Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.3
Dear Andy, I installed the GUI on the actual logging server a few days ago. The ossec installation was also performed on that same day. The graphs are not appearing. Do you know of any particular dependencies I might have not installed on the new server? I installed apache with php. The GUI loads but the graphs do not. I thought that maybe there needs to be a few days of data in the database before the graphs get generated but it has been 3 days now. I also noticed that when going to detail.php, the alerts' timestamps are not in 24HR format and nor are they followed with AM or PM. It doesn't really make a difference, but I thought you'd want to know about it. Thanks a lot. Robert On Friday, January 18, 2013 2:46:44 PM UTC+1, Andy wrote: Thanks for the feedback! Andy On Thursday, January 17, 2013 1:43:24 PM UTC, Robert Micallef wrote: Hi Andy, I tested the GUI with wallboard mode on. It works as expected. I haven't been able to find any problems. Robert On Tuesday, January 8, 2013 1:30:01 PM UTC+1, Andy wrote: Depending on the config, when wallboard mode is enabled the page should auto rotate to the next page every x minutes. If not working things go horribly wrong, you should see straight away. Andy On Thursday, January 3, 2013 12:27:29 PM UTC, Robert Micallef wrote: Hi Andy. So far everything is ok. I don't use it much. I merely implemented it but so far it doesn't seem to be giving issues. I fixed the detail.php link. I will test with wallboard mode on and see if it gives problems. What should I look for? Thanks, Robert On 31 December 2012 15:46, Andy andym...@gmail.com wrote: Thanks Rob. Small fix that hasn't made it to the release yet: /php/newsfeed_trendip.php Near the bottom is a link to detail.php - remove the leading slash from this link Also the 'Wallboard mode' seems a bit cantankerous, can you let me know if it works for you please. Many Thanks Andy On Friday, December 28, 2012 1:11:47 PM UTC, Robert Micallef wrote: Dear Andy, I just tried this on our test installation for OSSEC 2,7. So far it is working very well. Thanks for your efforts. Regards, Robert On Wednesday, October 24, 2012 4:08:04 PM UTC+2, techs...@ecsc.co.ukwrote: Version 1.3 is now out https://github.com/ECSC/**analogi/downloadshttps://github.com/ECSC/analogi/downloads Lots more toys. I was hoping to have this out a few weeks ago, but things unfortunately got very busy so there was a delay, as such I've not had chance to test against OSSEC 2.7, however I couldn't see any database changes in the source code so I believe there should be no problems. All feedback/bugs welcome. Kind Regards Andy -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.3
Hi Andy, Just FYI I replaced the files for the GUI with the ones we were using in the old server and now everything works. I don't know why it didn't work with the files downloaded from github. Anyway it is working well now. Thanks for your work. Robert On Tuesday, January 29, 2013 12:01:23 PM UTC+1, Robert Micallef wrote: Dear Andy, I installed the GUI on the actual logging server a few days ago. The ossec installation was also performed on that same day. The graphs are not appearing. Do you know of any particular dependencies I might have not installed on the new server? I installed apache with php. The GUI loads but the graphs do not. I thought that maybe there needs to be a few days of data in the database before the graphs get generated but it has been 3 days now. I also noticed that when going to detail.php, the alerts' timestamps are not in 24HR format and nor are they followed with AM or PM. It doesn't really make a difference, but I thought you'd want to know about it. Thanks a lot. Robert On Friday, January 18, 2013 2:46:44 PM UTC+1, Andy wrote: Thanks for the feedback! Andy On Thursday, January 17, 2013 1:43:24 PM UTC, Robert Micallef wrote: Hi Andy, I tested the GUI with wallboard mode on. It works as expected. I haven't been able to find any problems. Robert On Tuesday, January 8, 2013 1:30:01 PM UTC+1, Andy wrote: Depending on the config, when wallboard mode is enabled the page should auto rotate to the next page every x minutes. If not working things go horribly wrong, you should see straight away. Andy On Thursday, January 3, 2013 12:27:29 PM UTC, Robert Micallef wrote: Hi Andy. So far everything is ok. I don't use it much. I merely implemented it but so far it doesn't seem to be giving issues. I fixed the detail.php link. I will test with wallboard mode on and see if it gives problems. What should I look for? Thanks, Robert On 31 December 2012 15:46, Andy andym...@gmail.com wrote: Thanks Rob. Small fix that hasn't made it to the release yet: /php/newsfeed_trendip.php Near the bottom is a link to detail.php - remove the leading slash from this link Also the 'Wallboard mode' seems a bit cantankerous, can you let me know if it works for you please. Many Thanks Andy On Friday, December 28, 2012 1:11:47 PM UTC, Robert Micallef wrote: Dear Andy, I just tried this on our test installation for OSSEC 2,7. So far it is working very well. Thanks for your efforts. Regards, Robert On Wednesday, October 24, 2012 4:08:04 PM UTC+2, techs...@ecsc.co.ukwrote: Version 1.3 is now out https://github.com/ECSC/**analogi/downloadshttps://github.com/ECSC/analogi/downloads Lots more toys. I was hoping to have this out a few weeks ago, but things unfortunately got very busy so there was a delay, as such I've not had chance to test against OSSEC 2.7, however I couldn't see any database changes in the source code so I believe there should be no problems. All feedback/bugs welcome. Kind Regards Andy -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] authd - agent
Just wondering if there is some reason with the agent-auth has to use IP when requesting a client key rather than a hostname? Kind of messy when trying to build in automated installs into RPMs and puppet across multiple datacenters. Is there some logical reason I am missing? thanks K -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] authd - agent
On Tue, Jan 29, 2013 at 12:44 PM, Kat uncommon...@gmail.com wrote: Just wondering if there is some reason with the agent-auth has to use IP when requesting a client key rather than a hostname? Kind of messy when trying to build in automated installs into RPMs and puppet across multiple datacenters. Is there some logical reason I am missing? No one has written the code. I thought I had mailed a patch to use hostnames to the list a while back, but I can't remember for sure. thanks K -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] authd - agent
On Tue, Jan 29, 2013 at 1:14 PM, dan (ddp) ddp...@gmail.com wrote: On Tue, Jan 29, 2013 at 12:44 PM, Kat uncommon...@gmail.com wrote: Just wondering if there is some reason with the agent-auth has to use IP when requesting a client key rather than a hostname? Kind of messy when trying to build in automated installs into RPMs and puppet across multiple datacenters. Is there some logical reason I am missing? No one has written the code. I thought I had mailed a patch to use hostnames to the list a while back, but I can't remember for sure. thanks K -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. If anyone wants to do some testing, I've added the lookup code to the repository here: https://bitbucket.org/ddpbsd/ossec-experiment Compiles and resolves on OpenBSD and Ubuntu, unchecked after that though. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] authd - agent
If you happen to find a patch lying around... :-) On Tuesday, January 29, 2013 10:14:53 AM UTC-8, dan (ddpbsd) wrote: On Tue, Jan 29, 2013 at 12:44 PM, Kat uncom...@gmail.com javascript: wrote: Just wondering if there is some reason with the agent-auth has to use IP when requesting a client key rather than a hostname? Kind of messy when trying to build in automated installs into RPMs and puppet across multiple datacenters. Is there some logical reason I am missing? No one has written the code. I thought I had mailed a patch to use hostnames to the list a while back, but I can't remember for sure. thanks K -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.