Router logs integration into Wazuh
762 views
Skip to first unread message
Peter Lyons
Aug 23, 2023, 3:02:31 AM8/23/23
to Wazuh mailing list
Hi, I have an Asus router with merlin software and I would like to the router to be integrated into Wazuh. I could setup the router as an agentless device but not sure how to get the Wazuh manager to receive the router logs.
Any ideas?
Awwal Ishiaku
Aug 23, 2023, 3:33:56 AM8/23/23
to Wazuh mailing list
Hi Peter,
Agentless monitoring in Wazuh executes commands on the router via SSH and processes the output of the commands as log input. Is this what you are referring to?
Here is a guide for agentless monitoring in Wazuh.
Here is a guide for agentless monitoring in Wazuh.
Is this what you want? or do you want to forward syslog from the router to the Wazuh server?
Regards.
Regards.
Peter Lyons
Aug 23, 2023, 3:39:54 AM8/23/23
to Wazuh mailing list
Hi Assal,
I want the Wazuh server to monitor the router syslog.
Can I forward the router syslog to the Wazuh server?
Regards.
Awwal Ishiaku
Aug 23, 2023, 3:46:21 AM8/23/23
to Wazuh mailing list
You can forward syslog to the Wazuh server. You need to verify that your router can send syslog messages.
And then configure the Wazuh server to listen for syslog messages by following the guide here.
You may need to create custom rules and decoders to parse your logs if Wazuh doesn't already support it.
Regards
You may need to create custom rules and decoders to parse your logs if Wazuh doesn't already support it.
Regards
Reply all
Reply to author
Forward
0 new messages