Hi, you can create a script to read that information from */var/ossec/logs/alerts*. Alerts are classified in years/month/days:
/var/ossec/logs/alerts# tree . ├── 2017 │ └── May │ ├── ossec-alerts-11.json.gz │ ├── ossec-alerts-11.json.sum │ ├── ossec-alerts-11.log.gz │ ├── ossec-alerts-11.log.sum │ ├── ossec-alerts-12.json │ └── ossec-alerts-12.log ├── alerts.json └── alerts.log Also, if you use Elasticsearch, it should be easy create a query to get the information. Regards. On Tuesday, May 9, 2017 at 5:00:47 PM UTC+2, joe lee wrote: > > I am contacting you because I utilize your product and I am trying to find > the best way to get some detail reporting and was wondering if someone can > assist. I am trying to do two things and if you can provide the commands or > instructions on how to, it would be appreciated. > > > 1. I trying to do a dump of logs for the last seven days into a CSV/Excel > file; is there any way yo do this because I have not found documentation > from the OSSEC site on how to? > > 2. I am trying to obtain a report that gives me the TOP 10 files or file > types that have been changed according to the logs. Maybe if we can get the > excel spreadsheet, then we can possibly set filters to obtain this > information. > > > Can someone please confirm if this information can be gathered and how? > > > Thank you > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
