Reports options are available in the the following installation types:
All reports options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.
XML excerpt to show location:
<ossec_config>
<reports>
<!--
Reports options here
-->
</reports>
</ossec_config>
Filter by group/category.
Allowed: Any category used within OSSEC Rules.
Filter by group/category.
Note
This is the same as the group option above.
Allowed: Any category used within OSSEC Rules.
Rule ID to Filter for.
Allowed: Any Rule ID in OSSEC Rules.
Alert level to filter for. This is an inclusive option so all higher level alerts will also match.
Allowed: Any Alert level 1 to 16
Filter by the log location or agent name.
Allowed: Any file path or hostname or network.
Filter by the source ip of the event.
Allowed: Any hostname or network
Filter by the user name. This will match on either srcuser or dstuser
Allowed: Any username
The name of the report.
This is a required field for reports to function.
Allowed: Any Text
The email address to send the completed report.
This is a required field for a report to function.
Allowed: Any email address
Include logs when creating the report
Allowed: yes/no
Default: no