Query regarding monitoring of DNS traffic
45 views
Skip to first unread message
sau sau
Dec 19, 2023, 1:47:07 AM12/19/23
to Wazuh | Mailing List
Hello team,
I want to utilize command monitoring cabability to monitor my DNS traffic.
sudo script -q -c "sudo tcpdump -l port 53 2>/dev/null | grep --line-buffered ' A ' | cut -d' ' -f9"
I want to utilize command monitoring cabability to monitor my DNS traffic.
sudo script -q -c "sudo tcpdump -l port 53 2>/dev/null | grep --line-buffered ' A ' | cut -d' ' -f9"
Unlike commands like netstat, tcpdump gives continuous output. How do i monitor such commands using wazuh?
Harshal Paliwal
Dec 19, 2023, 2:26:36 AM12/19/23
to Wazuh | Mailing List
Hi Sau,
Thanks for using Wazuh!
Allow me some time to check it and I will get back to you with proper updates as soon as possible.
Regards
Allow me some time to check it and I will get back to you with proper updates as soon as possible.
Regards
Harshal Paliwal
Dec 19, 2023, 3:53:41 AM12/19/23
to Wazuh | Mailing List
Hi Team,
Thanks for using the Wazuh.
Wazuh command monitoring capability allows you to monitor the output of specific commands and treat the output as log content. Command monitoring can be used to monitor a variety of things, such as disk space utilization, load average, a change in network listeners, and running processes to ensure all important processes are running.
As the tcpdump command gives continuous output. In this case, you can store the output of the command into a file and you can monitor that file using the <localfile>.
You can learn more about log file monitoring here: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/monitoring-log-files.html
Reference:
https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-command.html#interval
I hope this information is helpful to you. Please feel free to contact us if you have any questions.
Regards,
Regards,
Reply all
Reply to author
Forward
0 new messages