how to forward domain,dns and file servers logs to Wazuh
1,303 views
Skip to first unread message
Mohammadullah Mohmand
Sep 7, 2022, 7:14:33 AM9/7/22
to Wazuh mailing list
Dear all Member's,
hope your doing well .
i would like to forward all Active Directory ,DNS and File servers events logs to wazuh , i have add the logs to windows agent ... ossec.conf file as below ,but unfortunately its not working . hence we need your support on how to forwarded domain, dns and file server logs to wazuh
<localfile>
<location>Security</location>
<log_format>eventchannel</log_format>
<query>Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and
EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and
EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 1047 and EventID != 4907 and and EventID != 4740
EventID != 5152 and EventID != 5157]</query>
</localfile>
<location>Security</location>
<log_format>eventchannel</log_format>
<query>Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and
EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and
EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 1047 and EventID != 4907 and and EventID != 4740
EventID != 5152 and EventID != 5157]</query>
</localfile>
regards
Tomas Benitez Vescio
Sep 7, 2022, 8:49:09 AM9/7/22
to Wazuh mailing list
Hi,
Thanks for using Wazuh!
I will try to get to you with an answer as soon as possible but in the meantime, could you share which version of Wazuh you are using both in the Agent and in the Manager? Also, just to be sure, did you restart the manager after modifying ossec.conf?
On the other hand, you may find useful How to collect Windows logs documentation page. As indicated there it may be possible that you will need to listen to other Windows Events Channels to have the functionality you want.
Regards.
Mohammadullah Mohmand
Sep 8, 2022, 3:02:44 AM9/8/22
to Wazuh mailing list
Hello Sir
thanks for the reply
both Wazuh Agents and Wazuh Manager versions are 4.3.7 , which is the latest, the main aim is to forwarded all windows logs of active directory like user creation, user login , user deletion and so on to wazuh events , i have tried and follow the articles but still not succeed , hence we need your support to advise how to add Active directory, DNS and other servers' logs to wazuh
regards
Mohammadullah Mohmand
Sep 17, 2022, 2:37:31 AM9/17/22
to Wazuh mailing list
Dear sir
hope you,re be fine and doing well
iam still waiting for your kind response regarding my above query.and main aim is to have the logs for domain user creation, user login , & users and group deletion logs in wazuh manager
regards
mohammadul...@gmail.com
Sep 19, 2022, 12:12:15 AM9/19/22
to Wazuh mailing list
waiting for your kind Response.
regards
Reply all
Reply to author
Forward
0 new messages