Raw logs from wazuh dashboard
950 views
Skip to first unread message
Jayakrishnan
Mar 17, 2023, 12:36:49 AM3/17/23
to Wazuh mailing list
Hello All,
I was wondering if I could get to see the raw logs coming from agents or through syslog connection in the wazuh dashboard. For some events I was able to see it in a field called 'full log' in the dashboard when the alert is generated, but for other log's alerts there is no such field as full log. Can someone explain what is happening?
Thanks
Jayakrishnan
Alexander Bohorquez
Mar 17, 2023, 8:48:24 AM3/17/23
to Wazuh mailing list
Hi Jayakrishnan,
Thank you for using Wazuh!
By default, the "full_log" field is added to the alerts and this would be the original log that is processed by the Wazuh-manager.
There are certain cases in which the rules with which the alert is generated contain the "no_full_log" option and this means that when it is generated it does not include raw log in the alert and you cannot verify it from the WUI.
There are certain cases in which the rules with which the alert is generated contain the "no_full_log" option and this means that when it is generated it does not include raw log in the alert and you cannot verify it from the WUI.
I leave you the reference documentation and I hope this clarifies your doubt: https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html#options.
Please let us know if you have any other questions.
Reply all
Reply to author
Forward
0 new messages