Monitoring logs on the Wazuh server
281 views
Skip to first unread message
fernando vargas
Dec 10, 2022, 6:23:47 PM12/10/22
to Wazuh mailing list
Hello,
I would like to monitor a specific log file on my wazuh server. Something like /home/user/events.log.
How can I do the configuration?
Thanks in advance.
I would like to monitor a specific log file on my wazuh server. Something like /home/user/events.log.
How can I do the configuration?
Thanks in advance.
Mariano Koremblum
Dec 10, 2022, 10:13:38 PM12/10/22
to Wazuh mailing list
Hi!
I would recommend you reading the following links:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/log-data-configuration.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html
In this case, you should set up a localfile configuration block like the following one:
<localfile>
<location>/var/log/messages</location>
<log_format>syslog</log_format>
</localfile>
This is for standard syslog logs, in case it has another format, please take a look to the following link:
Best regards,
Mariano Koremblum
fernando vargas
Dec 11, 2022, 11:54:27 PM12/11/22
to Wazuh mailing list
Thanks Mariano
Mariano Koremblum
Dec 12, 2022, 12:22:01 AM12/12/22
to Wazuh mailing list
Hi,
Sorry, just saw that I forgot to change the location to the one that you specified. It would be like this:
<localfile>
<location>/home/user/events.log</location>
<log_format>syslog</log_format>
</localfile>
Best regards,
Mariano Koremblum
Reply all
Reply to author
Forward
0 new messages