ecsc / analogi Goto Github PK

PHP error reported by Brett:
date() expects parameter 2 to be long, string given in analogi/php/index_graph.php on line 127

Potential fix is to replace the line
$tmpdate=$rowchart['res_time'];

With
$tmpdate=intval($rowchart['res_time']);

This bug is still UNDER TESTING !

Please report any other issues.

Please help we with problem, i see data in database but amcharts not show anything

Hi,

Not sure if you are aware of this but OSSEC 2.8 breaks analogi. They have drop the data table and merged its fields into the alert table. No data sources have been dropped, they have only been reshuffled, so its just a matter of updating queries.

There is a issues about "Test 3 - Does your database have correct schema when deploy the OSSEC 3.3.0? - no!".How can we fix this problem

This is a string as displayed in default OSSEC Web UI.

Jun 17 00:51:10 srproxy01a sshd[15100]: Did not receive identification string from 193.x.x.123

In analogi, the string is broken in the data field (while the IP field contains the correct address), and it creates a link to look up the incomplete IP address :

http://server/ossecui/detail.php?rule_id=5706&breakdown=source

1 5706 6 2013/06/17 2:55:57 (srproxy01b.x) any->/var/log/secure 193.x.x.123 Jun 17 00:55:54 srproxy01b sshd[26992]: Did not receive identification string from 193.x.x.12
1998 5706 6 2013/06/17 2:55:22 (srproxy01b.x) any->/var/log/secure 193.x.x.123 Jun 17 00:55:21 srproxy01b sshd[26964]: Did not receive identification string from 193.x.x.12

So basically, 192.168.100.123 becomes a link to look up 192.168.100.12.

Thanks for analogi, it's so cool and much better than the default UI. 👍

In order to show the icon properly on management page.
To show the page properly the management.php page has to be changed to blow

diff -bBu ECSC-analogi-a1cd5e3/management.php ossecui/management.php 
--- ECSC-analogi-a1cd5e3/management.php 2012-10-24 06:46:10.000000000 +0000
+++ ossecui/management.php  2013-11-22 00:56:18.578337217 +0000
@@ -239,6 +239,7 @@
        chart_timemanagement = new AmCharts.AmSerialChart();
        chart_timemanagement.dataProvider = chartData_timemanagement;
        chart_timemanagement.categoryField = "date";
+       chart_timemanagement.pathToImages = "/images/";
 
        // AXES
        // category

In management.php line 239 you have to add this to show the drag icons of the graph properly. Now my Management Screen looks neat again ;)

chart_timemanagement.pathToImages = "./images/";

My productive ossec database is named "ossecdb" and this leads to a 0 MB size in the Management screen. I fixed this by using the DB_NAME_0 define but this probably won't fix it for other configurations with more than one database.

php/management_databasesize.php:

$query = "SELECT table_schema as 'Database', sum( data_length + index_length ) / 1024 / 1024 as 'Size' 
    FROM information_schema.TABLES 
    WHERE table_schema='".DB_NAME_O."'
    GROUP BY table_schema";

The link to management.php in top right corner leads to management.php all overs lead to *.php? so the wallboard mode link (&wallboard=1) is not working for the management screen.

hi

i start a fork today from analogi and add some fixes .

@ECSC if you like to merge to your source please contact me.

Holger

We have ossec 2.9.1 up and running and data is being logged into the mysql db. However, analogi is reporting that the schema is incorrect. I don't have any agents up and running yet so not worried about that issue atm.

Test 1 - Can PHP detect MySQL module? - yes
Test 2 - Can PHP connect to your MySQL? - yes
Test 3 - Does your database have correct schema? - no!
Fix - Import the MySQL schema that comes with OSSEC
Test 4 - Is there any data in your database? - no!
Fix - Ensure agents are logging data.

My ossec server is monitoring only himself so I have 2 clients shown in analogi and thus the mentioned graph in Management screen is a bit small (2*25px). I had to add an additional 50px so I can read it properly. But the legend is still missing don't know why.

Edit: It needs to be at least 450px height in order to show the legend!

php/managment_sourcelevel.php line 70:

$graphheight="  document.getElementById('chartdiv').style.height='".($graphcount*25+50)."px';";

In file toprare.php, this SQL query:

$query="select distinct(alert.rule_id)
from alert, signature, signature_category_mapping, category
where alert.timestamp>".(time()-($inputhours_3600))."
and alert.rule_id=signature.rule_id
and alert.rule_id=signature_category_mapping.rule_id
and signature_category_mapping.cat_id=category.cat_id
and signature.level>".$inputlevel."
".$wherecategory."";

make web UI very slow.
I changed it to this:

$query="select distinct(alert.rule_id)
from alert
where alert.timestamp>".(time()-($inputhours_3600))."
alert.rule_id in (
select rule_id
from signature
where
signature.level>".$inputlevel."
)
".$wherecategory."";

the new SQL will greatly improvise performance. For me, the home page loading time reduced from 5 minutes to 30 seconds. Please consider to optimize all SQL query, especially avoid 'join' operation.

Hello,

It looks like PHP is throwing an error for a foreach located on line 117 of php/newsfeed_trend.php. From the logs in my local install, with PII removed:

[Thu Jan 16 20:21:42 2014] [error] [client x.x.x.x] PHP Warning: Invalid argument supplied for foreach() in /var/www/analogi/php/newsfeed_trend.php on line 117, referer: http://url.example.com/analogi/index.php?

After glancing through the code and doing some minor troubleshooting, $finaltrendinfo seems to be the culprit. For one reason or another, nothing is being populated into it during the if statement on line 96.

I would recommend checking the logic in and near that if statement. If everything is correct and it's just giving me no results, I would add in an if statement to check if that variable is NULL before putting it into the foreach(), as it doesn't look like it is being initialized anywhere.

If I find the time, I'll try to submit a patch for it.

I got this error while using analogi with ossec 2.8.3 . how to fix this issue?

Notice: Undefined index: /etc/apache2/sites-available/dev.domainname.net.conf Size in /var/www/analogi/detail.php on line 577

If checking the Source radiobutton on the mainpage and clicking Go the Default Radiobutton (Rule_id in my case) gets preselected for the next click on Go. Is this intentional?

I fixed this by changing line:

if(isset($_GET['field']) && $_GET['field']=='path'){

with:

if(isset($_GET['field']) && $_GET['field']=='source'){
    $radiosource="checked";
}elseif(isset($_GET['field']) && $_GET['field']=='path'){