參考自 https://github.com/wazuh/wazuh-kibana-app/issues/1884
架構說明
FTG-VM(.254)(syslog)
--->Wazuh(.160)(Rsyslog)
--->Wazuh-Agent(localfile)
--->Wazuh(WEB UI)
==================================
vi /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
if $fromhost-ip startswith '192.168.100.254' then /tmp/forti/syslog.log
& ~
==================================
vi /var/ossec/etc/ossec.conf
<localfile>
<log_format>syslog</log_format>
<location>/tmp/forti/syslog.log</location>
</localfile>
===================================
Demo
沒有留言:
張貼留言