Wazuh | Mailing List

Hello Bony, I will give you my old indexer, which has no errors, at the end of 2025, and the new one,

Hello, The current query has huge query load (10k events) because despite having the top-level "

Hello Marciocordeiro, From an auditing perspective and your use case (file creation, deletion, and

Hi Emar, No, you only need to add it on the PR node where you will send the reindex request, not on

Hello there, i dont know if the last reply was sent, but to be safe i will send it again. First of

To be more specific, you are introducing a pre-processed alert (JSON produced by Wazuh) into wazuh-

Hi, thank you for quick response > If you want all 110070 alerts generated during the backup

Hi Ivan, Please just to be sure. when you change to winEventChannel on the agent, the executable is

Dmitry, Your issue is not caused by duplicate names or leftover keys anymore. The behaviour you see

Hi Dhiren Since the new index was created successfully and the alert count is visible in the overview

Hi Nazmur, Sorry... Since I couldn't find a solution in the documentation, I asked ChatGPT, and

I did some tests with your logs. Check for rule.firedtimes field, if you see that it is resetting to

Hi, If you are encountering any errors while following the official Wazuh documentation, please share

Hello Xmertens, I did some research, and apparently the hash that ends with 855 is the SHA256 hash of

Hi! If I save the information to agent.conf, why do I then check the client files and see that the

Hi, I have resolved the previous issue. It was caused by directory permissions changing each time

Hi Jack, What you experienced is actually expected behavior based on how the Wazuh server cluster is

Hi, If the issue still persists, please check the <wodle name="syscollector">

Thanks for your reply. My setup is using wazuh 4.14.3 and is formed by two indexer node in a cluster

Hello, Thank you for sharing the log samples and your observations. Based on what you've provided

Hi Yazid, I suspect your data isn't being decoded correctly. Which file is displayed in the

Hello! The final destination is the indexer, so that will be the requirement for the indexer cluster,

Hi dwight c, Glad to hear that it is working as expected. Please don't hesitate to contact us if

Hi Andrehens, That's okay, let me know if you need any further help with this, and we can look

Hi Muhammad You can exclude all Windows logs. If the agent is a Windows machine, you can comment out

Thanks .. That worked and I am able to receive results and adjust the timings accordingly.. On Friday

Hi Julián I've solved the problem, I'm resetup Certificate for all of the wazuh components.

Hello again, So from looking at that documentation, it says, "Once you run _stop on a follower

Hi Andrehens! If you're actively making changes, seeing that warning from time to time is normal.

Hello Perps, I have created a sample decoder and matching rule for you below. Feel free to modify