Wazuh Send Log to SIEM
50 views
Skip to first unread message
Setian B C
Oct 15, 2024, 1:50:09 AM10/15/24
to Wazuh | Mailing List
Hi Wazuh Team and Support,
i have a wazuh and SIEM now, and my wazuh have many machine / agent then i need my wazuh integrated with send log to my SIEM.
can i do this?
can i do this?
Regards,
Stuti Gupta
Oct 15, 2024, 4:36:24 AM10/15/24
to Wazuh | Mailing List
Hi
The recommended option would be to use a Rsyslog server, If you can’t install a Wazuh-agent where these logs are being generated, you need to configure the service to send logs via Syslog. For this, you can receive syslog logs in a custom port or store syslog logs in a plaintext file and monitor it with Wazuh. Further information related to this topic can be found in the following links:
Forward syslog events - Your environment · Wazuh documentation https://documentation.wazuh.com/current/cloud-service/your-environment/send-syslog-data.html#forward-syslog-events
If you can install a Wazuh-agent where the logs are being generated, you need to configure the service to write its log to a file, and read it with a localfile. You can find further information in our official documentation: Log Collection How it works - Log data collection · Wazuh documentation
localfile - Local configuration (ossec.conf) · Wazuh documentation https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html
In addition to this, please notice that Wazuh includes a set of rules and decoders to parse the most common products and services. In case you do not see the desired events, it may be possible that some custom rules and decoders must be written. Please refer to the following documentation for additional information related to this topic:
Data analysis - User manual · Wazuh documentation https://documentation.wazuh.com/current/user-manual/ruleset/index.html
I hope this helps.
The recommended option would be to use a Rsyslog server, If you can’t install a Wazuh-agent where these logs are being generated, you need to configure the service to send logs via Syslog. For this, you can receive syslog logs in a custom port or store syslog logs in a plaintext file and monitor it with Wazuh. Further information related to this topic can be found in the following links:
Forward syslog events - Your environment · Wazuh documentation https://documentation.wazuh.com/current/cloud-service/your-environment/send-syslog-data.html#forward-syslog-events
If you can install a Wazuh-agent where the logs are being generated, you need to configure the service to write its log to a file, and read it with a localfile. You can find further information in our official documentation: Log Collection How it works - Log data collection · Wazuh documentation
localfile - Local configuration (ossec.conf) · Wazuh documentation https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html
In addition to this, please notice that Wazuh includes a set of rules and decoders to parse the most common products and services. In case you do not see the desired events, it may be possible that some custom rules and decoders must be written. Please refer to the following documentation for additional information related to this topic:
Data analysis - User manual · Wazuh documentation https://documentation.wazuh.com/current/user-manual/ruleset/index.html
I hope this helps.
Reply all
Reply to author
Forward
0 new messages