Here is a quick script to perform the task that you wish to perform. It takes all files in a directory and creates a summary and then mails it out. I run the script with level 0 so that I get a complete summary.
#!/bin/ksh clear echo "Enter the year (YYYY): "; read year echo . echo "Enter the month (first 3 characters,i.e., Apr, May, Jun): "; read month echo . echo You have selected: $month, $year echo . echo "Hit any key to continuei "; read ans cd /var/ossec/logs/alerts/$year/$month zcat * | /var/ossec/bin/ossec-reportd -f level 12 2>&1 | more | mailx -s "Ossec Summary Report Level 0" [email protected] Barry Walker -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Tuesday, May 03, 2011 1:41 PM To: [email protected] Subject: Re: [ossec-list] Extracting OSSEC alerts to a file I haven't tried it to make sure it will work, but try: zcat /var/ossec/logs/alerts/whatever_the_files_are | /var/ossec/bin/ossec-reportd -f level 12 2>&1 | more I think you would have to run it once for each level, but give it a shot. dan On Tue, May 3, 2011 at 12:41 PM, <[email protected]> wrote: > Hello, > > > > Does anyone know of a quick way to run through all the OSSEC alert log data, > and extract all alerts over level 12 severity rating, dumping them into a > file? Thanks! > > > > > > > > > > > > Tyler Ross > >
