Regarding Database & High availability on Opensource

[Mohammed Yaseen]

Hi Team,

I need to know how many days Wazuh can store logs, can I store the logs for more than a year. 

Can we implement Wazuh on AWS or Azure or any other VPC or else does it cause any issues while sync. 

Can we make backup of logs that we can dump into different SIEM or other tools for analysis.

Can we replicate the Wazuh  Opensource server as Load balancer while analyzing data.

Is there limit for number of users for Opensource that we have to use if we implement.

Can we dump logs to AWS or Azure directly.

What are the Major compliances that supported by Wazuh.

What are the major requirements for implementing Opensource Wazuh.

[Alejandro Ruiz Becerra]

Hi Mohammed

I'll gather all the information to answers your questions.

In the meantime, I would like to clarify what do you mean by "Wazuh Opensource Server" and "Opensource Wazuh". Wazuh is an open-source project indeed, but we usually do not mention it when referring to its components, neither do the users and clients, so that's a bit odd, which makes me think you might mean something else, for example an on-premise vs cloud-hosted deployment.

Regards,

Alex

[Mohammed Yaseen]

Hi thanks for reaching out. I mean On-Prem setup. Can we implement on aws also for free.

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/sMHtwnv9v7c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b6161d09-e398-43fc-bf65-ba60b007047dn%40googlegroups.com.

[Alejandro Ruiz Becerra]

Hi again

Here are the answers to your questions:

1. How many days Wazuh can store logs? Can I store the logs for more than a year?

    This pretty much depends on the event generation rate and your storage capacity. It's not the same to have 100 agents than having 100,000.
    We provide an estimation table for you to calculate the storage requirements for your use case. You can find it here: https://documentation.wazuh.com/current/quickstart.html#requirements

2. Can we implement Wazuh on AWS or Azure or any other VPC or else does it cause any issues while sync?

    Yes, you can. Wazuh provides a pre-built Amazon Machine Image (AMI) for AWS. You can find it here: https://documentation.wazuh.com/current/deployment-options/amazon-machine-images/amazon-machine-images.html

    Deploying Wazuh on Azure or other VPC is also possible, but the configuration runs on your side.

3. Can we make backup of logs that we can dump into different SIEM or other tools for analysis?

    Sure you can. All the logs are sent to the log file which is later parsed and sent to the Indexer thought Filebeat. You can use these files to send the logs to any other SIEM or tool for analysis.

    More information about how log data collection works in the docs: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/how-it-works.html

    You can also back up data through snapshots by using snapshots. This helps to restore alerts from one Wazuh indexer cluster to another without losing the original timestamp. More info here: https://documentation.wazuh.com/current/user-manual/wazuh-indexer/migrating-wazuh-indices.html.

4. Can we replicate the Wazuh Opensource server as Load balancer while analyzing data?

    If you mean scaling your cluster, then yes, you can do that without any downtime.

    Please note that Wazuh has 2 types of cluster: wazuh-manager clusters and wazuh-indexer clusters

    Both kind of clusters allow scaling up the cluster horizontally without downtime. The new nodes will automatically join the cluster and start receiving data.

    More information:
     - https://documentation.wazuh.com/current/user-manual/configuring-cluster/basics.html

5. Is there limit for number of users for Opensource that we have to use if we implement?

    There is no such limit. You can have as many users as you want.

6. Can we dump logs to AWS or Azure directly?

    I'm failing to understand this question. AWS and Azure are cloud computing platforms, you'll need a receiver there to receive the logs. Will that be another SIEM or Wazuh? If the latest, then the logs will be already in AWS or Azure.

7. What are the Major compliances that supported by Wazuh?

    The default Wazuh ruleset provides support for PCI DSS, HIPAA, NIST 800-53, TSC, and GDPR frameworks and standards. You can find more information about it here: https://documentation.wazuh.com/current/compliance/index.html

8. What are the major requirements for implementing Opensource Wazuh?

    In you mean technical requirements, then you can find them in the docs. Check the requirements for each component inside its installation guide.

    - https://documentation.wazuh.com/current/installation-guide/index.html

9. Using the On-Prem setup. Can we also implement on AWS for free?
   
    Wazuh is free and open-source independently of the deployment method you choose. You can deploy it on-premise, on AWS, Azure, GCP, or any other cloud provider. You will obviously need to pay for the cloud provider services.

    The only paid option is the Wazuh Cloud, which is a SaaS solution that provides a managed Wazuh environment. You can find more information about it here: https://wazuh.com/cloud/

    Outside the deployment options, we also provide training courses, consulting services and professional support.