Wazuh integration with mailcow or rspamd

127 views
Skip to first unread message

Sonia Azeem

unread,
Dec 4, 2022, 12:52:43 AM12/4/22
to Wazuh mailing list
Hello wazuh Experts!

I am trying to integrate rspamd dashboard (spam filtering solution) with wazuh, is there any possible way of doing this ? Please help 

Juan Nicolás Asselle (Nico Asselle)

unread,
Dec 4, 2022, 10:33:05 PM12/4/22
to Wazuh mailing list
Hi Sonia!

How kind of integration do you need? I'm not familiar with rspamd (research in progress), but what do you have in mind about integrating it with Wazuh?

Looking forward to your comments,
Nico

Sonia Azeem

unread,
Jan 8, 2023, 9:36:12 PM1/8/23
to Wazuh mailing list
Hi juan.asselle

Thank you so much for your reply ,  I hope you are doing well

I am working on mailcow which contains multiple containers like sogo, rspamd ,devcott etc , Now I have changed a little scenario i just want to send only rspamd logs to wazuh and generate alert on that basis …

So I edit agent(docker side) ossec.conf file with this commands: So i can get docker logs possibly

<localfile>

    <log_format>syslog</log_format>

    <location>/var/log/docker/*</location>

  </localfile>

Furthemore, As i mentioned earlier Ionly need to send rspamd logs to wazuh and generate alert on that basis …So, I addedd the path of rspamd container as well with this commands

<localfile>

<log_format>syslog</log_format>

<location>/var/lib/docker/containers/e55dda56492ab3d30166a0f60104af0a8cbec9214b2fc9cef49273c54cb7b793/e55dda56492ab3d30166a0f60104af0a8cbec9214b2fc9cef49273c54cb7b793-json.log</location>

</localfile>

Now am getting alerts  on wazuh manger side But am not getting any logs here in archive folder at wazuh manager side

the path i have given is it ok?? or am missing something

I have attached screenshot

archives.png
alerts.png
Reply all
Reply to author
Forward
0 new messages