wazuh-reportd

The wazuh-reportd program creates reports from ThreatLockDown alerts. It accepts alerts on stdin and outputs a report on stderr.

Note

Since the wazuh-reportd daemon outputs to stderr, some utilities like less will not work if the output is not redirected. To do this, end the wazuh-reportd with 2>&1 to redirect stderr to stdout. Following this redirect, more or less can be used with ease.

-D <dir>

Chroot to <dir> .

-d

Run in debug mode. This option may be repeated to increase the verbosity of the debug messages.

-f <filter> <value>

Filter the results.

Allowed values

group

rule

level

location

user

srcip

filename

-g <group>

Group to run as (default: wazuh).

-h

Display the help message.

-n <string>

Create a description for the report.

-r <filter> <value>

Show related entries.

-s

Show the alerts related to the summary.

-t

Test configuration.

-u <user>

User to run as (default: wazuh).

-V

Display the version and license information