Replies: 1 comment
-
|
Hi Bitemir, Wazuh has different log collection methods. Check this comment for your reference: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html The Wazuh server can collect logs via syslog from endpoints. https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html You can also forward the logs with Rsyslog. From network devices to a syslog client (e.g. rsyslog in Ubuntu) and then to a file to be read by wazuh-agent/manager (logcollector). Here are some links with example configurations for this case: https://documentation.wazuh.com/current/cloud-service/your-environment/send-syslog-data.html I will suggest using the method with Rsyslog, as Rsyslog is more scalable. After forwarding the logs to the Wazuh manager, you might need to write decoders and rules to trigger alerts on the Dashboard. Check this document to get help with the rules and decoders https://documentation.wazuh.com/current/user-manual/ruleset/index.html Let me know if you need any further assistance. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
Do you have some way to integrate officially fortinet with wazuh?
Beta Was this translation helpful? Give feedback.
All reactions