Wazuh | Mailing List

Thanks, everything worked !!! пятница, 10 октября 2025 г. в 00:23:40 UTC+3, Matías Mercado: Hello,

Hello, can u clarify some strange things with rule 61102. When i get csv file with all events (data.

Hi Anurudra, I can't say too much just looking at the errors you have sent, it will be nice if

I refer to this article: https://documentation.wazuh.com/current/proof-of-concept-guide/leveraging-

From the cluster health, it seems that the shards are full (default shard limit is 1000), which will

Thank you for your reply. I run all my commands on the server that hosts the manager. For the command

Hi Somer, You should change the option to "false", make your changes, and then rollback to

Thanks Fabian, This is the result: [2025-05-20T00:00:01234][WARN ][oocraAllocationService] [node-1]

Hi Stuti Thank you for the information. The problem was solved changing the password of "

Hello Felix, I apologize this has took so long. Unfortunately I do not think you can disable that

Hi avkby445h 24, Glad to hear that, If you have any other problem don't doubt to open a new

Hello Ali, I see you have completed the integration which is good. I would be able to provide more

I'll forward your suggestion to the documentation team so they can consider clarifying the

Hi Roman, In this scenario, command monitoring is running this command. Get-Volume -DriveLetter C |

Hi, I have tested your custom decoder using the sample log you shared, and it seems that the hostname

Hello everyone, I've checked my ossec.log for the first time in a while (I know I should do this

Hi Gokul, This behavior is expected and occurs mainly for two reasons: Office 365 fields are included

Hi, How do you get these logs? Do you have a way to export them? One option could be to put the logs

You do not need to create a decoder for every log. You should write decoders based on the format of

Thank you Hernan for your reply. But still the issue is not solved. On Wednesday, October 1, 2025 at

I received information privately. The conversation should continue in the public chat. Below is the

Still not having any luck. Here's my config.yml --- _meta: type: "config"

Hello! I can confirm all those settings were correct & as expected. Interestingly, after HOURS of

hello, The only decoder that "worked" for this type of log is the one below: <decoder

You could also add permissions to wazuh-monitoring*. For more information, please refer to the

Yes, that's right, it's about the shard limit. The filebeat log contains the following

Hi! Thanks for waiting This slowdown occurs when browsing the Wazuh dashabord Unfortunately I don

Hi Samson, So I've tried what you've said: Please restart your Wazuh dashboard service using:

Hello, I am trying to configure a custom decoder+rule and these seem to be working correctly, however

However, when I look at the log in the wazuh-alerts-* index, I can see that my log is in the correct