Extend time WEBGUI messages are shown

BerArt · **Posted:** Tue Dec 02, 2008 3:59 am

I would be very nice if I could set the time the Security Events are staying in the Security Event ASL WEB GUI. Now the messages are staying in the WEBGUI maximum for 1 day, if a customers call the next morning because he/she is blocked on the server the WEBGUI is empty and it is hard to send a false positive of disable the rule that blocked them. Especially if the customer is NOT using a dedicated IP

So please extend the time the message are shown in the ASL WEB GUI to 7 days or make it a setting in ASL.

wjtech · **Posted:** Tue Dec 02, 2008 9:43 am

I would also find this very useful.

John

mikeshinn · **Posted:** Tue Jan 20, 2009 8:20 pm

Added to feature request Queue.

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

BerArt ... are you making the same mistake as me?

There's actually only a limit on the number of events, rarther than a 24 hour timeframe.

That is IF you have done an asl -c since the switch from file-based to mysql-based event logging (which I had neglected to do, and so was only ever seeing the past 24 hours of events in some systems).

But as a follow-up on this, it would be nice to be able to configure how many events should be visible in the asl-gui AND to have a datestamp as well as a timestamp. At the moment I have one system that hardly has any events and has 3 or 4 days worth of entries listed, but I can't tell which day they are.

Faris.

BerArt · **Posted:** Wed Jan 21, 2009 10:55 am

Quote:

There's actually only a limit on the number of events, rarther than a 24 hour timeframe

Where can I set this?

Strange that on all my servers it's only a day no mater how many events? On one server I have three event per day but the next day they are not in the WebGUI anymore. On one server I have more events per minute, and that stays for a couple of hours in de WebGUI, so this would indeed indicate a number of events

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

I don't know where the limit is set -- not sure it is user-configurable.

But if they all vanish after midnight no matter what, then do an asl -c

If the same thing is happening to you as happened to me, when doing an asl -c, asl noticed that I had not yet configured a database. It then created one and so forth, and suddenly you have persistant event logging -- for a certain number of events at least.

Ermm...I fear there may be a bug in the current asl -c. For me at least it seems to drop to the command line after entering a few details. It may be different for you.

Faris.

Extend time WEBGUI messages are shown

Who is online