Hey,
The issue is that we changed a bit the format of the logs on 2.6. If
there is no source ip, the Src ip: entry
is not added to the logs. Same thing for the username and other
fields. The webui expect those and break when
not in there...
Thanks,
On Mon, Jun 13, 2011 at 4:24 PM, Kat
I did post that in the issues on the beta page, but regardless of
that, I am running Splunk with the OSSEC Plugin and the beta and itt
is working out just fine, and since that is free for anything up to
500 meg a day (if you are generating that many alerts - you are under
attack big time.), this
What do you use to monitor the data? It happens on the realtime page
and the initial index page. I am not familiar enough with the wui,
just started playing with it two days ago.
Thanks,
Dan
@0xjudd
On Jun 10, 2:03 pm, dan (ddp) ddp...@gmail.com wrote:
Hi 2secureit,
On Fri, Jun 10, 2011 at
I'm starting to play with logstash. Before that I played a bit with splunk.
I mostly use email though.
On Fri, Jun 10, 2011 at 2:26 PM, 2secureit 2secur...@gmail.com wrote:
What do you use to monitor the data? It happens on the realtime page
and the initial index page. I am not familiar enough
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jun 10, 2011, at 2:30 PM, dan (ddp) wrote:
I'm starting to play with logstash. Before that I played a bit with splunk.
I mostly use email though.
Hrm.. logstash looks interesting. I'll have to check it out.. In my spare
time, of course..