Github
Team

Creating logs for every event

If we want Wazuh to create logs for every event that happens on the endpoint, we need to make some modification.

Edit ossec.conf in the Wazuh manager

/var/ossec/etc/ossec.conf
    <ossec_config>
        <global>
--          <logall>no</logall>
++          <logall>yes</logall>  
--          <logall_json>no</logall_json>
++          <logall_json>yes</logall_json>
        </global>
    </ossec_config>
PreviousLog BehaviourNextAdding custom Wazuh Rules

Last updated