We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When I use the wazuh-puppet module in Ubuntu 18.04, the default localfile config
<localfile> <log_format>syslog</log_format> <location>/var/log/syslog</location> </localfile> <localfile> <log_format>syslog</log_format> <location>/var/log/dpkg.log</location> </localfile> <localfile> <log_format>syslog</log_format> <location>/var/ossec/logs/active-responses.log</location> </localfile> <localfile> <log_format>command</log_format> <command>df -P</command> <frequency>360</frequency> </localfile> <localfile> <log_format>full_command</log_format> <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command> <alias>netstat listening ports</alias> <frequency>360</frequency> </localfile> <localfile> <log_format>full_command</log_format> <command>last -n 20</command> <frequency>360</frequency> </localfile>
Which comes from manifests/params_manager.pp#L317
However kern.log auth.log mail.log did exist in Redhat default local files manifests/params_manager.pp#L375 and they used to exist in Debian default local files manifests/params.pp#L51
kern.log
auth.log
mail.log
Also note that if I just sudo apt-get install wazuh-manager, the default config includes kern.log auth.log as well.
sudo apt-get install wazuh-manager
I think some rules rely on these log files, i.e. without these localfile configs these rules will never be triggered, right? For example
So what's the rationale behind removing these defaults? Or they were removed by accident?
The text was updated successfully, but these errors were encountered:
Hi @jchenrev!
Thank you for your review. This way Wazuh gets improved by our community contributions.
I'll be comparing the list of the files included in wazuh-puppet configuration and the latest default config. from wazuh-manager and wazuh-agent.
wazuh-puppet
wazuh-manager
wazuh-agent
Kr,
Rshad
Sorry, something went wrong.
Hi @jchenrev
The missing paths were added in 5bde8e3.
rshad
No branches or pull requests
When I use the wazuh-puppet module in Ubuntu 18.04, the default localfile config
Which comes from manifests/params_manager.pp#L317
However
kern.log
auth.log
mail.log
did exist in Redhat default local files manifests/params_manager.pp#L375 and they used to exist in Debian default local files manifests/params.pp#L51Also note that if I just
sudo apt-get install wazuh-manager
, the default config includeskern.log
auth.log
as well.I think some rules rely on these log files, i.e. without these localfile configs these rules will never be triggered, right? For example
So what's the rationale behind removing these defaults?
Or they were removed by accident?
The text was updated successfully, but these errors were encountered: