ossec-reportd¶
ossec-reportd
is a program to create reports from Wazuh alerts. It accepts alerts on stdin
, and outputs a report on stderr
.
Note
Since ossec-reportd
outputs to stderr
, some utilities like less
will not work if you do not redirect the output. To do this, end the ossec-reportd with 2>&1
to redirect stderr
to stdout
. Following this redirect, more
or less
can be used with ease.
-D <dir> | Chroot to <dir> . | |
-d | Run in debug mode. This option may be repeated to increase the verbosity of the debug messages. | |
-f <filter> <value> | Filter the results. | |
Allowed values | group | |
rule | ||
level | ||
location | ||
user | ||
srcip | ||
filename | ||
-g <group> | Group to run as (default: ossec). | |
-h | Display the help message. | |
-n <string> | Create a description for the report. | |
-r <filter> <value> | Show related entries. | |
-s | Show the alerts related to the summary. | |
-t | Test configuration. | |
-u <user> | User to run as (default: ossec). | |
-V | Display the version and license information |