Wazuh | Mailing List

Hi Stefano, The agent logs are fine, and so is the manager side. From the JSON inventory you shared,

Hi Brenno, If the agent cannot connect directly to the Wazuh manager, you may still be able to make

Hi chao, I created an Active Response script that kills the Notepad process whenever FIM detects a

Thanks, exactly what I was looking for. On Friday, April 3, 2026 at 1:00:36 AM UTC-4 Md. Nazmur Sakib

Thank you for the detailed guidance. I will review the agent side logs and configuration as suggested

Hello! AI tools can be helpful for creating rules and decoders, but it is important to review them

Hello ;) Just for you to know, i don't know if this is rellevant but error is back since a few

Yes, include if_group and use agent.name instead of hostname <rule id="100051" level=

I see what you mean. Ok, it's true, event ID 4104 does include a SID but it is located in the

If you don't need the archive logs, you can just disable them as I mentioned above and they will

Hi, Let me address each of your points one by one. a) Processing order You are close, but the

Hi, Thanks for the details, this helps a lot. From the logtest output, decoding and rule matching are

Hi, Thank you for your very detailed response and I seem to have gotten the gist of things now! :)

Hello Olamilekan, thank you for your clearance and suggestion. Regards, Chandra On Tuesday, March 31,

Hi, The mapping errors can be found in filebeat logs. Located at /var/log/filebeat/filebeat. Whenever

Hi Veera, Also, please see similar issues below. https://www.reddit.com/r/Wazuh/comments/1i133si/

Hi, I am glad this has been resolved and thank you for the feedback. Regards, On Monday, March 30,

Additionally, I want to ensure that the indexers can continue receiving logs without any issues.

Hi Gerald, I am glad that decoders are working and you are able to see the logs on the dashboard.

Hi, From the screenshot you shared, it appears that the issue is related to field data type conflicts

Hello Roman, Thanks for the update. I'm going to look into whether this interleaving behavior is

Hello Ali, As of now, the supported means for this is via downloading the reports manually from the

Hello Amaury, Directly from my personal research or experience, I haven't seen, and you can drop

Hi Nhan Nguyen, First, the correct ownership command should be: chown root:wazuh /var/ossec/etc/

Hi Kevin, The built-in rules haven't fully caught up with GitLab's JSON log formats yet.

Hi Evair, If you need those old logs ingested to Wazuh, you may need to create a new file, add the

Hi Shreya, I suggest you follow the steps I shared from the Wazuh manager side with Postfix. Later,

Hello Leo, Your syntax is not accurate. Please refer to this documentation on configuring email

Hello Guilherme, As far as I know, that cannot be done from the custom dashboard editor. The tabs you

Hi, Thank you for your query. Based on the current capabilities of the Wazuh Dashboard (OpenSearch