[ossec-list] OSSEC Reporting Dump to CSV and reporting range setting
I am contacting you because I utilize your product and I am trying to find the best way to get some detail reporting and was wondering if someone can assist. I am trying to do two things and if you can provide the commands or instructions on how to, it would be appreciated. 1. I trying to do a dump of logs for the last seven days into a CSV/Excel file; is there any way yo do this because I have not found documentation from the OSSEC site on how to? 2. I am trying to obtain a report that gives me the TOP 10 files or file types that have been changed according to the logs. Maybe if we can get the excel spreadsheet, then we can possibly set filters to obtain this information. Can someone please confirm if this information can be gathered and how? Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC Reporting - Can someone help?
Greetings, I am contacting you because I utilize your product and I am trying to find the best way to get some detail reporting and was wondering if someone can assist. I am trying to do two things and if you can provide the commands or instructions on how to, it would be appreciated. 1. I trying to do a dump of logs for the last seven days into a CSV/Excel file; is there any way yo do this because I have not found documentation from the OSSEC site on how to? 2. I am trying to obtain a report that gives me the TOP 10 files or file types that have been changed according to the logs. Maybe if we can get the excel spreadsheet, then we can possibly set filters to obtain this information. Can someone please confirm if this information can be gathered and how? Thank you kindly, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC Syslog Entries Missing Checksum Data
Hi, I've been having an issue where OSSEC is not sending the checksum data in the syslog alerts. Below is an example of what I am seeing (alerts log). This doesn't happen all the time but has been becoming more and more of an issue: 2017 May 05 17:42:37 (me.me.com) any->syscheck Rule: 550 (level 7) -> 'Integrity checksum changed' Integrity checksum changed for: '/home/testuser/test.txt' Size changed from '2560' to '35292' However, looking at the file with 'syscheck_control', you can see that it captured the checksums: /var/ossec/bin/syscheck_control -i -f /home/testuser/test.txt 2017 May 05 17:42:37,2 - /home/testuser/test.txt File changed. - 2nd time modified. Integrity checking values: Size: >35292 Perm: rw-r--r-- Uid: 5004 Gid: 5003 Md5: a76ea51c577dce4946efc621b3d7ac17 Sha1: 74e82b2399f36d465a541e54a977a9b062b58c67 Has anyone ever seen this before? agent.conf entry: /home/testuser Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: OSSEC Reporting - Can someone help?
Is the dump of logs something you want OSSEC to do, or is it just something you want to do on the server? Is this a Linux server? On Tuesday, 9 May 2017 09:00:47 UTC-6, joe lee wrote: > > Greetings, > > I am contacting you because I utilize your product and I am trying to find > the best way to get some detail reporting and was wondering if someone can > assist. I am trying to do two things and if you can provide the commands or > instructions on how to, it would be appreciated. > > > 1. I trying to do a dump of logs for the last seven days into a CSV/Excel > file; is there any way yo do this because I have not found documentation > from the OSSEC site on how to? > > 2. I am trying to obtain a report that gives me the TOP 10 files or file > types that have been changed according to the logs. Maybe if we can get the > excel spreadsheet, then we can possibly set filters to obtain this > information. > > > Can someone please confirm if this information can be gathered and how? > > > Thank you kindly, > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.