Integrate Cloudflare logs with Wazuh
3,327 views
Skip to first unread message
F. Meh
Apr 10, 2023, 12:23:32 AM4/10/23
to Wazuh mailing list
Hi all,
I need to add Cloudflare Logs to my Wazuh instance. Some quick searches tell me that I need to push the Cloudflare Logs to Google Drive (or some other cloud storage service), and then forward the logs to my Wazuh instance.
Does anybody here have details regarding these steps?
Does anybody here have details regarding these steps?
Best regards.
Nicolas Alejandro Bertoldo
Apr 10, 2023, 12:39:25 PM4/10/23
to Wazuh mailing list
Hi Faisal,
Thanks for using Wazuh!
As you mentioned, you first need to configure Cloudflare to push the logs to your storage service: https://developers.cloudflare.com/logs/get-started/enable-destinations/
Then, here you can find information about how to monitor AWS, Microsoft Azure, or GCP services.
I hope this helps. Let me know if you have any question.
As you mentioned, you first need to configure Cloudflare to push the logs to your storage service: https://developers.cloudflare.com/logs/get-started/enable-destinations/
Then, here you can find information about how to monitor AWS, Microsoft Azure, or GCP services.
I hope this helps. Let me know if you have any question.
Regards
F. Meh
Apr 12, 2023, 5:23:00 AM4/12/23
to Wazuh mailing list
Thanks for the help. I'll checkout the link.
Khul Sat
Feb 6, 2024, 6:33:22 AM2/6/24
to Wazuh | Mailing List
Greetings & Apologies to dig out old thread!
I have configured Cloudflare logpush to AWS S3 bucket & configured at S3 bucket at Wazuh Manager. Somehow this is not working and failing with following debug error -
DEBUG: ++ Skipping file with another prefix: example.com/logs/20240114/20240114T234715Z_20240114T234816Z_b7494a5f.log.gz DEBUG: ++ Skipping file with another prefix: example.com/logs/20240114/20240114T234817Z_20240114T234917Z_568df56a.log.gz DEBUG: ++ Skipping file with another prefix: example.com/logs/20240114/20240114T234918Z_20240114T235018Z_2acf5dbd.log.gz DEBUG: ++ Skipping file with another prefix: example.com/logs/20240114/20240114T235019Z_20240114T235118Z_aff832de.log.gzMy ossec.conf block looks like this -
<!-- AWS log intigration --> <wodle name="aws-s3"> <disabled>no</disabled> <interval>10m</interval> <run_on_start>yes</run_on_start> <skip_on_error>yes</skip_on_error> -- [TRUNCATED] -- [MULTIPLE BUCKETS] <!-- CloudFlare S3 Bucket --> <!-- bucket type="server_access" --> <bucket type="custom"> <only_logs_after>2023-FEB-01</only_logs_after> <name>logs-cloudflare-logpush-s3-bucket</name> <path>example.com/logs</path> <aws_profile>cloudflare-s3</aws_profile> </bucket> </wodle>Thanks,KS
Khul Sat
Feb 7, 2024, 1:20:04 PM2/7/24
to Wazuh | Mailing List
Hello!
Any help would be highly appreciated!
Your comments are awaited.
Thnks,KS
Reply all
Reply to author
Forward
0 new messages