Apologies for the delay on this, I was not actually looking for this kind of functionality out of the ossec-reportd utility itself. I was kind of wondering if there was another tool available that would give us the granularity that we were looking for. Unfortunately, the statistical information is not very useful for our audit reviews. I have since resolved this issue by writing a series of scripts against the archive log and it seems to be providing us with what we are looking for so far.
Thanks, Michael On Thursday, November 14, 2013 3:00:46 PM UTC-7, Jb Cheng wrote: > I am not aware of such a feature of adding date/time stamps to the ossec- > reportd output. > > The output is basically a statistical summary (counting the number of > things), so having time stamps for individual events does not make sense. > I mean, where do you show them on the report anyway. > > Can you present the alerts.log files for granular auditing purpose? > > > On Friday, November 8, 2013 1:59:31 PM UTC-8, Micheal Dignin wrote: >> >> Greetings, >> >> Is there any way to get reports with date and timestamps? >> >> I tried running various ossec-reportd reports, but it looks like that >> only report statistical information just like the WUI. I have also tried >> using “Daily E-mail Reports” and it is the same result. >> >> We have some granular auditing requirements that require reviewing date >> and time of specific events. >> >> Thanks, >> >> Michael >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
