Try analogi: https://github.com/ECSC/analogi I use it to filter by almost anything. It pulls off of the database if you have configured OSSEC to support that.
From: [email protected] [mailto:[email protected]] On Behalf Of TVS-Rick Sent: Wednesday, June 17, 2015 5:40 PM To: [email protected] Subject: [ossec-list] Login/Logout events excluding system accounts Hello, I'm looking to generate a report that shows login/logout times of actual users. I am using AlienVault to generate the report. AlienVault does not provide a solution to exclude particular users, so I am hoping ossec can. Basically, I have lists of thousands of login/logout events, but the vast majority of them is the system account. I want to exclude all 'usernames' that have a trailing $ dollar sign. The catch: I still want to log the system events, so I can't just completely exclude them. I hope this has made sense. Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
