Wazuh dashboard authentication logs

[Muhammad Farash P]

Hai all,

Does Wazuh have a mechanism to showcase wazhuh-dashboard login success and failure logs in the wazuh dashboard. Currently these logs are not displayed in wazuh dashboard. Is there a way to display these logs in wazuh dashboard.

Thanks and Regards,

Muhammad Farash P

[Gonzalo Membrillo Solbes]

Hello Muhammad,

The feature you are looking for is called audit logging. It's disabled by default, which is why you don't see it on the dashboard at the moment.

The method of enabling it depends on the indexer you are using.

If you are using Opensearch, you will need to add the following line to /etc/wazuh-indexer/opensearch.yml :

       

      plugins.security.audit.type: internal_opensearch

If you are using Elasticsearch instead, you will need to do set the xpack.security.audit.enabled to true in /etc/elasticsearch/elasticsearch.yml.

You can find more information on audit logging on each of their documentations:

https://opensearch.org/docs/latest/security/audit-logs/index/
https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html

Keep in mind that audit logging in Elasticsearch required a platinum subscription so, if you are using a basic license, you won't be able to enable this setting.

I hope you find this helpful. Do let us know if you need anything else.

Best regards,

Gonzalo

[Faber Andres Cubides]

Hello Team

I am facing the same requirement
I have reviewed the documentation
https://opensearch.org/docs/latest/security/audit-logs/index/
and I already configured my file
/etc/wazuh-indexer/opensearch.yml:
 plugins.security.audit.type: internal_opensearch
I have also set up audit logs.
I have recreated some failed session attempts but I don't know where I can see them. 

I would appreciate any help

[Faber Andres Cubides]

Hello everyone
Can anybody help me
Thank you