Have a look at http://www.kumardudes.com/ossec/ossec-reports (I found this through google, it's not my site)
Run ossec-reportd using the -f <srcip> option to look for alert from a specific host (agent). As Dan pointed out, there are no alerts in your file, hence you will not see anything. open the alert file in a text editor and check what the content are, if you see alerts, say for e.g. host "10.200.40.56", try running ossec-reportd with the option *zcat /var/ossec/logs/alerts/2011/**Jun/ossec-archive-23.log.gz | /var/ossec/bin/ossec-reportd -f srcip "10.200.40.56"* * * * * * * On Sat, Jun 25, 2011 at 2:35 AM, SystemAli <[email protected]> wrote: > Hello Dan : > > I am trying to read the logs via this command :- *zcat > /var/ossec/logs/alerts/2011/Jun/ossec-archive-23.log.gz | > /var/ossec/bin/ossec-reportd* > > But all i get is :- > > 2011/06/25 12:02:17 ossec-reportd: INFO: Started (pid: 7610). > 2011/06/25 12:02:22 ossec-reportd: INFO: Report completed and zero alerts > post-filter. > > Why dont i see any results ? > > -- > "Want to be a leader? Wash the Dishes When Nobody Else > Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> > " >
