IIS Integration Wazuh

398 views
Skip to first unread message

John Carry

unread,
Apr 5, 2023, 8:35:06 AM4/5/23
to Wazuh mailing list
Dear Wazuh Team,
I have installed a windows machine with Wazuh and  its successfully been integrated and Alerts are been received at wazuh, but when I am trying to integrate IIS by following the official method I am not observing  IIS relevant logs at wazuh end.
Further be noted that I have successfully enabled IIS application and IIS logs are successfully been populated inside file:
1.PNG
Logs inside above file:
3.PNG

Below is the configuration added in ossec.conf at Windows machine end:
2.PNG
Please help out to resolve the issue.

John Carry

unread,
Apr 6, 2023, 12:31:38 AM4/6/23
to Wazuh mailing list
Dear Wazuh Team,
Any progressive update ?

John Carry

unread,
Apr 10, 2023, 12:27:57 AM4/10/23
to Wazuh mailing list
Anyone there to respond?

Miguel Casares

unread,
Apr 10, 2023, 1:48:42 AM4/10/23
to Wazuh mailing list
Hello John,

Can you share with us the version of the Wazuh agent, the ossec.log file and a sample of the logs so I can test this in my environment?

Bear in mind that after adding the configuration you should restart the agent and the agent will automatically detect new lines in the file. Just to discard no new lines are being added and for that reason the agent is not reading them.

Looking forward to your response.

Regards,

Miguel
Reply all
Reply to author
Forward
0 new messages