Let me know if this information is useful to you! I expend a lot of time setting my email account, but now it's working, I let you an example report picture.
You can use any event number that want, try to use any frequently event just for test, I created a custom rule to have more control of the test.Ĭould you share your Reports configuration? I forced a day change by system just to start the report, and the email contains a complete report. Where I collect events from, I pasted 2 o 3 times the example log in text.txt file and save changes,ĭec 10 01:02:02 host sshd: Failed none for root from 1.1.1.1 port 1066 ssh2Īgent collect it and sent to manager, the manager process it and trigger my custom rule.
So I defined a test.txt file into Agent, and set following config into nf agent side. Sshd: authentication failed from IP 1.1.1.1.Īuthentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,Īnd the example log that trigger that rule looks like following: Dec 10 01:02:02 host sshd: Failed none for root from 1.1.1.1 port 1066 ssh2 I did some test in my local environment, and it works, the configuration is:ġ00001 I defined a local rule /var/ossec/etc/rules/local_rules.xml I would like to know which Wazuh version do you have?
0 kommentar(er)
