W3c/iis log not beeing sent to wazuh manager

Cristian Radu

unread,

Feb 8, 2022, 9:58:02 AM2/8/22

to Wazuh mailing list

Hi,

I am trying with my windows agent to read a local file saved as *.w3c. On the agent log I can see it is being read, but on the manager side I am not seing anaything in archives.json. How can I troubleshoot this?

Thanks,

C

Mariano Koremblum

unread,

Feb 8, 2022, 10:45:01 AM2/8/22

to Wazuh mailing list

Hi Cristian,

Could you share your configuration with us?

Regards,

Mariano Koremblum

Cristian Radu

unread,

Feb 9, 2022, 3:37:08 AM2/9/22

to Wazuh mailing list

Hi Mariano,

I am actually interested in collecting the logs from a TMG Exchange server. I found that I could save them as *.w3c and collect them from there. I copied a sample log on my windows 10.

I attached the config file.

<localfile>
<location>C:\Users\cradu\Downloads\*.w3c</location>
<log_format>iis</log_format>
</localfile>

From the agent logs it seems that it can see them, even if I add a new file.

2022/02/08 15:48:59 wazuh-agent: INFO: (1957): New file that matches the 'C:\Users\cradu\Downloads\*.w3c' pattern: 'C:\Users\cradu\Downloads\ISALOG_20220208_FWS_000.w3c'.
2022/02/08 15:48:59 wazuh-agent: INFO: (1957): New file that matches the 'C:\Users\cradu\Downloads\*.w3c' pattern: 'C:\Users\cradu\Downloads\ISALOG_20220208_WEB_000.w3c'.

2022/02/08 16:45:14 wazuh-agent: INFO: (1957): New file that matches the 'C:\Users\cradu\Downloads\*.w3c' pattern: 'C:\Users\cradu\Downloads\new 3.w3c'.

But in the archives.json on the wazuh manager I've searched for a log and nothing there

[root@wazuh-manager archives]# cat archives.json | grep harrypotter
[root@wazuh-manager archives]#

I've enable logging everything.

Thanks,

Cristian

ossec.conf

Mariano Koremblum

unread,

Feb 9, 2022, 7:51:09 AM2/9/22

to Wazuh mailing list

Hi Cristian!

Please, let me get this clear. First, you've copied the files to an agent's machine, then added the localfile configuration and after doing so you've restarted your agent and searched for logs in the manager's archive.json file. Is it correct?

PS: Why are you looking for a "harrypotter" string?

Regards,

Allan Patrick Ksiaskiewcz

unread,

Feb 9, 2022, 7:54:41 AM2/9/22

to Wazuh mailing list

Hello. Does anyone know any courses in Portuguese?

Thanks.

Allan

Mariano Koremblum

unread,

Feb 9, 2022, 8:16:04 AM2/9/22

to Wazuh mailing list

Hi Allan,

Please, next time open a new thread for unrelated questions.

I don't think we offer courses in portuguese, please contact our sales team, maybe they can build one for you. You will find more information on this link: https://wazuh.com/professional-services/.

Best regards

Cristian Radu

unread,

Feb 9, 2022, 8:37:10 AM2/9/22

to Wazuh mailing list

Hi Mariano,

Yes, that is correct.

That "harrypotter" string is from the last file I created C:\Users\cradu\Downloads\new 3.w3c. It only has this string. I wanted to find it faster in the logs to check if it is getting on the manager.

BR,

Cristian

Mariano Koremblum

unread,

Feb 9, 2022, 9:14:26 AM2/9/22

to Wazuh mailing list

Ok, so, the problem is that you are first populating the files and then trying to collect the logs from them. The log data collection, right now, is not capable of doing so, it just collects logs that have been written after the first time the file was discovered by the agent.

Despite this, there are two workarounds to do so, that I can think of. The first would be to copy the logs to a backup file, empty the original log file, and then copy+paste the logs back to the original log file/s. You can clear the file with the agent either running or stopped, but you should fill the file with the agent running.

Another possibility (unsafe one, not so much recommended), would be to modify the file’ status while having your agent stopped. To do so, you should locate the file_status.json file on your agent’s installation folder and set your file of interest’s offset to “0”. for example, if you have this:

{"files":[{"path":"/var/log/dpkg.log","hash":"73102ace1c9ebab8ade3a8cdbbe92f9284e4f760","offset":"127600"},{"path":"/var/ossec/logs/active-responses.log","hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","offset":"0"},{"path":"/var/log/syslog","hash":"41f0acb4bdde12e7de8afb8ab556e0b127987ee0","offset":"727"},{"path":"/var/log/auth.log","hash":"507f87a476c50c1ac1bbf02e580f9c5cb1acc883","offset":"899"},{"path":"/var/log/kern.log","hash":"bd735c59c868f39c097141ab3fb85a421d19f138","offset":"170169"},{"path":"/root/test.log","hash":"da382093a20504efbc8b9c7bf5d589d9f686080a","offset":"40"}]}

And, if you want the “/root/test.log” to be read from the beginning, you should modify its offset and set it to “0”, just as follows:

{"files":[{"path":"/var/log/dpkg.log","hash":"73102ace1c9ebab8ade3a8cdbbe92f9284e4f760","offset":"127600"},{"path":"/var/ossec/logs/active-responses.log","hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","offset":"0"},{"path":"/var/log/syslog","hash":"41f0acb4bdde12e7de8afb8ab556e0b127987ee0","offset":"727"},{"path":"/var/log/auth.log","hash":"507f87a476c50c1ac1bbf02e580f9c5cb1acc883","offset":"899"},{"path":"/var/log/kern.log","hash":"bd735c59c868f39c097141ab3fb85a421d19f138","offset":"170169"},{"path":"/root/test.log","hash":"da382093a20504efbc8b9c7bf5d589d9f686080a","offset":"0"}]}

Then restart your agent and it should now collect all the logs from the file/s.

I hope my answer helps you, please let us know!

Best Regards,

Mariano Koremblum

Cristian Radu

unread,

Feb 15, 2022, 9:25:36 AM2/15/22

to Wazuh mailing list

Hello Mariano,

Thanks for the help! I have used the first workaround and I saw the log in archives.json.

Now how can I see those logs in kibana? What are next steps? What do I need?

Thanks,

Cristian

Mariano Koremblum

unread,

Feb 15, 2022, 10:23:52 AM2/15/22

to Wazuh mailing list

Hi Cristian,

Glad to know that it worked. Could you please share one log's JSON event from the `archives.json` file, that you expect to be shown on Kibana, with us?

Best Regards,
Mariano

Cristian Radu

unread,

Feb 15, 2022, 10:51:49 AM2/15/22

to Wazuh mailing list

Hi Mariano,

Attached an example of the log.

This is how it looks in archives.json

{"timestamp":"2022-02-15T17:49:19.412+0200","agent":{"id":"003","name":"r-raduc","ip":"10.1.140.184"},"manager":{"name":"wazuh-manager"},"id":"1644940159.1805509981","full_log":"10.0.122.114\tslatina\\vexgenpres02\tAndroid-SAMSUNG-SM-A105FN/101.11\tY\t2022-02-08\t13:42:33\tW3ReverseProxy\tB-TMG1\t-\tmail.alro.ro\t10.1.220.73\t443\t234\t435\t56944\thttps\tTCP\tPOST\thttp://mail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Sync&User=slatina%5Cvexgenpres02&DeviceId=SEC18B7504E41DC5&DeviceType=SamsungDevice\tapplication/vnd.ms-sync.wbxml\tInet\t200\t0x40000008\tExch2010 ActiveSync\tReq ID: 072efcfc; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes\tInternal\tLocal Host\t0x600\tAllowed\t2022-02-08 13:42:33\t-\tAllowed\t-\t-\t-\t-\t-\t-\t-\t0\t-\t0\t-\t-\t-\t-\t-\t-\t0\t0\t-\t0\t-\t-\t-\tWeb Proxy\tmail.alro.ro\t46160\t-","decoder":{"name":"cylance_threats"},"data":{"cylance_threats":{"file_name":"10.0.122.114\tslatina\\vexgenpres02\tAndroid-SAMSUNG-SM-A105FN/101.11\tY\t2022-02-08\t13:42:33\tW3ReverseProxy\tB-TMG1\t-\tmail.alro.ro\t10.1.220.73","file_status":"443","cylance_score":"234","signature_status":"435","av_industry":"56944","global_quarantined":"https","safelisted":"TCP","signed":"POST"}},"location":"\\Users\\cradu\\Downloads\\log.w3c"}

Thanks,

Cristian

log.w3c

Mariano Koremblum

unread,

Feb 15, 2022, 11:12:30 AM2/15/22

to Wazuh mailing list

Cristian,

I have tested the log, that you have sent us, with our wazuh-logtest tool (check it out here) and the result is the following:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# /var/ossec/bin/wazuh-logtest
Starting wazuh-logtest v4.4.0
Type one log per line

10.0.122.114 slatina\vexgenpres02 Android-SAMSUNG-SM-A105FN/101.11 Y 2022-02-08 13:42:33 W3ReverseProxy B-TMG1 - mail.alro.ro 10.1.220.73 443 234 435 56944 https TCP POST http://mail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Sync&User=slatina%5Cvexgenpres02&DeviceId=SEC18B7504E41DC5&DeviceType=SamsungDevice application/vnd.ms-sync.wbxml Inet 200 0x40000008 Exch2010 ActiveSync Req ID: 072efcfc; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes Internal Local Host 0x600 Allowed 2022-02-08 13:42:33 - Allowed - - - - - - - 0- 0 - - - - - - 0 0 - 0 - — Web Proxy mail.alro.ro 46160 -

**Phase 1: Completed pre-decoding.
full event: ‘10.0.122.114 slatina\vexgenpres02 Android-SAMSUNG-SM-A105FN/101.11 Y2022-02-08 13:42:33 W3ReverseProxy B-TMG1 - mail.alro.ro 10.1.220.73 443234 435 56944 https TCP POST http://mail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Sync&User=slatina%5Cvexgenpres02&DeviceId=SEC18B7504E41DC5&DeviceType=SamsungDevice application/vnd.ms-sync.wbxml Inet 200 0x40000008 Exch2010 ActiveSync Req ID: 072efcfc; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes Internal Local Host 0x600 Allowed 2022-02-08 13:42:33 - Allowed - - - - - - -0 - 0 - - - - - - 0 0 - 0 — - Web Proxy mail.alro.ro 46160 -‘

**Phase 2: Completed decoding.
name: ‘cylance_threats’
cylance_threats.av_industry: ‘56944’
cylance_threats.cylance_score: ‘234’
cylance_threats.file_name: ‘10.0.122.114 slatina\vexgenpres02 Android-SAMSUNG-SM-A105FN/101.11 Y 2022-02-08 13:42:33 W3ReverseProxy B-TMG1 - mail.alro.ro10.1.220.73’
cylance_threats.file_status: ‘443’
cylance_threats.global_quarantined: ‘https’
cylance_threats.safelisted: ‘TCP’
cylance_threats.signature_status: ‘435’
cylance_threats.signed: ‘POST’

**Phase 3: Completed filtering (rules).
id: ‘87050’
level: ‘0’
description: ‘Cylance threats messages grouped.’
groups: ‘[‘cylance’]’
firedtimes: ‘1’
mail: ‘False’
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This shows that your event is not producing any alert (level: ‘0’). Any event that matches a rule should be above the log_alert_level, set in the manager’s ossec.conf file, in order to trigger an alert and so it is then displayed on Kibana.

You can still configure Kibana to collect all the logs from the archives.json file, even though they do not trigger any alert. Please, let us know if that is what you are looking for.

Best Regards,
Mariano Koremblum

Cristian Radu

unread,

Feb 16, 2022, 10:06:46 AM2/16/22

to Wazuh mailing list

Hi Mariano,

So I have two options here.

1. to create a matching rule set that would trigger an alert. If so, how can I do that?

2. to configure kibana to collect all logs from archives.json. How can I do that?

Which option do you recommend going forward?

Thanks,

Cristian

Mariano Koremblum

unread,

Feb 16, 2022, 10:38:14 AM2/16/22

to Wazuh mailing list

Well, in this case, we know that this particular log, that we have used for testing, is matching against rule 87050. So you could create a child rule to match with it given some pattern or just set a higher alert level for every event that passes through.

If you want to match every event of this kind, you could simply add the following to your manager’s /var/ossec/etc/rules/local_rules.xml file:

<rule id="187051" level="3">
    <if_sid>87050</if_sid>
    <description>Cylance event.</description>
</rule>

If you want to do a more complex rule matching, I would strongly recommend you to read the following links:

I think this is the best option because is more restrictive and it won’t flood your Kibana dashboard as if you were ingesting all the logs. If you still want to ingest every single log located on the archives.json file, please let us know.

Best Regards,
Mariano Koremblum

Cristian Radu

unread,

Feb 21, 2022, 10:10:33 AM2/21/22

to Wazuh mailing list

Hi Mariano,

I tested myself the wazuh-logtest and for some it is working, for others it doesn't. How can I create myself a decoder? This is similar to creating a parser for the log?

[root@wazuh-manager ~]# /var/ossec/bin/wazuh-logtest
Starting wazuh-logtest v4.2.5

Type one log per line

178.138.193.52 (LDAP)m30178 Android-SAMSUNG-SM-A405FN/101.9 2022-02-08 13:43:17 B-TMG1 - webmail.alro.ro 10.0.3.102 443 633910 391 435 https POST http://webmail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm30178&DeviceId=SEC1768C017FB6E2&DeviceType=SamsungDevice application/vnd.ms-sync.wbxml Inet 200 Slatina ActiveSync Req ID: 072ee238; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed dcsl01.slatina.marcogroup.local Allowed - - - - - - 0 - 0 - - - None webmail.alro.ro 20593 -

**Phase 1: Completed pre-decoding.
full event: '178.138.193.52 (LDAP)m30178 Android-SAMSUNG-SM-A405FN/101.9 2022-02-08 13:43:17 B-TMG1 - webmail.alro.ro 10.0.3.102 443 633910 391 435 httpsPOST http://webmail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm30178&DeviceId=SEC1768C017FB6E2&DeviceType=SamsungDevice application/vnd.ms-sync.wbxml Inet 200 Slatina ActiveSync Req ID: 072ee238; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed dcsl01.slatina.marcogroup.local Allowed - - - - - - 0 - 0 - - - None webmail.alro.ro 20593-'

**Phase 2: Completed decoding.
No decoder matched.

46.97.176.144 (LDAP)m25059 Android-SAMSUNG-SM-A530F/101.9 Y 2022-02-08 13:43:17 W3ReverseProxy B-TMG1 - webmail.alro.ro 10.0.3.102 443 685905 398 455 httpsTCP POST http://webmail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm25059&DeviceId=SEC1D47C937AC571&DeviceType=SamsungDevice application/vnd.ms-sync.wbxml Inet 200 0x40000008 Slatina ActiveSync Req ID: 072ee0dc; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed 2022-02-08 13:43:17 dcsl01.slatina.marcogroup.local Allowed - - - - - - - 0 - 0- - - - - - 0 0 - 0 - - - None webmail.alro.ro 60196 -

**Phase 1: Completed pre-decoding.
full event: '46.97.176.144 (LDAP)m25059 Android-SAMSUNG-SM-A530F/101.9 Y 2022-02-08 13:43:17 W3ReverseProxy B-TMG1 - webmail.alro.ro 10.0.3.102 443 685905398 455 https TCP POST http://webmail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm25059&DeviceId=SEC1D47C937AC571&DeviceType=SamsungDevice application/vnd.ms-sync.wbxmlInet 200 0x40000008 Slatina ActiveSync Req ID: 072ee0dc; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed 2022-02-08 13:43:17 dcsl01.slatina.marcogroup.local Allowed - - - - - - -0 - 0 - - - - - - 0 0 - 0 - - - None webmail.alro.ro 60196 -'

**Phase 2: Completed decoding.
name: 'cylance_threats'

cylance_threats.av_industry: '455'
cylance_threats.cylance_score: '685905'
cylance_threats.file_name: '46.97.176.144 (LDAP)m25059 Android-SAMSUNG-SM-A530F/101.9 Y 2022-02-08 13:43:17 W3ReverseProxy B-TMG1 - webmail.alro.ro 10.0.3.102'

cylance_threats.file_status: '443'
cylance_threats.global_quarantined: 'https'
cylance_threats.safelisted: 'TCP'

cylance_threats.signature_status: '398'

cylance_threats.signed: 'POST'

**Phase 3: Completed filtering (rules).

id: '187051'
level: '3'
description: 'TMG event'
groups: '['local', 'syslog', 'sshd']'
firedtimes: '1'
mail: 'False'
**Alert to be generated.

82.79.209.49 anonymous Microsoft Office/16.0 (Windows NT 6.2; MAPI 16.0.10382; Pro) N 2022-02-08 13:43:17 W3ReverseProxy B-TMG1 - autodiscover.vimetco.ro 10.1.52.101 443 32 318 2408 https TCP GET http://autodiscover.vimetco.ro/autodiscover/autodiscover.json?Email=ababolea%40vimetco.ro&Protocol=REST&RedirectCount=1 - - 12309 0x0 -Req ID: 072f064c; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes - - 0x0 Denied 2022-02-08 13:43:17 - Allowed - - - - Unknown - - 0 - 0 - - - - - - 0 0 - 0- - - Web Proxy - 51503 -

**Phase 1: Completed pre-decoding.
full event: '82.79.209.49 anonymous Microsoft Office/16.0 (Windows NT 6.2; MAPI 16.0.10382; Pro) N 2022-02-08 13:43:17 W3ReverseProxy B-TMG1 - autodiscover.vimetco.ro 10.1.52.101 443 32 318 2408 https TCP GET http://autodiscover.vimetco.ro/autodiscover/autodiscover.json?Email=ababolea%40vimetco.ro&Protocol=REST&RedirectCount=1 - - 12309 0x0 - Req ID: 072f064c; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes - - 0x0 Denied 2022-02-08 13:43:17 - Allowed - - - - Unknown - - 0 - 0 - - - -- - 0 0 - 0 - - - Web Proxy - 51503 -'

**Phase 2: Completed decoding.
No decoder matched.

**Phase 3: Completed filtering (rules).

id: '1002'
level: '2'
description: 'Unknown problem somewhere in the system.'
groups: '['syslog', 'errors']'
firedtimes: '1'
gpg13: '['4.3']'
mail: 'False'

52.97.154.85 (LDAP)m33488 Outlook-iOS-Android/1.0 Y 2022-02-08 13:43:18 W3ReverseProxy B-TMG1 - mail.alro.ro 10.0.3.102 443 179978 450 448 https TCP POST http://mail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm33488&DeviceId=9e2f9e27a407404da209771056b15d5e&DeviceType=Outlook application/vnd.ms-sync.wbxml Inet 200 0x40000008 Slatina ActiveSync Req ID: 072ef102; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed 2022-02-08 13:43:18 dcsl01.slatina.marcogroup.local\dcsl01.slatina.marcogroup.local Allowed - - - - - -- 0 - 0 - - - - - - 0 0 - 0 - - - None mail.alro.ro 57717 -

**Phase 1: Completed pre-decoding.
full event: '52.97.154.85 (LDAP)m33488 Outlook-iOS-Android/1.0 Y 2022-02-08 13:43:18 W3ReverseProxy B-TMG1 - mail.alro.ro 10.0.3.102 443 179978 450 448 https TCP POST http://mail.alro.ro/Microsoft-Server-ActiveSync?Cmd=Ping&User=slatina%5Cm33488&DeviceId=9e2f9e27a407404da209771056b15d5e&DeviceType=Outlook application/vnd.ms-sync.wbxmlInet 200 0x40000008 Slatina ActiveSync Req ID: 072ef102; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes External Local Host 0x780 Allowed 2022-02-08 13:43:18 dcsl01.slatina.marcogroup.local\dcsl01.slatina.marcogroup.local Allowed - - -- - - - 0 - 0 - - - - - - 0 0 - 0 - - - None mail.alro.ro 57717 -'

**Phase 2: Completed decoding.
name: 'cylance_threats'

cylance_threats.av_industry: '448'
cylance_threats.cylance_score: '179978'
cylance_threats.file_name: '52.97.154.85 (LDAP)m33488 Outlook-iOS-Android/1.0 Y 2022-02-08 13:43:18 W3ReverseProxy B-TMG1 - mail.alro.ro 10.0.3.102'

cylance_threats.file_status: '443'
cylance_threats.global_quarantined: 'https'
cylance_threats.safelisted: 'TCP'

cylance_threats.signature_status: '450'

cylance_threats.signed: 'POST'

**Phase 3: Completed filtering (rules).

id: '187051'
level: '3'
description: 'TMG event'
groups: '['local', 'syslog', 'sshd']'
firedtimes: '2'
mail: 'False'
**Alert to be generated.

Thanks,

Cristian

Mariano Koremblum

unread,

Feb 22, 2022, 3:24:07 PM2/22/22

to Wazuh mailing list

Hi Cristian,

For sure you can create your own rules and decoders and add them to the default ruleset. I strongly recommend you to read the following articles:

I also encourage you to open a new thread/discussion on any of our official community channels when you have a different question, not completely related to the thread's main topic, that would help our community to easily find topics, with which they may be struggling with as well.

Best Regards,

Mariano Koremblum

Cristian Radu

unread,

Feb 23, 2022, 3:18:56 AM2/23/22

to Mariano Koremblum, Wazuh mailing list

Hi Mariano,

Thanks for the info!

Point taken, will open a new thread to help others as well.

Thanks,

Cristian

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/_07O5e08Yz4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a102577b-6236-4fc1-b44f-51044e272b40n%40googlegroups.com.

Mariano Koremblum

unread,

Feb 23, 2022, 6:59:31 AM2/23/22

to Wazuh mailing list

You are welcome Cristian! We are always happy to help our community!

Best Regards,

Mariano Koremblum

Reply all

Reply to author

Forward