On OSSEC server, you can run reportd by feeding alerts.log to it. For example, # cd /var/ossec # bin/ossec-reportd < logs/alerts/alerts.log
On Wednesday, December 5, 2012 6:39:49 PM UTC-8, peng lin wrote: > > i see ossec have report function. > if i want use this funcion,i should config it in every agent's conf > file,or only to config server (or hybrid)'s conf file. > > ex. i holp see alert report and file change report . > how should i set up ? every agent or server ? >
