{"id":60,"date":"2010-03-01T18:37:00","date_gmt":"2010-03-01T18:37:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=60"},"modified":"2020-07-01T18:39:39","modified_gmt":"2020-07-01T18:39:39","slug":"daily-email-reports","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2010\/03\/daily-email-reports\/","title":{"rendered":"Daily email reports"},"content":{"rendered":"\n

If you want to receive daily email reports (summaries) of your OSSEC alerts, you will like this new feature.<\/p>\n\n\n\n

First, start off by downloading the latest snapshot:\u00a0http:\/\/www.ossec.net\/files\/snapshots\/<\/a>\u00a0(get the latest file from there)<\/em>.<\/p>\n\n\n\n

Then you will be able to use the \u201creports\u201d option to configure what alerts do you want to receive summarized by the end of the day (instead of in realtime). You can use the following options:<\/p>\n\n\n\n

group:<\/strong> Filter by group\ncategories:<\/strong> Filter by group (alias to the above)\nrule:<\/strong> Filter by rule id\nlevel:<\/strong> Filter by severity\nlocation:<\/strong> Filter by the log location or agent name\nsrcip:<\/strong> Filter by a source ip\nuser:<\/strong> Filter by an user name<\/pre>\n\n\n\n
You can also use the same options with the \u2018type=\u201drelation\u201d specified to get the relation between fields.\u00a0For example <srcip type=\u201drelation\u201d>user<\/srcip> will get you a list of users per source ip.<\/em><\/p>\n\n\n\n
Every report must have a <title> specified and as many \u201cemail_to\u201d as you want.<\/p>\n\n\n\n
Example 1: Receive summary of all the authentication success:<\/strong><\/p>\n\n\n\n
<ossec_config>\n<reports>\n<category>authentication_success<\/category>\n<user type=\u201drelation\u201d>srcip<\/user>\n<title>Daily report: Successful logins<\/title>\n<email_to>me@myemail .com<\/email_to>\n<\/reports>\n<\/ossec_config><\/code><\/pre>\n\n\n\n
Example 2: Receive summary of all File integrity monitoring (syscheck) alerts:<\/strong><\/p>\n\n\n\n
<ossec_config>\n<reports>\n<category>syscheck<\/category>\n<title>Daily report: File changes<\/title>\n<email_to>me@myemail .com<\/email_to>\n<\/reports>\n<\/ossec_config><\/code><\/pre>\n\n\n\n
Please try it out and let us know if you have suggestions or find any bugs\u2026<\/p>\n","protected":false},"excerpt":{"rendered":"
If you want to receive daily email reports (summaries) of your OSSEC alerts, you will like this new feature. First, start off by downloading the latest snapshot:\u00a0http:\/\/www.ossec.net\/files\/snapshots\/\u00a0(get the latest file from there). Then you will be able to use the \u201creports\u201d option to configure what alerts do you want to receive summarized by the end […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/60"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=60"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/60\/revisions"}],"predecessor-version":[{"id":61,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/60\/revisions\/61"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=60"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=60"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=60"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}