AWS Cloudwatch logs and RDS DB logs
131 views
Skip to first unread message
Eric Martinez
Aug 4, 2021, 10:55:51 PM8/4/21
to Wazuh mailing list
Where does wazuh save collected events from aws cloudwatch? I need to see those logs to create my decoders and rules for AWS RDS. Thanks in advance
Jose Cruz Lopez
Aug 5, 2021, 3:47:06 AM8/5/21
to Wazuh mailing list
Hello,
To see those logs, you need to enable the logall option in the global section of the ossec.conf file and restart the manager, if everything is good, the manager should be running fine.
This option allows Wazuh to store in /var/ossec/logs/archives/archives.log every event generated, doesn't matter if it generated an alert or not.
Using the events stored there, you will be able to create your own rules and decoders, you can have more information about it here: https://documentation.wazuh.com/current/user-manual/ruleset/custom.html
I hope this helps, if you have any further questions, please do not hesitate to ask us. Best regards.
To see those logs, you need to enable the logall option in the global section of the ossec.conf file and restart the manager, if everything is good, the manager should be running fine.
This option allows Wazuh to store in /var/ossec/logs/archives/archives.log every event generated, doesn't matter if it generated an alert or not.
Using the events stored there, you will be able to create your own rules and decoders, you can have more information about it here: https://documentation.wazuh.com/current/user-manual/ruleset/custom.html
I hope this helps, if you have any further questions, please do not hesitate to ask us. Best regards.
Reply all
Reply to author
Forward
0 new messages