F.O.S.S.O.C. || Free & open-source Security Operations Centre

Creating logs for every event

If we want Wazuh to create logs for every event that happens on the endpoint, we need to make some modification.

Edit `ossec.conf` in the Wazuh manager

/var/ossec/etc/ossec.conf

    <ossec_config>
        <global>
--          <logall>no</logall>
++          <logall>yes</logall>  
--          <logall_json>no</logall_json>
++          <logall_json>yes</logall_json>
        </global>
    </ossec_config>

PreviousLog Behaviour NextAdding custom Wazuh Rules

Last updated 1 year ago

Was this helpful?

Edit ossec.conf in the Wazuh manager

Edit ossec.conf in the Wazuh manager

Edit `ossec.conf` in the Wazuh manager

Edit `ossec.conf` in the Wazuh manager