Decoder for Windows directory services log
36 views
Skip to first unread message
mailtosa...@gmail.com
Jun 16, 2024, 10:30:37 AM6/16/24
to Wazuh | Mailing List
Hi Team
I am trying to tweak the existing windows decoder "0380-windows_decoders.xml" to decode log events from data.win.system.channel:Directory Service for testing purpose.
Can some one point in direction to decode event for Directory services logs.
I have ingested the log through event_channel on windows AD server installed agent.
Regards
Sanjay
Openime Oniagbi
Jun 18, 2024, 3:59:45 AM6/18/24
to Wazuh | Mailing List
Hi,
I would like to know if you have tried using the Wazuh Logtest feature on those logs. Logs from Windows endpoints are usually automatically decoded by Wazuh.
I would like to know if you have tried using the Wazuh Logtest feature on those logs. Logs from Windows endpoints are usually automatically decoded by Wazuh.
To try the Wazuh logtest using the Wazuh dashboard or the command line tool, follow either of these steps:
- Go to Tools > Ruleset test in the Wazuh dashboard.
- Run /var/ossec/bin/wazuh-logtest from the command line.
Also, you would find those logs in the Wazuh archives if they do not trigger any rules, as long as you have the Wazuh archives feature turned on.
Please let me know the test result and if you need any further assistance.
Please let me know the test result and if you need any further assistance.
Reply all
Reply to author
Forward
0 new messages