How do use a graylog server as the log source for wazuh?

[gopal sati]

Hi,

I am using Graylog v5 which stores logs from various sources, now i want to use Graylog server as the log source and send all these logs to Wazuh manager and display all logs to Wazuh dashboard. 

I did follow the Chat GPT instructions https://chatgpt.com/share/b5367168-d0ab-4d03-a109-3503be65ee09 but my kibana service failed when using UDP, however, when choosing TCP in the config, the kibana service is running but no logs from Graylog to wazuh dashboard showing. 

Please let me know if I use a graylog server as the log source for wazuh?

Thanks

Gopal

[Jeremias Ignacio Posse]

Hello Gopal sati,

Sorry for the delay in my response. I’ll try to help you with this issue. Did you restart the Wazuh manager after making all these changes?

I’m asking because I didn’t see this step mentioned in the guide ChatGPT provided you.

I was looking around for more information about Graylog since I’m not an expert with this tool, and I found this guide that might help you with the Graylog-Wazuh integration.
Installing the New Wazuh version 4.4 — The SOCFortress Way | by SOCFortress | Medium

Also, check if your TCP configuration is correct. Here is some documentation from Wazuh:  Configuring syslog on the Wazuh server - Log data collection

Hope this information helps you. Let me know if you need more assistance!

Greetings, Jeremias