kakadoo
commented
10 years ago hi
i use my fixed analogi version since weeks and i dont have problems in this direction.
holger
Closed shadyb closed 4 years ago
kakadoo
commented
10 years ago hi
i use my fixed analogi version since weeks and i dont have problems in this direction.
holger
shadyb
commented
10 years ago You are most likely still using 2.7; 2.8 is a very recent release and breaks the table structure that 2.7 relies on. I did d/l and test your version and it did not work on a new ossec 2.8 install.
kakadoo
commented
10 years ago hi i update ossec 2.7 to 2.8 than i got trouble , i fix the db problems with phpmyadmin.
it was not resonally a problem from analogi in my mind.
Holger
kakadoo
commented
10 years ago hi
what i can say ist that , i fix something with phpmyadmin at the database ( maye i add a table i dont know anymore ) after the update from 2.7 to 2.8
holger
2014-07-31 4:45 GMT+02:00 shadyb notifications@github.com:
You are most likely still using 2.7; 2.8 is a very recent release and breaks the table structure that 2.7 relies on. I did d/l and test your version and it did not work on a new ossec 2.8 install.
— Reply to this email directly or view it on GitHub https://github.com/ECSC/analogi/issues/16#issuecomment-50706749.
kakadoo
commented
9 years ago hi i check for the diffrent between 2.7 and 2.8 at the db schema
for me look like the the fields "user" and "full_log" shift from table "data" to alert.
so i found some line at details.php where use the full_log field.
my problem is now that i not able to fix this depend on my mysql knowledge.
can someone help ?
holger
shadyb
commented
9 years ago Stick to ossec 2.7 if you want to use analogi. Trying to get it to work with 2.8 is too much effort, they have made too many changes and even if you do get it working you won't have access the the full feature-set provided by analogi.
stepps
commented
9 years ago @shadyb I have tried out your branch and it mostly works. Are you still developing it? I can report some issues if needed
kakadoo
commented
9 years ago hi
yes , i try to develop ( more fixing ) futher .
at the moment i check the possibility http://www.dict.cc/englisch-deutsch/possibility.htmls to make the changes that the version works well with 2.7 and 2.8. that needs time.
ich think the main diffrent are 2 colums they shift from table data to alert.
and if you compile the soure form 2.8 by your self and use the ossec-dbd the database layout /schema are the same to 2.7.
Holger
2014-10-29 17:42 GMT+01:00 stepps notifications@github.com:
@shadyb https://github.com/shadyb I have tried out your branch and it mostly works. Are you still developing it? I can report some issues if needed
— Reply to this email directly or view it on GitHub https://github.com/ECSC/analogi/issues/16#issuecomment-60958968.
stepps
commented
9 years ago In my apache logs I get these errors: ` [Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined variable: wherecategory_and in /usr/share/analogi-shadyb/php/detail_graph.php on line 72
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: db.local.clamav.net: in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: http://www.clamav.net/support/mirror-problem in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: ct105->10.111.0.105. in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: VE203->10.111.0.203. in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: ct9779->10.111.0.97. in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: VE203-10.111.0.203. in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: 10.111.1.3 in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: iproute-2.6.32-32.1.el6.i686 in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: rhost=10.111.1.3 in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: 10.111.0.72 in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: CT203-10.111.0.203. in /usr/share/analogi-shadyb/detail.php on line 564
[Thu Oct 30 07:57:04 2014] [error] [client 10.111.1.3] PHP Notice: Undefined index: CT203->10.111.0.203. in /usr/share/analogi-shadyb/detail.php on line 564
`
I also get an error on the index page's "Top Rule_ID" panel:
SQL Error: SELECT count(alert.id) as res_cnt, alert.rule_id, alert.level, signature.description FROM alert LEFT JOIN signature WHERE alert.timestamp>'1414411382' AND alert.level>=7 GROUP BY alert.rule_id ORDER BY count(alert.id) DESC LIMIT 10
kakadoo
commented
9 years ago hi @stepps i can´t reproduce your shown errors.
is you db config correct ?
holger
shadyb
commented
9 years ago These are PHP "notices", not errors per say. You can turn them off if you like.
prudnitskiy
commented
9 years ago There is NO table "data" in OSSEC 2.8 (I can send you a schema, if you need it), so Analogi will not work with the brand-new ossec.
Hi,
Not sure if you are aware of this but OSSEC 2.8 breaks analogi. They have drop the data table and merged its fields into the alert table. No data sources have been dropped, they have only been reshuffled, so its just a matter of updating queries.