Alerts not showing on opensearch-dashboard
102 views
Skip to first unread message
sau sau
Nov 27, 2023, 3:31:25 AM11/27/23
to Wazuh | Mailing List
Hello team,
I have enabled and configured agent less monitoring to send fortigate firewall logs to wazuh as follow:
<remote>
<connection>syslog</connection>
<allowed-ips>172.18.0.0/16</allowed-ips>
<protocol>udp</protocol>
<port>514</port>
</remote>
I am receiving fortigate firewall logs in archieve and alerts.log.
I can see that the wazuh alerts index is filled with log.
green open wazuh-alerts-4.x--2023.11.27 68_OCc16Td2QASzKwCP1uQ 3 0 221392 0 537.8mb 537.8mb
But i don't see alerts on opensearch dashboard.
I have enabled and configured agent less monitoring to send fortigate firewall logs to wazuh as follow:
<remote>
<connection>syslog</connection>
<allowed-ips>172.18.0.0/16</allowed-ips>
<protocol>udp</protocol>
<port>514</port>
</remote>
I am receiving fortigate firewall logs in archieve and alerts.log.
I can see that the wazuh alerts index is filled with log.
green open wazuh-alerts-4.x--2023.11.27 68_OCc16Td2QASzKwCP1uQ 3 0 221392 0 537.8mb 537.8mb
But i don't see alerts on opensearch dashboard.
Juan Antonio Garcia Ruiz
Nov 27, 2023, 7:30:40 AM11/27/23
to Wazuh | Mailing List
Hello, I'm Juan from the Wazuh team, and it would be a pleasure to help you with your issue.
To start assisting you, could you please provide screenshots of the dashboard where the alerts are not loading?
sau sau
Nov 27, 2023, 10:49:21 PM11/27/23
to Wazuh | Mailing List
Hello Juan,
Thank your for getting back. Here is the screenshot of the dashboard where the alerts are not loaded.
Thank your for getting back. Here is the screenshot of the dashboard where the alerts are not loaded.
Juan Antonio Garcia Ruiz
Nov 28, 2023, 6:54:19 AM11/28/23
to Wazuh | Mailing List
To rule out a bug in the date of the alerts, could you try expanding the time range?
sau sau
Nov 29, 2023, 5:20:02 AM11/29/23
to Wazuh | Mailing List
Hello Juan,
I expanded the time range but still not showing any alerts.
I expanded the time range but still not showing any alerts.
Juan Antonio Garcia Ruiz
Dec 1, 2023, 8:46:03 AM12/1/23
to Wazuh | Mailing List
Good afternoon,
Could you check if there are alerts related to the monitoring of Fortigate firewall logs done through remote syslog in the file /var/ossec/logs/alerts/alerts.json?
Could you check if there are alerts related to the monitoring of Fortigate firewall logs done through remote syslog in the file /var/ossec/logs/alerts/alerts.json?
Reply all
Reply to author
Forward
0 new messages