wazuh setup
31 views
Skip to first unread message
ilian georgiev
Nov 21, 2024, 5:54:53 AM11/21/24
to Wazuh | Mailing List
Can I configure VAZUH without having installed agents on the computers?
If I can configure it, what are the steps?
hasitha.u...@wazuh.com
Nov 21, 2024, 7:20:18 AM11/21/24
to Wazuh | Mailing List
Hi ilian,
I believe you already already Wazuh setup and you need to integrate logs without installing the agent from the endpoint.
You can do this for the Linux servers by sending logs through syslog.
To that you need to configure Wazuh manager to listen syslogs by following documentation.
Ref: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html#configuring-syslog-on-the-wazuh-server
Ensure the Wazuh server allows incoming traffic on the specified syslog port.
Then you need to config syslog in the Linux machine to forward the all logs to Wazuh-manager.
sudo nano /etc/syslog.conf
*.* @@<Wazuh-server-IP>:514
Then restart the syslog service of the endpoint
sudo systemctl restart syslog
I believe for Windows you need to install Wazuh agent.
But I recommend you to install Wazuh agent to have all functionality like File integrity monitoring, rootcheck etc...
Ref: https://documentation.wazuh.com/current/user-manual/capabilities/index.html
To install an agent you can follow this.
Ref: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html#wazuh-agent
Let me know if this helps.
Regards,
Hasitha Upekshitha
I believe you already already Wazuh setup and you need to integrate logs without installing the agent from the endpoint.
You can do this for the Linux servers by sending logs through syslog.
To that you need to configure Wazuh manager to listen syslogs by following documentation.
Ref: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html#configuring-syslog-on-the-wazuh-server
Ensure the Wazuh server allows incoming traffic on the specified syslog port.
Then you need to config syslog in the Linux machine to forward the all logs to Wazuh-manager.
sudo nano /etc/syslog.conf
*.* @@<Wazuh-server-IP>:514
Then restart the syslog service of the endpoint
sudo systemctl restart syslog
I believe for Windows you need to install Wazuh agent.
But I recommend you to install Wazuh agent to have all functionality like File integrity monitoring, rootcheck etc...
Ref: https://documentation.wazuh.com/current/user-manual/capabilities/index.html
To install an agent you can follow this.
Ref: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html#wazuh-agent
Let me know if this helps.
Regards,
Hasitha Upekshitha
Reply all
Reply to author
Forward
0 new messages