Huawei Switch and Wazuh integration.
246 views
Skip to first unread message
Sairaj Bhagat (Cybertron)
Apr 3, 2024, 6:18:52 AM4/3/24
to Wazuh | Mailing List
Hello,
I am trying to integrate huawei switch with wazuh ,i made the changes into /etc/rsyslog.conf to receive the syslogs logs, tried verifying by sudo tcpdump -i any udp port 514 -vv , the logs are coming.
then i made the configurations in wazuh manager, decoder and rules(kept the rule level to 3 as i wanted to see them in alerts).
Also i had enabled logall and logalljson and then in archives.json i was seeing logs.
but i wasnt seeing them in security events.
I am trying to integrate huawei switch with wazuh ,i made the changes into /etc/rsyslog.conf to receive the syslogs logs, tried verifying by sudo tcpdump -i any udp port 514 -vv , the logs are coming.
then i made the configurations in wazuh manager, decoder and rules(kept the rule level to 3 as i wanted to see them in alerts).
Also i had enabled logall and logalljson and then in archives.json i was seeing logs.
but i wasnt seeing them in security events.
wheres the problem at ,what did i do wong?
Nicolas Alejandro Bertoldo
Apr 3, 2024, 10:01:35 AM4/3/24
to Wazuh | Mailing List
Hi Sairaj,
I hope you are well. In case these events are generating alerts, they should appear in the alerts.log | json file, have you checked this?
In addition, you can manually check if these events are triggering alerts using wazuh-logtest: Testing decoders and rules
I hope you are well. In case these events are generating alerts, they should appear in the alerts.log | json file, have you checked this?
In addition, you can manually check if these events are triggering alerts using wazuh-logtest: Testing decoders and rules
Hope this helps, let me know how it went.
Regards
Regards
Reply all
Reply to author
Forward
0 new messages