"ossec/bin/syscheck_control -i ID" will give you the files that have changed on a system. "ossec/bin/ossec-reportd" is the reporting program. I think using "-f location AGENT_NAME" will give you the alerts from that agent.
I'm not sure if your upper management will like these, but there really isn't anything else at the moment. If you create something that you can share, let us know. On Thu, Sep 16, 2010 at 10:07 PM, Aamir Niazi <[email protected]> wrote: > Hello List, > > I was wondering what kind of reporting mechanism does OSSEC have? If I > wanted to pull out a list of files on a specific agent that have changed or > list of events that occurred how would I go about doing that in a readable > output something that can be presented to upper management. > > Thanks > > -- > Best Regards, > > Aamir Niazi > Senior Security Analyst >
