OSSEC
About Get OSSEC+ Downloads
GitHub Bluesky LinkedIn Facebook X (Twitter)
Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
OSSEC 4.0.0 documentation
Logo
OSSEC 4.0.0 documentation
  • Manual
    • Getting started with OSSEC
    • OSSEC Architecture
    • Supported Systems
    • Installation
      • Installation requirements
      • Manager/Agent Installation
      • Manual Installation
      • Windows Agent Installation
      • Package Installation
      • Compiling OSSEC for a Binary Installation
      • Server Virtual Appliance Installation
      • Unattended Source Installation
      • Compiling the OSSEC Windows Agent on Windows
      • Requirements
      • Compilation
      • Integration and Deployment with cfengine
      • OSSEC Updates
    • Agents
      • Communication between agents and the OSSEC server
      • Managing Agents
      • Agent systems behind NAT or with dynamic IPs (DHCP)
      • Adding an agent with ossec-authd
      • Centralized agent configuration
      • Agentless Monitoring
      • Writing Agentless Scripts
    • Log monitoring/analysis
      • Process Monitoring
      • File Monitoring
    • Syscheck
    • Rootcheck Manual
      • Rootcheck
      • Understanding the Unix policy auditing on OSSEC
    • Rules and Decoders
      • Testing OSSEC rules/decoders
      • CDB List lookups from within Rules
      • Create Custom decoder and rules
      • Directory path loading of rules and decoders
      • Rules Classification
      • Rules Group
    • Output and Alert options
      • Sending alerts via syslog
      • Sending alerts via E-Mail
        • Alerts to a single E-Mail Address
        • Granular E-Mail alerts to many E-Mail addresses
        • Daily E-Mail Reports
      • Storing alerts as JSON
      • Sending output to a Database
        • Configuring MySQL
        • Configuring PgSQL
      • Daily E-Mail Reports
      • Sending output to prelude
    • Active Response
      • Creating Customized Active Responses
      • UNIX: Active Response Configuration
      • Windows: Active Response Configuration
      • Understanding Active Response with FreeBSD
  • Frequently asked questions
    • Agents: FAQ
    • Alerts: FAQ
    • Installation: FAQ
    • Miscellaneous: FAQ
    • OSSEC: FAQ
    • Syscheck: FAQ
    • When the unexpected happens: FAQ
  • User submitted Cookbooks
    • How to restart an agent after changes to the agent.conf:
    • Using filebeat, logstash, and elasticsearch:
  • Build, compile, and not much more
    • install.sh
    • Makefile
    • test-rules:
  • oRFC:
    • oRFC: 1 The Collective Code Construction Contract (C4)
    • oRFC: 2 Coding Style Guide
  • Syntax and Options
    • Regular Expression Syntax
    • Log Analysis Syntax: Rules and Decoders
      • Rules Syntax
      • Decoders Syntax
    • ossec.conf: syntax and options
      • ossec.conf: Active Response Options
      • ossec.conf: Agentless Options
      • ossec.conf: Alerts Options
      • ossec.conf: Client Options
      • ossec.conf: Database Output options
      • ossec.conf: Granular Email options
      • ossec.conf: Global options
      • ossec.conf: Localfile options
      • ossec.conf: Remote Options
      • ossec.conf: Reports options
      • ossec.conf: Rootcheck options
      • ossec.conf: Rules options
      • ossec.conf: Syscheck Options
      • ossec.conf: Syslog Output options
    • agent.conf
    • internal_options.conf: syntax and options
      • internal_options.conf: analysisd
      • internal_options.conf: agent
      • internal_options.conf: dbd
      • internal_options.conf: logcollector
      • internal_options.conf: maild
      • internal_options.conf: monitord
      • internal_options.conf: remoted
      • internal_options.conf: syscheck
      • internal_options.conf: windows
  • Output Formats
    • OSSEC alert log samples
    • JSON Format
    • cef log format:
  • Man pages
    • agent-auth
    • agent_control
    • clear_stats
    • list_agents
    • manage_agents
    • ossec-agentd
    • ossec-agentlessd
    • ossec-analysisd
    • ossec-authd
    • ossec-control
    • ossec-csyslogd
    • ossec-dbd
    • ossec-execd
    • ossec-logcollector
    • ossec-logtest
    • ossec-maild
    • ossec-makelists
    • ossec-monitord
    • ossec-regex
    • ossec-remoted
    • ossec-reportd
    • ossec-syscheckd
    • rootcheck_control
    • syscheck_control
    • syscheck_update
    • util.sh
    • verify-agent-conf
  • Examples
    • Output
Back to top
View this page

Output FormatsΒΆ

  • OSSEC alert log samples
    • Example alert.log messages:
    • Sample alerts.json messages:
  • JSON Format
  • cef log format:
Next
OSSEC alert log samples
Previous
internal_options.conf: analysisd
Copyright © Atomicorp, Inc. 2025
Made with Sphinx and @pradyunsg's Furo