The OSSEC Web UI is currently unmaintained and deprecated.
If you are interested in maintaining the project, please contact the OSSEC team (open an issue, send a message to the mailing list, etc).
We recommend using Kibana, Splunk, or similar projects for monitoring alerts.
------------------------------------------------------------------------------------------------------------------------------------------
OSSEC Web UI v0.8
Copyright (c) 2006-2013 Trend Micro Inc.
1- How to install.
1.0 - Prerequisites
- Apache with PHP (>= 4.1 or >= 5.0) installed.
- OSSEC (version >= 0.9-3) already installed.
1.1- Clone the web ui script:
# git clone https://github.com/ossec/ossec-wui.git
1.2- Move the folder to somewhere acessible by
your web server:
# mv ossec-wui* /var/www/htdocs/ossec-wui
1.3- Run the setup script (assign username/password...):
# cd /var/www/htdocs/ossec-wui
# ./setup.sh
...
1.4- If selinux is enabled, ossec-wui is normally unable to access
various ossec log files. One way to fix this is to install a
selinux targeted policy.
Create a TE file (eg.
/etc/seliinux/targeted/ossec-wui/ossec-wui.te) with the following
content:
module ossec-wui 1.0;
require {
type var_log_t;
type httpd_t;
type var_t;
class file { read getattr open };
}
#============= httpd_t ==============
allow httpd_t var_log_t:file read;
allow httpd_t var_t:file { read getattr open };
Then run the following commands as root:
checkmodule -M -m ossec-wui.te -o ossec-wui.mod
semodule_package -o ossec-wui.pp -m ossec-wui.mod
semodule -i ossec-wui.pp
1.5- If you have a large ossec install, you may want to
re-configure PHP to support longer lasting scripts
and higher memory utilization. The following entries
on php.ini can be increased:
max_execution_time = 180
max_input_time = 180
memory_limit = 30M
1.6- Try to access the UI.
http://anyhost/ossec-wui/
1.7- Report any problems or suggestions to our mailing list.