Does wazuh support syslog over TLS?
1,038 views
Skip to first unread message
Daniel D'Angeli
May 31, 2023, 4:26:21 AM5/31/23
to Wazuh mailing list
Hi,
we need to implement syslog retrieving from a remote source.
Regards,
Daniel D.
Manuel Jose Cano Rojo
May 31, 2023, 7:24:27 AM5/31/23
to Wazuh mailing list
Hi Daniel,
Unfortunately, Wazuh does not support syslog over TLS natively, you can follow the issue status in GitHub to keep yourself updated about the progress of this feature, #11197 and #11198.
Despite this, you can do it using TCP or UDP, as it is explained in our documentation.
Hope this helps.
Regards,
Manuel.
Daniel D'Angeli
May 31, 2023, 8:13:23 AM5/31/23
to Wazuh mailing list
Hi,
thanks for the clarification. Can Wazuh retrieve logs from a remote API?
Regards,
Daniel D.
Manuel Jose Cano Rojo
Jun 2, 2023, 3:16:11 AM6/2/23
to Wazuh mailing list
Hi Daniel,
sorry for my late response.
sorry for my late response.
Sure, you can do it via Logcollector. You will have to retrieve these logs using a specific call to the API you want to retrieve logs from. Then, you can add the resulting file to a Logcollector configuration block in the ossec.conf file. For example:
<localfile>
<location>/var/log/example.log</location>
<log_format>syslog</log_format>
</localfile>
<location>/var/log/example.log</location>
<log_format>syslog</log_format>
</localfile>
Here you can consult the documentation about log collection and its capabilities. Hope it helps.
Regards,
Manuel.
Regards,
Manuel.
Reply all
Reply to author
Forward
0 new messages