ossec-reportd

ossec-reportd is a program to create reports from Wazuh alerts. It accepts alerts on stdin, and outputs a report on stderr.

Note

Since ossec-reportd outputs to stderr, some utilities like less will not work if you do not redirect the output. To do this, end the ossec-reportd with 2>&1 to redirect stderr to stdout. Following this redirect, more or less can be used with ease.

-D <dir>

Chroot to <dir> .

-d

Run in debug mode. This option may be repeated to increase the verbosity of the debug messages.

-f <filter> <value>

Filter the results.

Allowed values

group

rule

level

location

user

srcip

filename

-h

Display the help message.

-n <string>

Create a description for the report.

-r <filter> <value>

Show related entries.

-s

Show the alerts related to the summary.

-V

Display the version and license information