Hi Chris,
I've just tried AuditViewer (Audit Events & Tree View tabs) and i liked it very much. I've two quick observations; the application accepts regular expressions not just wildcards (i couldn't figure that out immediately, an example video would be great). The fact that it also supports apache access logs is a plus. And finally in the Tree View, if the alert produced two or more tags (messages), you may show them as siblings as opposed to hierarchical view.

The first time I had a look at the screen-shot in the blog post, it seemed like the Firebug active web page with xhr requests flowing. ;)
 
cheers,
bedirhan
http://www.owasp.org/index.php/Turkey






 
> From: chris@jwall.org
> To: Brian.Rectanus@breach.com
> Date: Mon, 23 Feb 2009 11:53:46 +0100
> CC: mod-security-users@lists.sourceforge.net
> Subject: Re: [mod-security-users] Browsing ModSecurity Alerts
>
>
> Am 23.02.2009 um 11:31 schrieb Brian Rectanus:
>
> > Nice! Allow filtering like Cerebus(1) could do for snort alerts and
> > it
> > could be a killer app ;) The idea here is that you start with a
> > slew of
> > alerts and keep applying filters to get to only what you need, but all
> > the filtering/collapsing needs to be dynamic and serially applied.
> > Make
> > sure you can do it with key shortcuts as well. I've always wanted
> > that
> > sort of functionality in an alert viewer for ModSecurity, but never
> > had
> > the time.
> >
>
> Yeah, as pointed out in the blog entry, the plans are similar in the
> sense
> that you can write filter-chains which create the desired view. This is
> how it works, currently.
> I do not have any UI-parts for specifying the filters interactively,
> yet.
> Currently there is a fixed set of filters being created at startup
> (hardcoded),
> but these will become more flexible in the future.
>
> My perspective is to make these filter-chains persistent (XML of
> course :-))
> in order to make the filtering repeatable and automatable (e.g. for
> automatic
> report generation).
>
>
> > (1) http://dragos.com/cerebus/tutorial.html
>
> Thanks, I will have a look at this.
>
> Regards,
> Chris
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
> -Strategies to boost innovation and cut costs with open source participation
> -Receive a $600 discount off the registration fee with the source code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> mod-security-users mailing list
> mod-security-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html


Windows Live™: Discover 10 secrets about the new Windows Live. View post.