Wazuh doesn't send alerts to PagerDuty

[Gal Akavia]

Hi Pro's, Using all-in-one version 4.1.5. Having already 4 wazuh applications in our environment that integrated to PagerDuty.

All of them works fine by sending incidents\alerts but one of them seems does not send alerts to PD (and they are all configured the same way).

I checked the following

#cat /var/ossec/logs/integrations.log

but nothing, empty file.

Next i set integrator.debug=2 at /var/ossec/etc/local_internal_options.conf . but it's still the same.

What am i missing? Any suggestions please??

[Federico Gustavo Caffieri]

Hi gulguly64, to enable PagerDuty integration, you can follow this links to validate your configurations:
- https://documentation.wazuh.com/4.1/user-manual/reference/ossec-conf/integration.html#configuration-example
- https://documentation.wazuh.com/4.1/user-manual/manager/manual-integration.html#pagerduty

To generate the API Key Token you must create a PagerDuty new integration and generate it's own token. 

You can do this going to following this link: https://support.pagerduty.com/docs/generating-api-keys#section-rest-api-keys

With this configuration you should see alerts on PagerDuty.

I will ask you a couple of questions:

To give you a better help, could you share the settings applied for the integration with PagerDuty?

A known error is that in some cases having more than one integration working together, some of them may fail. Do you have more than one integration configured? to check where the problem comes from.

Another question, after changing the configuration in the file /var/ossec/etc/internal_options.conf, did you restart the manager? To activate de debug level log.

Thank you, regards. 

[Gal Akavia]

fix it with restart .. :) tnx!