3 * by Daniel B. Cid ( dcid @ ossec.net)
5 * Just upload it to any web-accessible directory, and make
6 * sure the web server can access the OSSEC alerts log file.
10 $ossec_log = "/var/ossec/logs/alerts/alerts.log";
11 if(!is_readable($ossec_log))
13 echo "ERROR: Unable to access $ossec_log\n";
14 echo "*TIP: Make sure your web server can access that file. \n";
18 $timelp = filemtime($ossec_log);
19 $fh = fopen($ossec_log, "r");
25 if(filesize($ossec_log) > 30000)
27 fseek($fh, -30000, SEEK_END);
28 $line = fgets($fh, 4096);
34 while($line = fgets($fh, 4096))
42 if(strncmp($line, "** Alert ", 9) == 0)
44 if(strncmp($event, "** Alert ", 9) == 0)
46 array_push($lastlines, $event);
50 $event[] = htmlspecialchars($line);
54 $event[] = htmlspecialchars($line);
59 $lastlines = array_reverse($lastlines);
60 $myhost = gethostname();
66 echo '<?xml version="1.0" encoding="UTF-8"?>
67 <?xml-stylesheet href="/css/rss.css" type="text/css"?>
70 <title>OSSEC '.$myhost.' RSS Feed</title>
71 <link>http://ossec.net</link>
72 <description>OSSEC RSS Feed for '.$myhost.'</description>
73 <language>en-us</language>
74 <lastBuildDate>'.date("r", $timelp).'</lastBuildDate>
75 <pubDate>'.date("r", $timelp).'</pubDate>
76 <copyright>(C) OSSEC.net 2008-2011</copyright>
77 <generator>OSSEC.net RSS feed</generator>
79 <webMaster>dcid@ossec.net</webMaster>
82 <title>OSSEC Alert Feed</title>
83 <url>http://www.ossec.net/img/ossec_logo.jpg</url>
84 <link>http://ossec.net</link>
88 foreach($lastlines as $myentry)
92 if(preg_match("/^.. Alert (\d+)\./", $myentry[0], $regs, PREG_OFFSET_CAPTURE, 0))
94 $myunixtime = $regs[1][0];
104 <title>'.$myentry[2]." ,from ".substr($myentry[1], 20).'</title>
105 <link>http://ossec.net</link>
106 <guid isPermaLink="false">'.$myentry[0].'</guid>
107 <description><![CDATA[';
109 foreach($myentry as $myline){ echo $myline."<br />\n"; }
113 <pubDate>'.date("r", $myunixtime).'</pubDate>