projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec_report.txt
diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_report.txt b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_report.txt
new file mode 100644 (file)
index 0000000..6cfa383
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_report.txt
@@ -0,0 +1,26 @@
+OSSEC report tool 0.1
+Licensed under GPL
+Contributor Meir Michanie
+ossec_report_contrib.pl [-h|--help] # This text you read now
+ossec_report_contrib.pl [-r|--report] # prints a report for each element
+ossec_report_contrib.pl [-s|--summary] # prints a summary report
+ossec_report_contrib.pl [-t|--top] #prints the top list
+
+How To:
+=======
+
+ossec_report_contrib.pl OSSEC report tool 0.1
+ossec_report_contrib.pl is a GNU style program.
+It reads from STDIN and write to stdout. This gives you the advantage to use it in pipes.
+i.e.
+cat ossec-alerts-05.log | ossec_report_contrib.pl -r | mail root -s 'OSSEC detailed report'
+cat ossec-alerts-05.log | ossec_report_contrib.pl -s | mail root -s 'OSSEC summary report'
+cat <log file> | ossec_report_contrib.pl -t <key> | head -n 15 (for top 15)
+cat <log file> | ossec_report_contrib.pl -s (for summary)
+
+Crontab entry:
+58 23 * * * (cat ossec-alerts-05.log | ossec_report_contrib.pl -s)
+     
+
+The <key> could be any one of the variables used in ossec log:
+mail,alerthost,datasource,rule,level,description,srcip,user.
ossec-hids