Hello Elvis,
What is the Wazuh version of your OVA? I just tried the integration of the link you shared in a Wazuh installation by sources and it worked well for me. In any case, neither the installation mode nor the Python contained in the OVA should affect as the script uses Wazuh's embedded Python (which you can find at
/var/ossec/framework/python/bin/python3). This Python is at version 3.x since Wazuh 4.0 and even earlier, so this shouldn't be a problem.
There are a few things you can check to see if they are configured correctly:
- First, make sure you've created a bash script on this path /var/ossec/integrations/custom-telegram and that the content includes everything between lines 3 and 37 of the link you shared. That is, make sure it contains everything shown here: custom-telegram.
- Make also sure that you have created a Python script in /var/ossec/integrations/custom-telegram.py and that it contains everything that is shown between lines 43 and 79 of your link: custom-telegram python script.
- Inside the Python script that you created in step 2, make sure to fulfill the CHAT_ID variable (CHAT_ID="") that is found here. You should write the ID of the conversation to where the bot should send the alerts. For instance, in my case, it looks like this: CHAT_ID="143544397". This step is very important, if you do not specify any chat_id, the bot won't be able to send you anything. I will explain how to get said CHAT_ID in the annex.
- Check if the user and permissions of the custom-telegram and custom-telegram.py scripts were correctly applied as specified here.
- Make sure to replace *YOUR API KEY* with your bot key in the configuration block that you have to add in the Wazuh ossec.conf file. It should look similar to this: <hook_url>https://api.telegram.org/bot4935339560:ALPLyMN8qThtMA9d3nKqEK361AfY-1unrJ7/sendMessage</hook_url>
- Do not forget to restart Wazuh manager after all these steps: service wazuh-manager restart
AnnexGetting a Telegram API KeyYou need to search for @BotFather in Telegram. The process is then quite simple, just type
/newbot and follow the instructions. It should give you an API key as shown in the image below:
Getting Chat IDOnce you have created your bot, you must access the following link from your browser, replacing
*YOUR API KEY* with the API key that you have been provided:
https://api.telegram.org/bot*YOUR API KEY*/getUpdatesThen, within Telegram, access your new bot and press
/start or write something to him. After doing so, go back to the browser and reload the previous link. You should see a JSON with information about what happened. Search it for the content of the
id key within the
chat field. This is what you are looking for:
![telegram_chat_id.png](https://groups.google.com/group/wazuh/attach/479630bb02a1/telegram_chat_id.png?part=0.2&view=1)
Hope this solves your problem. Let me know otherwise.
Regards,
Selu.