Hi -- was wondering if there's an option to have the daily summary email (e.g. for syscheck) spit out the actionable details instead of just a summary. Right now I get the following which is a little too sparse and cryptic for my admins. Any option to make it print the changed files per agent?
thanks, bill Report 'Daily report: File changes' completed. ------------------------------------------------ ->Processed alerts: 2044 ->Post-filtering alerts: 12 ->First alert: 2010 Aug 12 14:35:48 ->Last alert: 2010 Aug 12 23:39:19 Top entries for 'Level': ------------------------------------------------ Severity 7 |12 | Top entries for 'Group': ------------------------------------------------ ossec |12 | syscheck |12 | Top entries for 'Location': ------------------------------------------------ (sectest200) 10.196.2.89->syscheck |6 | sectest100->syscheck |6 | Top entries for 'Rule': ------------------------------------------------ 550 - Integrity checksum changed. |5 | 551 - Integrity checksum changed again (2nd .. |5 | 552 - Integrity checksum changed again (3rd .. |2 |
