Daily E-Mail Reports

Daily E-Mail reports are summaries of the OSSEC alerts for the day.

Configuration options

All of these configuration options should be specified in the /var/ossec/etc/ossec.conf.

reports
group

Filter by group/category.

Allowed: Any category used within OSSEC Rules.

categories

Filter by group/category.

Note

This is the same as the group option above.

Allowed: Any category used within OSSEC Rules.

rule

Rule ID to Filter for.

Allowed: Any Rule ID in OSSEC Rules.

level

Alert level to filter for. This is an inclusive option so all higher level alerts will also match.

Allowed: Any Alert level 1 to 16

location

Filter by the log location or agent name.

Allowed: Any file path or hostname or network.

srcip

Filter by the source ip of the event.

Allowed: Any hostname or network

user

Filter by the user name. This will match on either srcuser or dstuser

Allowed: Any username

title

The name of the report.

This is a required field for reports to function.

Allowed: Any Text

email_to

The email address to send the completed report.

This is a required field for a report to function.

Allowed: Any email address

showlogs

Include logs when creating the report

Allowed: yes/no

Default: no