Back to Blog
Aws waf6/4/2023 Copy one of the events in your archives.log file, run the logtest tool and paste it inside. You can use our WAZUH_PATH/bin/wazuh-logtest tool for this. If you have AWS logs available in your WAZUH_PATH/logs/archives/archives.log this means that the module is working, so it remains to check if there are no rules that match these logs. Leaving it enabled could result in high disk space consumption. Note: Don't forget to disable the logall parameter once the troubleshooting has finished. By checking this file it is possible to determine if the AWS events are being sent to the analysis engine and therefore working properly. When this option is enabled, Wazuh stores into " WAZUH_PATH/logs/archives/archives.log" file every event sent to the analysis engine whether they tripped a rule or not. With this in mind, it is possible to make use of the logall. If the event matches any of the rules an alert is generated, which is what ultimately is shown in the Wazuh UI.
0 Comments
Read More
Leave a Reply. |