Wazuh | Mailing List

Hello, I installed Wazuh on a server (NO VM) and there were no errors. However, when I started

Thank you so much Nazmur for your update and escalation. On Friday, December 5, 2025 at 1:01:22 AM

Hi Olamilekan Abdullateef Ajani thank you so much for your answer today I tried uninstall wazuh and

Hello Again, Based on the decoder I shared and what you are trying to achieve, you need to tell the

Hello Max, Yes, multiple Dashboard nodes are supported for high availability, though it requires some

Here some links that maybe can help you https://medium.com/@enes.ismaili/sonicwall-wazuh-integration-

Hey Ariel, Thank you for your time. Unfortunately, your decoders do not work in my environment. They

Hello, Based on what you have said so far, Wazuh is able to accept logs from the rsyslog server, so

Hi. This looks more like Wazuh alerts are being generated but not indexed. You can verify this by: -

Hello Alex, Here are some steps that should help you figure out the issue: Initial Diagnosis The

Hey Max, The password is actually stored in your indexer nodes and is updated across all nodes

Hello Johny, I apologize for missing the disk usage detail in your screenshot. The /var/log partition

Hello Riccardo, The problem seems to be with the way you have declared Wazuh to read the file, your

Hello, if I understand you correctly, you want to monitor the Docker host and container logs. You can

I need to make the Wazuh OVA a static IP. I've modified the ifcfg-eth0 file, located in "/

Hi Gokul Wazuh sent Azure logs using Log Analytics, Storage Accounts, or Microsoft Graph. Activity

One more question, how do I actually verify the geoip actually worked? It should be shown in wazuh

Thank you so much for your answer Natalia So we need to upgrade to a higher version El martes, 2 de

Thanks for the update 🙌 Good luck. On Wednesday, December 3, 2025 at 2:00:40 PM UTC+1 j885...@gmail.

Thank you so much for your help. Em quinta-feira, 4 de dezembro de 2025 às 07:23:03 UTC-4, Jorge

Hello Julian, I shared some documentation earlier, I think you should probably look at it for further

I created a new index pattern, and for some reason, every time a new index is created, it assigns

Currently, log compression takes place at midnight. This behavior, along with other log rotation

What is Document_ID? Do I have to execute this POST for each alert index I have? El jueves, 4 de

Hi This was the response I got from the development team "Our IT Hygiene module mirrors the

Hi Franco, thank you for your response. This issue occurred on our testing instance of Wazuh, and we

You can also check the release notes to find out what the major changes are in the recent versions.

Hello, I am encountering the same issue it seems, after upgarding from 4.12 to 4.14: filebeat setup -

Yes, possible. The Sysmon event 22 was an example use case. The script I have shared previously looks

correction : 1. The only warnings on /var/ossec/logs/ossec.log file is about agent connection On