Hello,
I was reading the list and looking the code of report.c to try to find
one option to my question, but, today is not my day !!! :-D
my idea is generate a very small report that only contain one section
of "top entry", for example:
****************************************
****************************************
Report completed. ==
------------------------------------------------
->Processed alerts: 11286
->Post-filtering alerts: 259
->First alert: 2015 Apr 22 00:04:04
->Last alert: 2015 Apr 22 14:09:43
Top entries for 'Source ip':
------------------------------------------------
186.XXX.203.91
|170 |
200.XXX.56.122
|36 |
****************************************
****************************************
or maybe the same to "Top Level"
****************************************
****************************************
Top entries for 'Level':
------------------------------------------------
Severity 6
|170 |
Severity 5
|43 |
Severity 7
|34 |
Severity 10
|12 |
****************************************
****************************************
I tried many options and combinations, with the f and r options.. but
all they, show the complete report (src, user, location, group, etc,
etc).
any posibility to make this ??
thanks and attentive
--
--
Victor Hugo dos Santos
http://www.vhsantos.net
Linux Counter #224399
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
