Wazuh Licensing Infromation
445 views
Skip to first unread message
Muhammad Samiul Haq
Oct 17, 2023, 3:49:32 AM10/17/23
to Wazuh mailing list
Dear All,
Can anybody guide on wazuh licensing.
1) How many devices can be added in wazhu free licences. is there any upper cap on number of devices or Limit on EPS.
2) How network devices and firewall logs can be integrated with Wazhu.
REgards,
M. Samiul Haq.
Emiliano Zorn
Oct 22, 2023, 11:32:30 PM10/22/23
to Wazuh | Mailing List
Hello Muhammad! Hope you're doing good.
Regarding your questions:
1 - You can add as many devices as you want, there's no Premium or Fremium stage in Wazuh.
Wazuh is commercially free and uses the open-source approach to security.
There's no limit on EPS, but you will have to make sure that the resources available in the Wazuh Cluster are sufficient to obtain the correct functioning of the system.
2 - We can solve this in two different ways:
Forward Syslog events
Wazuh agents can run on a wide range of operating systems, but when this is not possible due to software incompatibilities or business constraints, you can forward syslog events to your environment. This is a common use case for network devices such as routers or firewalls.
Agentless monitoring
Agentless monitoring allows you to monitor agentless devices or systems via SSH, such as routers, firewalls, switches, and Linux/BSD systems. This allows users with software installation restrictions to meet security and compliance requirements.
Alerts will be triggered when the checksum of the output changes and will display the exact checksum or diff output of the change, routers or firewalls.
Links to the documentation can be found in the subtitle hyperlink.
Forward Syslog events
Wazuh agents can run on a wide range of operating systems, but when this is not possible due to software incompatibilities or business constraints, you can forward syslog events to your environment. This is a common use case for network devices such as routers or firewalls.
Agentless monitoring
Agentless monitoring allows you to monitor agentless devices or systems via SSH, such as routers, firewalls, switches, and Linux/BSD systems. This allows users with software installation restrictions to meet security and compliance requirements.
Alerts will be triggered when the checksum of the output changes and will display the exact checksum or diff output of the change, routers or firewalls.
Links to the documentation can be found in the subtitle hyperlink.
It
may be that the configuration is correct and the logs are being
ingested, but the alert level is low (0-1 or 2) and they are not being
sent to the dashboard.
To corroborate that the logs are being ingested:
The file /var/ossec/logs/archives/archives.json contains all events whether they tripped a rule or not. This is sent to cold storage if the setting logall_json is set to yes.
The file /var/ossec/logs/alerts/alerts.json contains only events that tripped a rule with high enough priority, according to a configurable threshold. This is always sent to cold storage
Regards.
Reply all
Reply to author
Forward
0 new messages