Select Page

Sending Wazuh syslog output to Precinct

Welcome Forums Integrations Sending Wazuh syslog output to Precinct

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • October 12, 2021 at 8:25 pm #3035
    Mike RiforgiateMike Riforgiate
    Keymaster

    Configuring Wazuh

    Note: For server IP, input the IP address of the Precinct Streamer node or All-In-One appliance.

    Note: Use level configuration to select specific alert levels to be sent to Precinct.  No level config will send all alerts (recommended).

    Syslog output is configured in the ossec.conf file. All of the available options are detailed in Syslog output.

     

    <ossec_config>
  <syslog_output>
    <format>cef</format>
    <server>WITFOO APPLIANCE IP</server>
  </syslog_output>
</ossec_config>

    The above configuration will send all alerts to Precinct.

     

    To send only level-specific alerts to Precinct, insert the level format as shown below

    <ossec_config>
  <syslog_output>
    <level>9</level>
    <format>cef</format>
    <server>WITFOO APPLIANCE IP</server>
  </syslog_output>
</ossec_config>

    The above configuration will send alerts to Precinct if the alert level is higher than 9.

     

    To apply the changes, restart Wazuh:

    1. For Systemd:  # systemctl restart wazuh-manager
    1. For SysV Init:  # service wazuh-manager restart

     

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.