How to collect logs from API url

[Ali Saaim]

Hi,

I am new to wazuh.  I had a question on how i can monitor logs from an API. I have a url and API key which i can curl to retrieve log data. How can i collect these logs on to the wazuh manager and decode them for monitoring.

Hope to get some positive responses.

Thanks in advance

[Harshal Paliwal]

Hi Ali,

Thanks for using the Wazuh.

It depends from where you want to monitor the logs. Wazuh can directly monitor the logs from AWS , GKS etc.

If the API not supported by the Wazuh you can create a custom python script to fetch the data from the API and store them on local server and you can setup the crojob.

From server you can monitor the logs using the Wazuh-agent or you can setup it on Wazuh-manager. Once you will get the logs please check if they are decoding with default decoder and rules or not. If not you need to create the custom decoders and rules to monitor them.

Reference:

https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/decoders.html

https://wazuh.com/blog/creating-decoders-and-rules-from-scratch/

Hope this information helps you. Please feel free to reach out to us for any information/issues.
Regards,