The wazuh-reportd program creates reports from Wazuh alerts. It accepts alerts on stdin and outputs a report on stderr.
Note
Since the wazuh-reportd daemon outputs to stderr, some utilities like less will not work if the output is not redirected. To do this, end the wazuh-reportd with 2>&1 to redirect stderr to stdout. Following this redirect, more or less can be used with ease.
+-------------------------+-------------------------------------------------------------------------------------------------+ | -D <dir> | Chroot to <dir> . | +-------------------------+-------------------------------------------------------------------------------------------------+ | -d | Run in debug mode. This option may be repeated to increase the verbosity of the debug messages. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -f <filter> <value> | Filter the results. | + +---------------------------------------------------------+---------------------------------------+ | | Allowed values | group | + + +---------------------------------------+ | | | rule | + + +---------------------------------------+ | | | level | + + +---------------------------------------+ | | | location | + + +---------------------------------------+ | | | user | + + +---------------------------------------+ | | | srcip | + + +---------------------------------------+ | | | filename | +-------------------------+---------------------------------------------------------+---------------------------------------+ | -g <group> | Group to run as (default: wazuh). | +-------------------------+-------------------------------------------------------------------------------------------------+ | -h | Display the help message. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -n <string> | Create a description for the report. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -r <filter> <value> | Show related entries. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -s | Show the alerts related to the summary. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -t | Test configuration. | +-------------------------+-------------------------------------------------------------------------------------------------+ | -u <user> | User to run as (default: wazuh). | +-------------------------+-------------------------------------------------------------------------------------------------+ | -V | Display the version and license information | +-------------------------+-------------------------------------------------------------------------------------------------+