diff -ciwr ossec-wui-0.3/css/css.css ossec-wui-0.3.updated/css/css.css
*** ossec-wui-0.3/css/css.css	2007-10-04 19:58:30.000000000 -0500
--- ossec-wui-0.3.updated/css/css.css	2012-06-23 20:25:49.452298249 -0500
***************
*** 5,10 ****
--- 5,13 ----
  * Version:                                1.0
  * Author:                                 Dr. Web Magazin
  * Author URI:                             http:/www.drweb.de/
+ *
+ * Notes:
+ * - Updated Jun. 23rd 2012, wider output, cleaned up some of the entries
  */
  
  img
***************
*** 13,21 ****
  }
  body
  {
! 	background: #696969 url('images/pagebg.gif') 50% 0;
  	color: #222;
! 	font: 62.5% Georgia, "Times New Roman", Times, serif;
  	text-align: center;
  }
  *
--- 16,24 ----
  }
  body
  {
! 	background: #CDCDCD;
  	color: #222;
! 	font: 82.5% Helvetica, Arial, serif;
  	text-align: center;
  }
  *
***************
*** 26,40 ****
  #header
  {
  	margin: 0 auto 0 auto;
! 	width: 802px;
  }
  #headertitle
  {
  	background: #fff;
  	height: 84px;
- 	margin: 0 auto 0 auto;
  	text-align: left;
- 	width: 802px;
  }
  #headercontent
  {
--- 29,42 ----
  #header
  {
  	margin: 0 auto 0 auto;
! 	width: 1000px;
! 	padding: 10px;
  }
  #headertitle
  {
  	background: #fff;
  	height: 84px;
  	text-align: left;
  }
  #headercontent
  {
***************
*** 42,51 ****
  	color: #fff;
  	display: block;
  	height: 130px;
- 	margin: 0 auto 0 auto;
  	position: relative;
  	text-align: left;
! 	width: 802px;
  }
  #headerintro
  {
--- 44,52 ----
  	color: #fff;
  	display: block;
  	height: 130px;
  	position: relative;
  	text-align: left;
! 	width: 1000px;
  }
  #headerintro
  {
***************
*** 131,137 ****
  	font-size: 1.3em;
  	margin: 0 0 1.5em 0;
  	overflow: auto;
! 	width: 700px;
  }
  * html pre
  {
--- 132,138 ----
  	font-size: 1.3em;
  	margin: 0 0 1.5em 0;
  	overflow: auto;
! 	width: 950px;
  }
  * html pre
  {
***************
*** 282,307 ****
  #container
  {
  	margin: 0 auto 0 auto;
! 	width: 770px;
  }
  #content_box
  {
  	clear: both;
  	float: left;
  	text-align: left;
! 	width: 770px;
  }
  #content
  {
  	float: left;
  	padding: 0 40px 0 0;
! 	width: 700px;
  }
  #contentman
  {
  	float: left;
  	padding: 0 40px 0 0;
- 	width: 700px;
  }
  * html #content
  {
--- 283,310 ----
  #container
  {
  	margin: 0 auto 0 auto;
! 	width: 1000px;
! 	padding: 10px;
  }
  #content_box
  {
  	clear: both;
  	float: left;
  	text-align: left;
! 	padding: 10px;
! 	background: white;
! 	width: 980px;
  }
  #content
  {
  	float: left;
  	padding: 0 40px 0 0;
! 	width: 100%;
  }
  #contentman
  {
  	float: left;
  	padding: 0 40px 0 0;
  }
  * html #content
  {
***************
*** 309,320 ****
  }
  #footer
  {
- 	border-top: 2px solid #ccc;
  	clear: both;
! 	float: left;
  	font: 1.1em/1.4em Helvetica, Arial, sans-serif;
! 	padding: 1.0em 0;
! 	width: 770px;
  }
  #nav_h ul
  {
--- 312,322 ----
  }
  #footer
  {
  	clear: both;
! 	margin: 0 auto 0 auto;
  	font: 1.1em/1.4em Helvetica, Arial, sans-serif;
! 	padding: 10px;
! 	width: 1000px;
  }
  #nav_h ul
  {
***************
*** 341,348 ****
  	border-bottom: 4px solid #f26827;
  	float: left;
  	list-style: none;
! 	margin-bottom: 22px;
  	width: 100%;
  }
  #nav ul
  {
--- 343,351 ----
  	border-bottom: 4px solid #f26827;
  	float: left;
  	list-style: none;
! 	margin-bottom: 5px;
  	width: 100%;
+ 	background:white;
  }
  #nav ul
  {
***************
*** 657,662 ****
--- 660,688 ----
  	margin: 0;
  	margin-left: 0;
  	padding: 0;
+ 	padding-top: 6px;
+ 	padding-bottom: 6px;
+ 	border-bottom: 1px solid #F26827;
+ }
+ .alertlevel
+ {
+ 	font-weight:bold;
+ }
+ .alertdate
+ {
+ 	float:right;
+ 	font-weight:bold;
+ }
+ .alertindent
+ {
+ 	font-weight:bold;
+ 	width:75px;
+ 	float:left;
+ }
+ .alertdescription
+ {
+ 	font-weight:bold;
+ 	color:#039;
  }
  table tr.msg
  {
***************
*** 672,682 ****
  }
  .statssmall
  {
! 	font-size: 12px;
  }
  a.asmall
  {
! 	font-size: 10px;
  }
  a.bigg
  {
--- 698,708 ----
  }
  .statssmall
  {
! 	font-size: 11px;
  }
  a.asmall
  {
! 	font-size: 11px;
  }
  a.bigg
  {
***************
*** 688,694 ****
  }
  div.smaller
  {
! 	font-size: 9px;
  }
  div.smaller2
  {
--- 714,720 ----
  }
  div.smaller
  {
! 	font-size: 11px;
  }
  div.smaller2
  {
***************
*** 725,736 ****
  }
  .msg
  {
! 	background-color: #FFFFFF;
  	font-family: Verdana, Arial, Helvetica, Tahoma, sans-serif;
! 	font-size: 10px;
  	margin: 0;
  	margin-left: 0;
  	padding: 0;
  }
  ul.message
  {
--- 751,768 ----
  }
  .msg
  {
! 	background-color: lightGrey;
  	font-family: Verdana, Arial, Helvetica, Tahoma, sans-serif;
! 	font-size: 11px;
  	margin: 0;
  	margin-left: 0;
  	padding: 0;
+ 	padding-top: 4px;
+ 	padding-bottom: 4px;
+ 	padding-left: 10px;
+ 	-webkit-border-radius: 0px 0px 3px 3px;
+ 	-moz-border-radius: 0px 0px 3px 3px;
+ 	border-radius: 0px 0px 3px 3px;
  }
  ul.message
  {
***************
*** 744,750 ****
  	border: 1px solid #666;
  	color: #FFFFFF;
  	font-family: Verdana, Arial, Helvetica, Tahoma, sans-serif;
! 	font-size: 9px;
  	font-weight: bold;
  }
  .text
--- 776,782 ----
  	border: 1px solid #666;
  	color: #FFFFFF;
  	font-family: Verdana, Arial, Helvetica, Tahoma, sans-serif;
! 	font-size: 10px;
  	font-weight: bold;
  }
  .text
***************
*** 765,771 ****
  	background-color: #DEDFDE;
  	border: 1px solid #C1C1C1;
  	color: #000000;
! 	font: 9px arial, helvetica, sans-serif;
  }
  .formSelect
  {
--- 797,803 ----
  	background-color: #DEDFDE;
  	border: 1px solid #C1C1C1;
  	color: #000000;
! 	font: 12px arial, helvetica, sans-serif;
  }
  .formSelect
  {
diff -ciwr ossec-wui-0.3/index.php ossec-wui-0.3.updated/index.php
*** ossec-wui-0.3/index.php	2008-02-27 18:38:47.000000000 -0600
--- ossec-wui-0.3.updated/index.php	2012-06-23 20:22:12.839021524 -0500
***************
*** 168,179 ****
      <!-- END: content -->
      <br /><br />
      <br /><br />
-     <br /><br />
-     <br /><br />
      </div>
      </div>
!             	
! 
  <?php
      /* Including the footer */
      if(!(include("site/footer.html")))
--- 172,180 ----
      <!-- END: content -->
      <br /><br />
      <br /><br />
      </div>
      </div>
!     </div>
  <?php
      /* Including the footer */
      if(!(include("site/footer.html")))
***************
*** 183,188 ****
          return(1);
      }
  ?>
-     </div>
  </body>
  </html>
--- 184,188 ----
diff -ciwr ossec-wui-0.3/lib/os_lib_alerts.php ossec-wui-0.3.updated/lib/os_lib_alerts.php
*** ossec-wui-0.3/lib/os_lib_alerts.php	2008-03-03 13:37:25.000000000 -0600
--- ossec-wui-0.3.updated/lib/os_lib_alerts.php	2012-06-23 17:11:45.394684201 -0500
***************
*** 259,266 ****
          $evt_description = $token;
  
  
          /* srcip */
-         $buffer = fgets($fp, 1024);
          $buffer = rtrim($buffer);
          $evt_srcip = substr($buffer, 8);
          
--- 259,270 ----
          $evt_description = $token;
  
  
+         $buffer = fgets($fp, 2048);
+ 	/* Check for User or Src IP lines, else skip to message */ 
+ 
+ 	if (strpos($buffer,'Src IP: ') !== false ) {
+ 
  		/* srcip */
  		$buffer = rtrim($buffer);
  		$evt_srcip = substr($buffer, 8);
  		
***************
*** 278,286 ****
              }
          }
          
! 
          /* user */
-         $buffer = fgets($fp, 1024);
          $buffer = rtrim($buffer);
          if($buffer != "User: (none)")
          {
--- 282,294 ----
  		    }
  		}
  
! 		/* re-fill buffer */
! 		$buffer = fgets($fp, 2048);
! 	} else {
! 		$evt_srcip = '(none)';
! 	}
! 	if (strpos($buffer,'User: ') !== false ) {
          	/* user */
  		$buffer = rtrim($buffer);
  		if($buffer != "User: (none)")
  		{
***************
*** 305,314 ****
              }
          }
                                              
!         
  
          /* message */
-         $buffer = fgets($fp, 2048);
          $msg_id = 0;
          $evt_msg[$msg_id] = NULL;
          $pattern_matched = 0;
--- 313,325 ----
  		    }
  		}
  						    
! 		/* re-fill buffer */
! 		$buffer = fgets($fp, 2048);
! 	} else {
! 		$evt_user = NULL;
! 	}
  
  	/* message */
          $msg_id = 0;
          $evt_msg[$msg_id] = NULL;
          $pattern_matched = 0;
***************
*** 326,333 ****
              }
  
              $evt_msg[$msg_id] = rtrim($buffer);
!             $evt_msg[$msg_id] = ereg_replace("<", "&lt;", $evt_msg[$msg_id]);
!             $evt_msg[$msg_id] = ereg_replace(">", "&gt;", $evt_msg[$msg_id]);
              $buffer = fgets($fp, 2048);
              $msg_id++;
              $evt_msg[$msg_id] = NULL;
--- 337,344 ----
              }
  
              $evt_msg[$msg_id] = rtrim($buffer);
!             $evt_msg[$msg_id] = preg_replace("/</", "&lt;", $evt_msg[$msg_id]);
!             $evt_msg[$msg_id] = preg_replace("/>/", "&gt;", $evt_msg[$msg_id]);
              $buffer = fgets($fp, 2048);
              $msg_id++;
              $evt_msg[$msg_id] = NULL;
***************
*** 358,369 ****
  
          // TODO: Why is this being done here? Can't we just use
          // htmlspecialchars() before emitting this to the browser?
!         $evt_user = ereg_replace("<", "&lt;", $evt_user);
!         $evt_user = ereg_replace(">", "&gt;", $evt_user);
!         $alert->user = $evt_user;
  
!         $evt_srcip = ereg_replace("<", "&lt;", $evt_srcip);
!         $evt_srcip = ereg_replace(">", "&gt;", $evt_srcip);
          $alert->srcip = $evt_srcip;
  
          $alert->description = $evt_description;
--- 369,380 ----
  
          // TODO: Why is this being done here? Can't we just use
          // htmlspecialchars() before emitting this to the browser?
!         $evt_user = preg_replace("/</", "&lt;", $evt_user);
!         $evt_user = preg_replace("/>/", "&gt;", $evt_user);
!         $evt_srcip = preg_replace("/</", "&lt;", $evt_srcip);
!         $evt_srcip = preg_replace("/>/", "&gt;", $evt_srcip);
  
!         $alert->user = $evt_user;
  	$alert->srcip = $evt_srcip;
  
          $alert->description = $evt_description;
***************
*** 839,845 ****
          if($f_size > $f_point)
          {
              $seek_place = $f_size - $f_point;
!             fseek($fp, $seek_place, "SEEK_SET");
          }
      }
      
--- 850,856 ----
          if($f_size > $f_point)
          {
              $seek_place = $f_size - $f_point;
!             fseek($fp, $seek_place, SEEK_SET);
          }
      }
      
diff -ciwr ossec-wui-0.3/lib/os_lib_syscheck.php ossec-wui-0.3.updated/lib/os_lib_syscheck.php
*** ossec-wui-0.3/lib/os_lib_syscheck.php	2008-03-03 13:37:25.000000000 -0600
--- ossec-wui-0.3.updated/lib/os_lib_syscheck.php	2012-06-23 17:26:34.195510253 -0500
***************
*** 41,49 ****
  
  
          /* Sanitizing input */
!         $buffer = ereg_replace("<", "&lt;", $buffer);
!         $buffer = ereg_replace(">", "&gt;", $buffer);
! 
  
          if(preg_match($skpattern, $buffer, $regs))
          {
--- 41,48 ----
  
  
          /* Sanitizing input */
!         $buffer = preg_replace("/</", "&lt;", $buffer);
!         $buffer = preg_replace("/>/", "&gt;", $buffer);
  
          if(preg_match($skpattern, $buffer, $regs))
          {
***************
*** 248,254 ****
  
      $sk_dir = $ossec_handle{'dir'}."/queue/syscheck";
  
-     
      /* Getting all agent files */
      @$dh = opendir($sk_dir);
      if($dh !== FALSE)
--- 247,252 ----
***************
*** 262,268 ****
                  continue;
              }
  
!             $filepattern = "/^\(([a-zA-Z0-9_-]+)\) ".
                             "[0-9\._]+->([a-zA-Z_-]+)$/";
              if(preg_match($filepattern, $file, $regs))
              {
--- 260,266 ----
                  continue;
              }
  
!             $filepattern = "/^\(([a-zA-Z0-9\._-]+)\) ".
                             "[0-9\._]+->([a-zA-Z_-]+)$/";
              if(preg_match($filepattern, $file, $regs))
              {
diff -ciwr ossec-wui-0.3/lib/Ossec/Alert.php ossec-wui-0.3.updated/lib/Ossec/Alert.php
*** ossec-wui-0.3/lib/Ossec/Alert.php	2008-03-03 09:12:18.000000000 -0600
--- ossec-wui-0.3.updated/lib/Ossec/Alert.php	2012-06-23 20:20:40.436181924 -0500
***************
*** 46,73 ****
      function toHtml( ) {
  
          $date    = date('Y M d H:i:s', $this->time);
!         $id_link = "<a href=\"http://www.ossec.net/wiki/index.php/Rule:{$this->id}\">{$this->id}</a>";
          $message = join( '<br/>', $this->msg );
  
          $srcip = "";
          if( $this->srcip != '(none)') {
!             $srcip = "<span style=\"font-weight:bold;\">Src IP</span>: {$this->srcip}<br/>";
          }
  
          $class = "level_{$this->level} id_{$this->id} srcip_{$this->srcip}";
  
          return <<<HTML
          <div class="alert $class">
!             <span style="font-weight:bold;">$date</span>
!             Rule Id: $id_link
!             level: {$this->level}<br />
!             <span style="font-weight:bold;">Location:</span> {$this->location}<br />
              $srcip
!             <span style="font-weight:bold;">{$this->description}</span>
!             <div class="msg">
!                 $message
!                 <br />
!             </div>
          </div>
  HTML;
      }
--- 46,75 ----
      function toHtml( ) {
  
          $date    = date('Y M d H:i:s', $this->time);
!         $id_link = "<a href=\"http://www.ossec.net/doc/search.html?q={$this->id}\">{$this->id}</a>";
          $message = join( '<br/>', $this->msg );
  
          $srcip = "";
          if( $this->srcip != '(none)') {
!             $srcip = "<div class=\"alertindent\">Src IP: </div>{$this->srcip}<br/>";
!         }
! 
!         $user = "";
!         if( $this->user != '') {
!             $user = "<div class=\"alertindent\">User: </div>{$this->user}<br/>";
          }
  
          $class = "level_{$this->level} id_{$this->id} srcip_{$this->srcip}";
  
          return <<<HTML
          <div class="alert $class">
!             <span class="alertdate">$date</span>
!             <div class="alertindent">Level: </div><div class="alertlevel">{$this->level} - <span class="alertdescription">{$this->description}</span></div>
!             <div class="alertindent">Rule Id: </div>$id_link <br />
!             <div class="alertindent">Location: </div>{$this->location}<br />
              $srcip
!             $user
!             <div class="msg">$message</div>
          </div>
  HTML;
      }
diff -ciwr ossec-wui-0.3/site/header.html ossec-wui-0.3.updated/site/header.html
*** ossec-wui-0.3/site/header.html	2007-10-04 19:58:31.000000000 -0500
--- ossec-wui-0.3.updated/site/header.html	2012-06-23 19:03:21.674500345 -0500
***************
*** 6,23 ****
    <div id="headertitle">
    <table>
    <tr>
!     <td width="74%">
!       &nbsp;&nbsp;<a href="http://www.ossec.net/?fui2">
!       <img width="191" height="81" src="img/ossec_webui.jpg" title="Go to OSSEC.net" alt="Go to OSSEC.net"/></a>
!     </td>
!     
!     <td width="26%">
!       <form method="get" id="searchform" action="http://www.ossec.net/main/">
!       <div style="float:right;"><input type="text" value="" name="s" id="s" />
!         <input type="submit" id="searchsubmit" value="Search" />
!       </div>
!       </form>
!       &nbsp;&nbsp;
      </td>
    </tr>
    </table>
--- 6,13 ----
    <div id="headertitle">
    <table>
    <tr>
!     <td width="100%">
!       <img width="191" height="81" src="img/ossec_webui.jpg" title="OSSEC.net" alt="OSSEC.net"/>
      </td>
    </tr>
    </table>
***************
*** 29,35 ****
    <li><a href="index.php?f=i" title="Integrity checking">Integrity checking</a></li>
    <li><a href="index.php?f=t" title="Stats">Stats</a></li>
    <li><a href="index.php?f=a" title="Help">About</a></li>
!   <a href="http://www.ossec.net/main/donate/"><img src="img/donate.gif" title="Donate to the Project!" alt="Donate to the Project!"/></a>
    </ul>
  </div>  
  
--- 19,25 ----
    <li><a href="index.php?f=i" title="Integrity checking">Integrity checking</a></li>
    <li><a href="index.php?f=t" title="Stats">Stats</a></li>
    <li><a href="index.php?f=a" title="Help">About</a></li>
!   <a style="float:right;padding-right:10px;" href="http://www.ossec.net/main/donate/"><img src="img/donate.gif" title="Donate to the Project!" alt="Donate to the Project!"/></a>
    </ul>
  </div>