ossec-reportd¶
ossec-reportd is a program to create reports from Wazuh alerts. It accepts alerts on stdin, and outputs a report on stderr.
Note
Since ossec-reportd outputs to stderr, some utilities like less will not work if you do not redirect the output. To do this, end the ossec-reportd with 2>&1 to redirect stderr to stdout. Following this redirect, more or less can be used with ease.
| -D <dir> | Chroot to <dir> . | |
| -d | Run in debug mode. This option may be repeated to increase the verbosity of the debug messages. | |
| -f <filter> <value> | Filter the results. | |
| Allowed values | group | |
| rule | ||
| level | ||
| location | ||
| user | ||
| srcip | ||
| filename | ||
| -g <group> | Group to run as (default: ossec). | |
| -h | Display the help message. | |
| -n <string> | Create a description for the report. | |
| -r <filter> <value> | Show related entries. | |
| -s | Show the alerts related to the summary. | |
| -t | Test configuration. | |
| -u <user> | User to run as (default: ossec). | |
| -V | Display the version and license information | |