Gitlab logs integration

[sv1c0m]

Hello! I have a query about receiving GitLab logs in Wazuh. Wazuh has the integration with gitlab?

I would want to add our Gitlab activity logs to Wazuh and have them all centralized.

Thank you!

[Jesus Linares]

Hi,

At this moment, Wazuh has decoders and rules for:

• application.log / json
  
• sidekiq.log
  
• gitlab_shell.log

Gitlab has the following logs:

• production_json.log
  
• production.log
  
• api_json.log
  
• application.log
  
• application_json.log
  
• integrations_json.log
  
• kubernetes.log
  
• git_json.log
  
• audit_json.log
  
• ...

You can see the full list with more details here: https://docs.gitlab.com/ee/administration/logs.html.

If you want to monitor a file that is not in the default ruleset, we can help you to create the corresponding decoders/rules. Please, keep in mind that if you use JSON log files, you don't need to create decoders since the fields are automatically extracted.

Let me know if you need more help.