ecsc / analogi Goto Github PK
View Code? Open in Web Editor NEWGraphical Web Interface for OSSEC
License: GNU General Public License v3.0
Graphical Web Interface for OSSEC
License: GNU General Public License v3.0
PHP error reported by Brett:
date() expects parameter 2 to be long, string given in analogi/php/index_graph.php on line 127
Potential fix is to replace the line
$tmpdate=$rowchart['res_time'];
With
$tmpdate=intval($rowchart['res_time']);
This bug is still UNDER TESTING !
Please report any other issues.
Hi,
Not sure if you are aware of this but OSSEC 2.8 breaks analogi. They have drop the data table and merged its fields into the alert table. No data sources have been dropped, they have only been reshuffled, so its just a matter of updating queries.
There is a issues about "Test 3 - Does your database have correct schema when deploy the OSSEC 3.3.0? - no!".How can we fix this problem
This is a string as displayed in default OSSEC Web UI.
Jun 17 00:51:10 srproxy01a sshd[15100]: Did not receive identification string from 193.x.x.123
In analogi, the string is broken in the data field (while the IP field contains the correct address), and it creates a link to look up the incomplete IP address :
http://server/ossecui/detail.php?rule_id=5706&breakdown=source
1 5706 6 2013/06/17 2:55:57 (srproxy01b.x) any->/var/log/secure 193.x.x.123 Jun 17 00:55:54 srproxy01b sshd[26992]: Did not receive identification string from 193.x.x.12
1998 5706 6 2013/06/17 2:55:22 (srproxy01b.x) any->/var/log/secure 193.x.x.123 Jun 17 00:55:21 srproxy01b sshd[26964]: Did not receive identification string from 193.x.x.12
So basically, 192.168.100.123 becomes a link to look up 192.168.100.12.
Thanks for analogi, it's so cool and much better than the default UI. ๐
In order to show the icon properly on management page.
To show the page properly the management.php page has to be changed to blow
diff -bBu ECSC-analogi-a1cd5e3/management.php ossecui/management.php --- ECSC-analogi-a1cd5e3/management.php 2012-10-24 06:46:10.000000000 +0000 +++ ossecui/management.php 2013-11-22 00:56:18.578337217 +0000 @@ -239,6 +239,7 @@ chart_timemanagement = new AmCharts.AmSerialChart(); chart_timemanagement.dataProvider = chartData_timemanagement; chart_timemanagement.categoryField = "date"; + chart_timemanagement.pathToImages = "/images/"; // AXES // category
In management.php line 239 you have to add this to show the drag icons of the graph properly. Now my Management Screen looks neat again ;)
chart_timemanagement.pathToImages = "./images/";
My productive ossec database is named "ossecdb" and this leads to a 0 MB size in the Management screen. I fixed this by using the DB_NAME_0
define but this probably won't fix it for other configurations with more than one database.
php/management_databasesize.php:
$query = "SELECT table_schema as 'Database', sum( data_length + index_length ) / 1024 / 1024 as 'Size'
FROM information_schema.TABLES
WHERE table_schema='".DB_NAME_O."'
GROUP BY table_schema";
The link to management.php in top right corner leads to management.php all overs lead to *.php? so the wallboard mode link (&wallboard=1) is not working for the management screen.
hi
i start a fork today from analogi and add some fixes .
@ECSC if you like to merge to your source please contact me.
Holger
We have ossec 2.9.1 up and running and data is being logged into the mysql db. However, analogi is reporting that the schema is incorrect. I don't have any agents up and running yet so not worried about that issue atm.
Test 1 - Can PHP detect MySQL module? - yes
Test 2 - Can PHP connect to your MySQL? - yes
Test 3 - Does your database have correct schema? - no!
Fix - Import the MySQL schema that comes with OSSEC
Test 4 - Is there any data in your database? - no!
Fix - Ensure agents are logging data.
My ossec server is monitoring only himself so I have 2 clients shown in analogi and thus the mentioned graph in Management screen is a bit small (2*25px). I had to add an additional 50px so I can read it properly. But the legend is still missing don't know why.
Edit: It needs to be at least 450px height in order to show the legend!
php/managment_sourcelevel.php line 70:
$graphheight=" document.getElementById('chartdiv').style.height='".($graphcount*25+50)."px';";
In file toprare.php, this SQL query:
$query="select distinct(alert.rule_id)
from alert, signature, signature_category_mapping, category
where alert.timestamp>".(time()-($inputhours_3600))."
and alert.rule_id=signature.rule_id
and alert.rule_id=signature_category_mapping.rule_id
and signature_category_mapping.cat_id=category.cat_id
and signature.level>".$inputlevel."
".$wherecategory."";
make web UI very slow.
I changed it to this:
$query="select distinct(alert.rule_id)
from alert
where alert.timestamp>".(time()-($inputhours_3600))."
alert.rule_id in (
select rule_id
from signature
where
signature.level>".$inputlevel."
)
".$wherecategory."";
the new SQL will greatly improvise performance. For me, the home page loading time reduced from 5 minutes to 30 seconds. Please consider to optimize all SQL query, especially avoid 'join' operation.
Hello,
It looks like PHP is throwing an error for a foreach located on line 117 of php/newsfeed_trend.php. From the logs in my local install, with PII removed:
[Thu Jan 16 20:21:42 2014] [error] [client x.x.x.x] PHP Warning: Invalid argument supplied for foreach() in /var/www/analogi/php/newsfeed_trend.php on line 117, referer: http://url.example.com/analogi/index.php?
After glancing through the code and doing some minor troubleshooting, $finaltrendinfo seems to be the culprit. For one reason or another, nothing is being populated into it during the if statement on line 96.
I would recommend checking the logic in and near that if statement. If everything is correct and it's just giving me no results, I would add in an if statement to check if that variable is NULL before putting it into the foreach(), as it doesn't look like it is being initialized anywhere.
If I find the time, I'll try to submit a patch for it.
If checking the Source radiobutton on the mainpage and clicking Go the Default Radiobutton (Rule_id in my case) gets preselected for the next click on Go. Is this intentional?
I fixed this by changing line:
if(isset($_GET['field']) && $_GET['field']=='path'){
with:
if(isset($_GET['field']) && $_GET['field']=='source'){
$radiosource="checked";
}elseif(isset($_GET['field']) && $_GET['field']=='path'){
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.