Scripts in Wazuh calling API for logs

[Jayakrishnan P]

Hi All,

I have a doubt regarding which port wazuh uses when a bunch of scripts inside wazuh server calls an API to collect logs. 

Thanks

Jayakrishnan

[Jesus Linares]

Hi Jayakrishnan,

Sorry, but I'm not sure if I understand your question. Could you give us more details or an example?

Here you can find the port that Wazuh uses: https://documentation.wazuh.com/current/getting-started/architecture.html#required-ports.

I hope it helps.

[Jayakrishnan P]

Thanks  Jesus Linares for replying. Sorry if I didn't conveyed what I meant correctly. Let's say I want to collect office365 logs in wazuh, 

I want to write scripts to call O365 API and run them in the wazuh server, right? So myquestion is, when API call happens through which 

port is used to send the request to O365 API and receive the response. Please don't mind if the question is naive. I am a begginner.

Regards

Jayakrishnan

[Jesus Linares]

Hello Jayakrishnan,

Thanks for the clarification. So, if you run a script in the wazuh server to pull events from some other tool, and you need to send it to Wazuh, you just need to send the event to a local socket (located in /var/ossec/queue/sockets/queue).

You could use this Python function: send_msg - https://github.com/wazuh/wazuh/blob/master/wodles/aws/aws_s3.py#L327. The main part is:

            s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
            s.connect(self.wazuh_queue)
            s.send("{header}{msg}".format(header=self.msg_header, msg=json_msg if dump_json else msg).encode())
            s.close()

I hope it helps.

[Jayakrishnan P]

Thanks a lot  Jesus Linares