Wazuh | Mailing List

Hi Lanny, For a 3-node Wazuh cluster, the certs are generated from config.yml, and the docs are

Hello Gustavo, I am sharing the logtest result. Please review and guide me to get the logs in UI.

Hi Майкл, to add to my previous answer, having `plugins.security.audit.config.enable_rest: true` `

George, Thanks for sharing the agent configuration. From what you posted, that agent is only

I've stumble upon the same needs but the <same_system_name/> tag doesn't seem to be

Great news On Friday, March 6, 2026 at 2:22:22 PM UTC+1 doc dodo wrote: Problem was resolved after

Hi CJK, Currently, Wazuh has a limitation on the size of the events it can collect, which is mainly

Thanks. On Thursday, 26 February 2026 at 16:54:27 UTC+5:30 victor....@wazuh.com wrote: Yes, it is

I add also <global> <jsonout_output>yes</jsonout_output> <alerts_log>yes</

Hi Awwal, Thanks for the response. I was able to fix the issue. The problem was, I didn't replace

Hi Gerald, It is because the alerts template was not installed correctly. /etc/filebeat/wazuh-

Dear Team, Please help here in this case. On Wednesday, March 4, 2026 at 4:43:32 PM UTC+5:30 Suvadip

Based on what you posted, the issue appears to be in the Dashboard - Indexer connection/

Hi, Your updated rule syntax should look like the example below. Sample rule syntax: <group name=

Run this command on the Wazuh Manager nodes to check if Filebeat can communicate with theDR inexer.

Hi CRIZ, One alternative approach is to use regex within the CDB list, though it's worth noting

Hi Team, Glad to hear that the information was helpful. By default, the full_log field is stored in

Hi Tomasz Rojek We are working on the Slack link. Until then, if you have any queries related to

Hello Sistemas, We may need to check the integration log to properly understand why the integration

Ok merci beaucoup. Le jeu. 5 mars 2026, 15:59, 'Olamilekan Abdullateef Ajani' via Wazuh |

Hi Juan Sebastian, You were right, my 8GB change did not apply somehow. I changed it again, properly

Hi, If you need to create a custom detection rule for users in the environment who have the "

Hi Roman, Wazuh rules only support two types of time conditions. You can define a time with the <

I got this response: { "took": 37, "timed_out": false, "_shards": {

Hello Diwahar, We have encountered similar errors in versions prior to 4.14.0 when real-time FIM was

In case the field is an IP address, you must use not_address_match_key Ref: Negative key match On

Sorry, I can't manage to run it inside the docker container bash-5.2# systemctl status wazuh-

Hello Facub, Based on the documentation, CDBList support for IP addresses is prefix-based matching

Hi Dirmit Please allow me some time. I'm discussing this issue with the teammate. They are

Hi Federico, thanks again for your useful and very detailed reply. From the wazuh dashboard journal I