Send syslog to Wazuh

13 views
Skip to first unread message

Trường An Tô Nguyễn

unread,
Sep 8, 2025, 10:11:22 AM (19 hours ago) Sep 8
to Wazuh | Mailing List


Hi all,

I've recently set up Wazuh using Docker containers. I also have another application, Claroty CTD, which is configured to send Syslog messages to a designated Syslog server.

In the Wazuh configuration file (/var/ossec/etc/ossec.conf), I enabled the following settings:

Screenshot 2025-09-08 at 15.34.52.png

And for remote Syslog input, I added:

Screenshot 2025-09-08 at 15.34.59.png

Using tcpdump, I can confirm that Syslog messages are arriving at the machine. However, I don't see any of these logs reflected in Wazuh. I've checked the following log files:

  • /var/ossec/logs/archives/archives.log
  • /var/ossec/logs/archives/archives.json
  • /var/ossec/logs/alerts/alerts.log
  • /var/ossec/logs/alerts/alerts.json
  • /var/ossec/logs/ossec.log

Despite this, the logs from Claroty CTD are not appearing.

Any ideas or suggestions on what might be missing or misconfigured?

Thanks in advance!


Reply all
Reply to author
Forward
0 new messages