Creating logs for every event

If we want Wazuh to create logs for every event that happens on the endpoint, we need to make some modification.

Edit `ossec.conf` in the Wazuh manager

/var/ossec/etc/ossec.conf

    <ossec_config>
        <global>
--          <logall>no</logall>
++          <logall>yes</logall>  
--          <logall_json>no</logall_json>
++          <logall_json>yes</logall_json>
        </global>
    </ossec_config>

PreviousLog Behaviour NextAdding custom Wazuh Rules

Last updated 6 months ago

Edit ossec.conf in the Wazuh manager

Edit `ossec.conf` in the Wazuh manager