-
Hi all, I am having problems collecting logs to be sent over to Wazuh from my MeshCentral server. Here's what I am trying to achieve:
I have already installed the Wazuh agent in my MeshCentral server and it can collect logs defined in ossec.conf such as auth.log and syslog which are located in /var/log and /var/ossec/logs/active-responses.log respectively. Based from what I understand, those web login event logs are going inside a database file. In my case, I haven't used MongoDB so NeDB is the default. I saw that those events are in a database file called meshcentral-events.db. So what I did was to create a javascript that would collect the contents of that database file and output it to a .json file --- and then I defined the directory of that JSON file in Wazuh agent's ossec.conf. I'd also want to add:
There were no generated files after I did that. Nonetheless, after trying to do a web login test, it doesn't send it over to my Wazuh manager which is already configured to receive and read JSON files. The JSON file was able to collect contents of the meshcentral-events.db though. Does anyone know or has already the same experience with Wazuh? Please let me know. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
the is no value called meshcentral also supports and you can also specify we sadly dont have any descriptions as to what each values does in the schema file! EDIT: below is from the schema file but checking the code, it shows that each value can also be
|
Beta Was this translation helpful? Give feedback.
the is no value called
logFile
inside the schema file, you should useauthLog
insteadthis will create a fail2ban like file which you can phase and send to your logging system
meshcentral also supports
syslog
,syslogauth
andsyslogjson
which output information into your syslog fileand you can also specify
syslogtcp
which sends syslog info over your network via TCPwe sadly dont have any descriptions as to what each values does in the schema file!
if you try each of them and let us know what they do, i can add it into the descriptions for others!
EDIT: below is from the schema file but checking the code, it shows that each value can also be
true/false
as well as astring