DEVHIDE
Login Or Sign up

Wazuh Manager Logging Issue

100 Views Asked by At

is it possible to stop wazuh logging its own manager but still logs the agents insted? I've been lookin for this for hours but still can't managed somehow.

I've configured a Slack integration to my Wazuh with Level 6 Minimum, but its spamming with Wazuh-Manager's alerts. I wanted to stop the Manager Log but don't want to stop the Agent Logs.

Cheers

slack wazuh
Original Q&A
1

There are 1 best solutions below

0
On

What you can do is identify the ones you want to delete and create a custom rule that deletes them for the manager's agent.

To delete an alert, you must set a custom rule for the alert you want to delete and set its level to 0.

For example:

 <rule id="100003" level="0">
    <if_sid>12345</if_sid>
    <description>Rule suppression</description>
 </rule>

To create a rule.

To create a custom rule.

To filter by the manager agent, you can use the hostname tag.

Related Questions in SLACK

Related Questions in WAZUH

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.