Bug #11461
closed
zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection
0%
Description
Pfsense 2.5.0 - Release, Zeek 3.0.6_1
Confirmed that zeek is working properly by inspecting process list as well as ensuring that logs are written and available in /usr/local/logs/current.
However, the web interface does not show any log contents when selecting any of the logs (Package/Zeek/Alerts/Real Time Inspection) in the drop down menu.
Updated by Felix S about 1 year ago
Further investigation seems to show that the web gui is leveraging zeek_alert_data.php for getting the data. However, this references /usr/local/spool/zeek/ for the log files while they are actually located in /usr/local/logs/current.
So the solution would be to correct the path for $log in zeek_alert_data.php or otherwise perform changes in the zeek configuration that the logs end up in the directory /usr/local/spool/zeek/.
Updated by Felix S about 1 year ago
Further problems identified in the zeek_alerts.php:
The content is updated every 10 seconds however, the results in the current log file selection are being discarded and hence no logs are displayed anymore.
A solution might be to leverage the php code from suricata_alerts.php to implement the same sort of filtering capability as well as updating the content in the web gui from changes in the log file.
Updated by Prosper Doko 11 months ago
Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077
Updated by Jim Pingle 11 months ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho 11 months ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks!
Updated by Alhusein Zawi 3 months ago
the web interface shows Logs.
2.6.0-RELEASE (amd64)
built on Tue Jan 25 19:18:35 UTC 2022
FreeBSD 12.3-STABLE
Updated by Viktor Gurov 3 months ago
- Status changed from Feedback to Resolved
- Affected Version deleted (
2.5.x)