Web Application Monitoring
32 views
Skip to first unread message
Emeka Ajaegbu
Jul 24, 2024, 3:51:16 AM7/24/24
to Wazuh | Mailing List
Hi everyone,
How do I setup Wazuh to monitor web apps? I want to be able to get things like user activity logs etc.
Thank you
Benjamin Nworah
Jul 24, 2024, 5:24:25 AM7/24/24
to Wazuh | Mailing List
Dear Emeka Ajaegbu,
You can use Wazuh to monitor web application by installing and configuring Wazuh agent on the machine hosting the Web Application. For example, if you have the web application logs saved in <full_path/log_file> file, you can append the below configuration in the Wazuh agent ossec.conf file:
<ossec_config>
<localfile>
<location><full_path/log_file></location>
<log_format>syslog</log_format>
</localfile>
<localfile>
<location><full_path/log_file></location>
<log_format>syslog</log_format>
</localfile>
</ossec_config>
After including the above configuration, restart the Wazuh agent service to apply the changes.
You will have to write custom decoders and rules to parse and generate alerts for these web application logs on the Wazuh dashboard. You can refer to our documentations on how to write decoders/rules.
Custom decoders: https://documentation.wazuh.com/current/user-manual/ruleset/decoders/custom.html
Rule syntax : https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html
Decoder syntax: https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/decoders.html
Custom decoders: https://documentation.wazuh.com/current/user-manual/ruleset/decoders/custom.html
Rule syntax : https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html
Decoder syntax: https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/decoders.html
Please let me know if this helps.
Regards,
Regards,
Reply all
Reply to author
Forward
0 new messages