How to Display MongoDb queries in wazuh Dashboard
141 views
Skip to first unread message
Muhammad Farash P
Mar 16, 2023, 5:06:09 AM3/16/23
to Wazuh mailing list
Hai All,
I have wazuh environment with mongodb database in it. I need to display mongodb queries in the wazuh dashboard. Please guide me through the process.
Is there any way to the same for redis,mariadb and rabbitmq databases?
thanks in advance
Anthony Faruna
Mar 17, 2023, 4:55:44 PM3/17/23
to Muhammad Farash P, Wazuh mailing list
Hello Muhammad
PostgreSQL decoders
MySQL rules
MySQL decoders
MongoDB rules
MongoDB decoders
Apache rules
Apache decoders
Ngix rules
Ngix decoders
PHP rules
MS SQLServer rules
MS SQLServer decoders
Thank you for using Wazuh
You can use Logcollector to send the mongodb logs you want to monitor to
A Logcollector configuration can be the following:
You can use Logcollector to send the mongodb logs you want to monitor to
Analysisd. Analysisd will process them and generate the alerts.A Logcollector configuration can be the following:
Analysisd will check if there are rules and decoders that match each of the events sent. Here are some of the rules and decoders we have for databases and web pages, you can see our Ruleset repository at Github.PostgreSQL rulesPostgreSQL decoders
MySQL rules
MySQL decoders
MongoDB rules
MongoDB decoders
Apache rules
Apache decoders
Ngix rules
Ngix decoders
PHP rules
MS SQLServer rules
MS SQLServer decoders
In order to accomplish a deeper analysis, you should configure the audit log. Several DB engines have the capability to output different kinds of actions, queries and user activity to an audit log via either plugins or embedded features, this audit log can track statements like SELECT, INSERT, UPDATE, DELETE, DROP, CREATE among others. For example, the Percona audit log plugin can generate audit logs for several SQL statements and user connection/disconnection.In summary, Wazuh can be able to collect the DB audit logs and generate the proper alerts.Please, let me know if it helps.
Best Regards
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/28351920-b379-4d59-a55f-99258ca12c2an%40googlegroups.com.
Muhammad Farash P
Apr 25, 2023, 10:51:01 AM4/25/23
to Wazuh mailing list
Thanks a lot for replying.Logs from mongodb are displayed in archives.log but not in alerts.log. So there is alerts generated as of now. What to do ti display logs in the dashboard?
thanks in advance
Reply all
Reply to author
Forward
0 new messages