Wazuh | Mailing List

Hello Guys, I'm following up on the multi-tenancy discussion here. I've set up a Wazuh

Hello Chuks, It seems to be working great for now ! Sorry for the delay, was so busy at work these

Hi, Hope someone can advise. I have created a custom Wazuh rule that is based on the inbuilt Office

Hello Once again Felix, I received feedback from the team and one of the things mentioned is that,

Hi Tuan, After reviewing your request, the GitHub repo, and the sample logs provided. The provided

Hi, Based on the shared sample log, I have created a custom decoder that extracts the required fields

Hi Nathan D, Apologies for the delayed response. Here is the answer to your query: Group Filter:

Hi Harish and your team. In the current Wazuh Vulnerability Detector module (enabled by default on

Hi David, It looks like you're trying to collect and monitor the active-responses.log. First,

Hello, has anyone tried this and did it work? I am using wazuh on hyper-v , will the method change?

So after investigating about this warning, It's indeed caused by the event size. The maximum size

Thank you very much. I'll do what you're told and report back on the results. Carlos. El

Hi Somer, Please do share your solution here if you manage to resolve it — that would be very helpful

Hello, Yes the vulnerability detection will continue to work. The vulnerability data will be sent

Hi Vikash, Kindly change the log_format from apache to syslog and restart your services. <

Hello PD, From the log you shared, I see wazuh already did some pre-decoding in the initial stage,

I applied what you told me and reduced it to a module, and I also activated debug mode to obtain more

Thank you Hernan for the reply Just to clarify, if I am managing indices with an ILM policy that

Hello Chukwudalu, Thank you for the detailed steps. I will try this on our Wazuh Indexer and follow

Hi, Here is the log file “/var/wazuh-indexer/wazuh-cluster.log.”. I have only included the part from

To share the logs, check if you can find the full_log from the alerts.json file cat /var/ossec/alerts

Thank you for your help ! Following your instructions the problem is solved. Here is my rule

Hello Chic, Wazuh keeps one small SQLite database per agent under /var/ossec/queue/db/, named after

Good morning, Okay, thank you very much for your response. We will look into that option to see if it

Hi Lukas, Just to confirm, after checking the certificate paths, is it still not working correctly?

Hello. I've seen bug report. Thanks for your help. El dia dimecres, 24 de setembre del 2025 a les

Glad to know it's working. If you face the same issue, let me know On Monday, September 22, 2025

Also, please confirm if you were experiencing this issue before or after the upgrade. On Wednesday,

Hello, That answers it, thank you! Best regards, Joaquim Antonio A quarta-feira, 24 de setembro de

Hi! I created a support ticket for this problem and it is been resolved. They removed the <