Wazuh SIEM | Agent
41 views
Skip to first unread message
John Carry
Jan 5, 2023, 5:51:58 AM1/5/23
to Wazuh mailing list
Hello Wazuh Team,
Regards,
Is there any wazuh agent installed in its own server through which we can monitor or track the server activities, if that is case then please let me know the details and how to access it.
Further if there is not agent installed then can we installed the wazuh agent for Linux on it ?
Regards,
John
Santiago David Vendramini
Jan 5, 2023, 6:17:17 AM1/5/23
to Wazuh mailing list
Hi! Wazuh manager it's an agent itself. It's the 000 agent and you can configurte it modifying it own ossec.conf file or check all the logs and alerts in /var/ossec/logs just like in an agent! If you want to monitor the server in the dashboard you can see the alerts generated in the manager in the security events section of the dashboard! Filtering by agent id 000. If you have a cluster environment configured, all events of the manager, whether master or worker node, are seen in "security events" as agent 000, in addition to filtering by agent.id, you can filter by manager.name to only see alerts of specific node!
I hope this solves your need, let me know if you need anything else!
I hope this solves your need, let me know if you need anything else!
Reply all
Reply to author
Forward
0 new messages