >>>> On Jun 23, 2012, at 7:30 PM, Ryan Schulze <[email protected]> wrote: >> >>>> >> >>>>> >> >>>>> Ok, finished playing around with the code and testing it with my >> >>>>> logs and it should now work with OSSEC 2.6 again. If anyone runs into >> >>>>> problems with the patch just poke me and I'll see if I can help out. >> >>>>> >> >>>>> Below are links to a patchfile and a tar.gz with the changed files. >> >>>>> The important changes are in lib/os_lib_alerts.php the other files are >> >>>>> more >> >>>>> or less just cosmetic changes making the alerts a bit easier to read, >> >>>>> and >> >>>>> previous fixes already posted on this list. >> >>>>> >> >>>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch >> >>>>> http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.t >> >>>>> g >> >>>>> z >> >>>>> >> >>>>> List of all changes ( http://www.dopefish.de/archives/1154 ) >> >>>>> - Works with the OSSEC 2.6 alert log file format >> >>>>> - Changed Rule ID Link to better work with the new OSSEC >> >>>>> documentation wiki >> >>>>> - Added "user" field to alert output >> >>>>> - Widened the layout by a few pixels (to 1000px) and changed the >> >>>>> CSS /alert layout to make the individual alerts better readable >> >>>>> - Moved some of the hardcoded formatting to CSS >> >>>>> >> >>>>> Ryan >> >>>>> >> >>>>> >> >>>>> On 6/23/2012 9:56 AM, Mike Disley wrote: >> >>>>>> Ryan, >> >>>>>> You are awesome. Those of us using this "dead" and "junk" tool >> >>>>>> will be most appreciative. >> >>>>>> >> >>>>>> Cheers, >> >>>>>> Mike >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> -----Original Message----- >> >>>>>> From: [email protected] >> >>>>>> [mailto:[email protected]] On Behalf Of Ryan Schulze >> >>>>>> Sent: Friday, June 22, 2012 8:01 PM >> >>>>>> To: [email protected] >> >>>>>> Subject: Re: [ossec-list] Re: Error in message formating on OSSEC >> >>>>>> Wui >> >>>>>> >> >>>>>> On 6/21/2012 2:47 PM, dan (ddp) wrote: >> >>>>>>>> I prefer a fix or solution. I'm not a developer and not >> >>>>>>>> intended to be... >> >>>>>>>> >> >>>>>>> Hire someone who knows PHP. >> >>>>>>> >> >>>>>>> WUI is junk. No one seems to be able to get it working properly. >> >>>>>>> >> >>>>>>> >> >>>>>> Aww WUI isn't that bad, considering the poor thing has to parse >> >>>>>> logfiles I find it does a pretty good job. Since OSSEC supports >> >>>>>> writing >> >>>>>> alerts to a database, recoding WUI to (optionally) use the database >> >>>>>> backend >> >>>>>> for pulling the alert data would be cool (any motivated PHP >> >>>>>> programmers out >> >>>>>> there / on the list willing to do it?). >> >>>>>> >> >>>>>> As far as I can tell, the main problem with WUI and OSSEC 2.6 seems >> >>>>>> to be that in 2.6 the lines "Src IP:" and "User:" are optional in the >> >>>>>> alert >> >>>>>> logs (depending on if they have values or not). Should be easy enough >> >>>>>> to >> >>>>>> fix, and by the end of the weekend I should have enough test data to >> >>>>>> see if >> >>>>>> my little hotfix works or breaks. >> >>>>>> >> >>>>>> Will keep the thread updated with my progress :-) >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>> >> > >> > >> >> >
