Bug #11461
open
zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection
0%
Description
Pfsense 2.5.0 - Release, Zeek 3.0.6_1
Confirmed that zeek is working properly by inspecting process list as well as ensuring that logs are written and available in /usr/local/logs/current.
However, the web interface does not show any log contents when selecting any of the logs (Package/Zeek/Alerts/Real Time Inspection) in the drop down menu.
Updated by Felix S 8 months ago
Further investigation seems to show that the web gui is leveraging zeek_alert_data.php for getting the data. However, this references /usr/local/spool/zeek/ for the log files while they are actually located in /usr/local/logs/current.
So the solution would be to correct the path for $log in zeek_alert_data.php or otherwise perform changes in the zeek configuration that the logs end up in the directory /usr/local/spool/zeek/.
Updated by Felix S 8 months ago
Further problems identified in the zeek_alerts.php:
The content is updated every 10 seconds however, the results in the current log file selection are being discarded and hence no logs are displayed anymore.
A solution might be to leverage the php code from suricata_alerts.php to implement the same sort of filtering capability as well as updating the content in the web gui from changes in the log file.
Updated by Prosper Doko 4 months ago
Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077
Updated by Jim Pingle 4 months ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho 4 months ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks!