How to check if syslog is working
109 views
Skip to first unread message
Jan Jimwell Panganiban
Oct 15, 2023, 10:54:42 PM10/15/23
to Wazuh | Mailing List
How I will check is the syslog is properly working
I enable the syslog server configuration on wazuh how I will check if its working and how I visualized the logs send from my device through syslog to wazuh dashboard to monitor
Harshal Paliwal
Oct 16, 2023, 6:09:00 AM10/16/23
to Wazuh | Mailing List
Hi Jan,
If there is no error in the logs you can validate if you are getting the logs into the /var/ossec/logs/archives/ directory and test if they are decoding with the default decoder or not.
Thanks for using the Wazuh.
Can you please share what configuration you have provided to Wazuh?
Can you please share the output of the following command?
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
You can follow the below document for more info.
If there is no error in the logs you can validate if you are getting the logs into the /var/ossec/logs/archives/ directory and test if they are decoding with the default decoder or not.
If no decoder matches then you need to create the custom decoder and rules.
I hope this helps. Please let us know if you need any further support.
Regards,
Regards,
Reply all
Reply to author
Forward
0 new messages