I've just tried AuditViewer (Audit Events & Tree View tabs) and i liked it very much. I've two quick observations; the application accepts regular expressions not just wildcards (i couldn't figure that out immediately, an example video would be great). The fact that it also supports apache access logs is a plus. And finally in the Tree View, if the alert produced two or more tags (messages), you may show them as siblings as opposed to hierarchical view.
The first time I had a look at the screen-shot in the blog post, it seemed like the Firebug active web page with xhr requests flowing. ;)
> From: email@example.com > To: Brian.Rectanus@breach.com > Date: Mon, 23 Feb 2009 11:53:46 +0100 > CC: firstname.lastname@example.org > Subject: Re: [mod-security-users] Browsing ModSecurity Alerts > > > Am 23.02.2009 um 11:31 schrieb Brian Rectanus: > > > Nice! Allow filtering like Cerebus(1) could do for snort alerts and > > it > > could be a killer app ;) The idea here is that you start with a > > slew of > > alerts and keep applying filters to get to only what you need, but all > > the filtering/collapsing needs to be dynamic and serially applied. > > Make > > sure you can do it with key shortcuts as well. I've always wanted > > that > > sort of functionality in an alert viewer for ModSecurity, but never > > had > > the time. > > > > Yeah, as pointed out in the blog entry, the plans are similar in the > sense > that you can write filter-chains which create the desired view. This is > how it works, currently. > I do not have any UI-parts for specifying the filters interactively, > yet. > Currently there is a fixed set of filters being created at startup > (hardcoded), > but these will become more flexible in the future. > > My perspective is to make these filter-chains persistent (XML of > course :-)) > in order to make the filtering repeatable and automatable (e.g. for > automatic > report generation). > > > > (1) http://dragos.com/cerebus/tutorial.html > > Thanks, I will have a look at this. > > Regards, > Chris > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > mod-security-users mailing list > email@example.com > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html
Windows Live™: Discover 10 secrets about the new Windows Live. View post.