send custom logs to wazuh with curl
36 views
Skip to first unread message
Md. Reazul Islam
Jun 29, 2024, 6:47:50 AM (4 days ago) Jun 29
to Wazuh | Mailing List
Hello,
is it possible to send custom logs (using curl or other script) to Wazuh so that I can display that logs in dashboard / graph ?
is it possible to send custom logs (using curl or other script) to Wazuh so that I can display that logs in dashboard / graph ?
Anthony Faruna
Jun 29, 2024, 9:49:07 PM (4 days ago) Jun 29
to Md. Reazul Islam, Wazuh | Mailing List
Hello,
You can create a custom script to fetch the data from the log source and store it on a local server for a Wazuh agent to monitor the log file or configure the Wazuh server to collect the logs via Syslog
Once you confirm the logs are getting to the Wazuh manager, you need to confirm using Wazuh Logtest if the logs are decoded with the Wazuh default decoder and alerts are generated. If the logs are not decoded, you will need to create custom decoders and rules for the logs to be decoded and alerts displayed on the Wazuh dashboard.
Hope this information helps you.
Hope this information helps you.
.
Regards,
Regards,
On Sat, Jun 29, 2024 at 12:48 PM Md. Reazul Islam <reaz...@gmail.com> wrote:
Hello,
is it possible to send custom logs (using curl or other script) to Wazuh so that I can display that logs in dashboard / graph ?
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/8bbfcac1-c8a0-4bff-9cc6-252859700dd1n%40googlegroups.com.
Anthony Faruna
Jul 1, 2024, 6:27:07 PM (2 days ago) Jul 1
to Md. Reazul Islam, Wazuh mailing list
Hello,
Yes, it's possible to send logs without an agent.
You can configure Syslog on the Wazuh server to collect logs via endpoints that don't support agent installation.
Also, the Wazuh Agentless monitoring capability uses the SSH (Secure Shell) protocol to collect and transfer events from endpoints that do not support agent installation to the Wazuh server.
You can reference our blog post on Integrating SentinelOne XDR with Wazuh to check how logs were retrieved from the SentinelOne API endpoint.
I hope this helps.
Regards
On Sun, Jun 30, 2024 at 5:40 AM Md. Reazul Islam <reaz...@gmail.com> wrote:
Thank you for your reply.
Actually I am talking about log sending without an agent.
Is it possible to send logs to wazuh ? (It can possible in Elasticsearch)
If possible then how ? API ? Which API/END POINT we can use to send logs?
Yes for custom logs, we may need to create custom decoders and rules
Reazul Islam
10:02 AM (2 hours ago) 10:02 AM
to Wazuh | Mailing List
In Wazuh 4.8, I can send logs using /evets.
but it stores logs in archive index.
how to create new custom index ? How to send logs directly to that new index?
I may need to create new decoder & rules set for my log.
but it stores logs in archive index.
how to create new custom index ? How to send logs directly to that new index?
I may need to create new decoder & rules set for my log.
Reply all
Reply to author
Forward
0 new messages