Great work on the video. Thank you for saving me some time! 😊

thanks for the concise and clear video much appreciated

Great Video Man, thanks for the insight 😊

@taylorwalton_socfortress

2 жыл бұрын

Thanks for watching :)

Amazing video, thank you so much, you are a life saver for a project I'm working!! For linux users remember that the logs on your client are stored in /var/log/syslog

Great video, really helped set up the transmission. You mentioned transferring data from network devices such as Cisco. Maybe there are ready-made dashboard templates and how to process this data?

Great Content , Thanks for video

@taylorwalton_socfortress

3 жыл бұрын

Hey Sefraoui, thanks for watching!

I love you guy

Great video, but do you have a video that integrates with edr solutions

Thank so mush , can you make a video to integrate pfsnes firewall and Email server

Great video!! I used your Docker video to get the Wazuh cluster setup and running. Works great. Question. Under Settings and Configuration, i don't seem to have the "edit configuration" option. Any idea how i can get that to show up? Having that would be SO MUCH EASIER than trying to do it from inside the docker container using VI! Thanks

@chadmarkley

2 жыл бұрын

NM, found it!

Hope for next video, fortigate sync with wazuh

dear taylor, what happen if the server its full with the logs, how do you delete the logs that are into the wazuh server?

como estas muy buen video , pero quiero saber como puedo integrar un waf imperva con wazuh por medio syslog , para que los eventos se vean en el dashboard.

As far as I know, syslogs are sent in plain text, so I guess it wouldn't be recommended to use this method when the Wazuh Server is on a hosted VM in another Network. Is there a solution to this?

Can you add multiple address ranges for allowed ips in the same block or do you have to create a new block for each entry for syslog?

@taylorwalton_socfortress

2 жыл бұрын

Hey Jason, you will need to add a new 192.168.2.0/24 block that details the new CIDR range. Thanks for watching!

Hi Taylor. Thanks for a great video. I've been able to setup syslog on a firewall and linux machine. I see the syslog packets hitting the Wazuh Manager. unfortunately, I don't see any alerts in the "discover". Any ideas what I'm doing wrong?

@seyladamarisgomez7488

Жыл бұрын

Hi Rakesh! Did you continue with this problem? Regards.

@rakeshbaboeram1808

Жыл бұрын

@@seyladamarisgomez7488 unfortunately not

@ryanhall5059

8 ай бұрын

I'm on a fresh install and having this issue also. I have pulled wireshark and have confirmed syslog is being sent to the server. Just nothing shows up.

Hi! I'm having the issue "Kibana service is not ready yet" . Am I doing something wrong?

Thanks for video. It was a life saver ( gaplan )

@taylorwalton_socfortress

3 жыл бұрын

Thanks for watching!

Hello first of all thanks for video, Syslogs from Synology do not appear on wazuh. When I listen to port 514, I see messages coming, but the messages do not appear in the discover section. It was written in some forums that it could not be solved because it came in rfc3164 message format. When I write the log to the test decoder section, I get the error "decoder not found". Any idea?

@tamaskiss6379

4 ай бұрын

Hi, i have this problem too. Did you find any solution?

hey, great video! do you have any tutorials on viewing apache logs on Wazuh?

@taylorwalton_socfortress

2 жыл бұрын

Hey Safwan, I have not done a video regarding apache specifically, but the process should be the same. If you have a wazuh-agent running on your apache server, configure this block in the ossec.conf syslog /path/to/apache.log There are already decoders built for apache logs so you should start to see results after you restart the wazuh agent. Hope that helps and thanks for watching!

I am missing something... I have configured my Fortigate to forward logs to the Wazuh Manager. I see them in the Archives.json and the Archives.log. I do not see them in the dashboard of Wazuh. Following another tutorial that has since been taken down from YT, it has 2 Decoder files installed. What am I missing?

@taylorwalton_socfortress

2 жыл бұрын

Hey Chris, if it is writing to the archives.json then that is telling me Wazuh is receiving the logs, so that's good. What it is probably lacking is a decoder and rule to match on the ingested logs. Only logs that are matched are written to the alerts.json file and allows you to view them in kibana. A good way to test is copy the log entry within the archives.json and run the /var/ossev/bin/ossec-logtest , paste in the copied log entry, and see what Wazuh outputs. From there you can start to build decoders and rules to match. Hope this helps!

can you paste all the commands that are in your notepad?

Hi, anyone tell me that how can I confirm that my linux rsyslog is coming in wazuh dashboard how to check that?? How to configure rsyslog of kali linux without adding as an agent??

Great video. i have a question how to get application logs (api/http)in wazuh and how do i visualize in kibana thanks in advance

@taylorwalton_socfortress

2 жыл бұрын

Hey Arun you will need to enable the logs to be forwarded to the Wazuh manger. We did something similar with nginx logs here: kzread.info/dash/bejne/m3x6vI-KdLe-ZtI.html Let me know if you have other questions and thanks for watching!

In my case I use opendistro and kibana and wazuh and filebeat on different servers, in sysloghost which ip do I need to set? Since the opendistro opens the interface of the wazuh config.

@taylorwalton_socfortress

2 жыл бұрын

You will need to point your syslog host to the IP of the Wazuh Manager. Wazuh will take those logs and send them to elastic.

@marciolima174

2 жыл бұрын

@@taylorwalton_socfortress Thanks.

Do you have videos that share how to develop Wazuh SIEM dashboard?

@user-jw3mx8we8h

4 ай бұрын

its easy you can follow documentation

Hey open Secure, make a video how to integrate Azure Activity log onto wazuh. Thanks

@taylorwalton_socfortress

2 жыл бұрын

Hey Numan, good idea, I will look to make that possible! Thanks for watching

I am unable to use the public ip addresses. Like my syslog server is located on different AWS server and wazuh manager is located on different location. So how do I connect these with the public ip address. I am unable to use the public address in wazuh conf file.

@zedtrek

4 ай бұрын

Not sure would be a good idea to expose that kind of traffic anyway. I would use a VPN..

any idea on how to integrate fortinet logs to wazuh??

@taylorwalton_socfortress

2 жыл бұрын

Hey Chris, I do not have experience with Fortimet but this guide should help: docs.fortinet.com/document/fortianalyzer/7.0.2/administration-guide/19991/configuring-log-forwarding. Just need to point to the wazuh manager

@ryoka1g

2 жыл бұрын

@@taylorwalton_socfortress i actually managed as it was fairly simple (i guess syslog to syslog lol) now im trying to learn how to analyse these syslogs and find any attacks or smth

pleasesusbscribe... ready!!, great job.