You can manually run reports using ossec-reportd.
On Mon, Mar 1, 2010 at 3:08 PM, Derek J. Morris <dmor...@digitalmorris.com> wrote: > How do you kick off a test of the new Daily Report feature? Would like to see > what I get before putting it in production. > > -Derek > > >> You can make up your own. Give your rules a <group>whatever</group> entry. >> ie: >> <rule id="100500" level="4"> >> <decoded_as>named</decoded_as> >> <description>bad zone transfer request</description> >> <match>bad zone transfer request</match> >> <group>sysadmin,</group> >> </rule> >> >> Here's a quick list of groups (probably imcomplete/wrong in some cases): >> access_denied >> account_changed >> adduser >> agentless >> attack >> attacks >> authentication_failed >> authentication_failures >> authentication_success >> automatic_attack >> client_misconfig >> config_changed >> connection_attempt >> dhcp_dns_maintenance >> dhcp_ipv6 >> dhcp_lease_action >> dhcp_maintenance >> dhcp_rogue_server >> exploit_attempt >> firewall_drop >> fts >> hostinfo >> ids >> invalid_access >> invalid_login >> invalid_request >> ip_spoof >> login_day >> login_denied >> login_time >> logs_cleared >> low_diskspace >> multiple_drops >> multiple_spam >> new_host >> policy_changed >> process_monitor >> promisc >> recon >> rootcheck >> service_availability >> service_start >> smf-sav >> spam >> sql_injection >> syscheck >> system_error >> system_shutdown >> time_changed >> unknown_resource >> virus >> web_scan >> win_authentication_failed >> >> >> On Mon, Mar 1, 2010 at 11:02 AM, Derek J. Morris >> <dmor...@digitalmorris.com> wrote: >>> I am excited to check out the Reporting feature just added. I need a list of >>> categories or groups so I can set it up with what I want to report on. Can >>> you >>> make up your own groups or categories too? Where would I add such entries to >>> declare them and then edit my rules appropriately? >>> >>> -Derek Morris >>> >>> >> > >
