Wazuh integration with watchguard firewall
991 views
Skip to first unread message
Vyom Thaker
Nov 11, 2022, 2:16:50 AM11/11/22
to Wazuh mailing list
Hello everyone,
I am working on a project "Wazuh integration with watchguard firewall". And I am very confused about how the logs will come to the elastic. Can someone guide me to this???
I am working on a project "Wazuh integration with watchguard firewall". And I am very confused about how the logs will come to the elastic. Can someone guide me to this???
I have configured syslog on my Watchguard firewall. But from this point I am totally clueless. Can someone guide me to this. Any efforts will highly appreciated.
elw...@wazuh.com
Nov 11, 2022, 3:47:39 AM11/11/22
to Wazuh mailing list
Hello, vyom
Assuming that you have configured Wazuh to accept the Syslog connection and receive messages using remote block (https://wazuh.com/blog/monitoring-network-devices-wazuh-hids/). you can enable logall_json (https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/global.html?highlight=logall#logall-json) option and then retrieve the logs received of Watchguard logs from the file /var/ossec/logs/archives/archives.json.
Please share the example of the log from archives to help you create custom decoders/rules if it is not covered by default.
Regards,
Wali
Assuming that you have configured Wazuh to accept the Syslog connection and receive messages using remote block (https://wazuh.com/blog/monitoring-network-devices-wazuh-hids/). you can enable logall_json (https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/global.html?highlight=logall#logall-json) option and then retrieve the logs received of Watchguard logs from the file /var/ossec/logs/archives/archives.json.
Please share the example of the log from archives to help you create custom decoders/rules if it is not covered by default.
Regards,
Wali
Reply all
Reply to author
Forward
0 new messages