How to collect secure syslog with fluentd
272 views
Skip to first unread message
ismailctest C
Jul 27, 2023, 2:45:21 AM7/27/23
to Wazuh mailing list
Hi,
How to collect secure syslog with fluentd.
syslog 1514 tcp forwarding from firewall, we need to collect the same in wazuh server and need to write the logds in new file, wazuh is collecting logs from this file.
Is there any direct option in wazuh to collect syslog tcp?
Can anyone share the fluentd configuration steps with tls certs?
Thanks in advance.
Farouk Musa
Jul 27, 2023, 9:14:38 AM7/27/23
to Wazuh mailing list
Hello
ismailctest C,
If i understand you correctly, your request is:
1. How use Fluentd to send logs to Wazuh server via Syslog using TLS
2. A way to directly send syslog to Wazuh server on TCP
In the first case, Fluentd does not have an official syslog output plugin however you can look at this project that supports an output plugin and also TLS https://github.com/fluent-plugins-nursery/fluent-plugin-remote_syslog
In the second case, yes you can send TCP directly to the Wazuh server using the remote tag. see our documentation for more information https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html
I hope this helps.
Reply all
Reply to author
Forward
0 new messages