Hey Taylor this is the most important video I have seen on Wazuh. Clearly that you are a very good hearted person. I hope everyone that is in a position to buy you a cup of coffee is doing that right now.
HI Taylor, thank you for the great video. I have tried to write a decoder for a Wildfly log, however it didn't work out. It is interesting that the pre-deconding phase extracts the timestamp from the full event. In my decoder I have tried to match the timestamp, even just one digit at the start of the line but it never matches the decoder. What am I missing?
Really depends on the specs (cpu and memory) dedicated to your wazuh manger....but if you start to run into issues, i recommend clustering the wazuh managers to enable more throughput
I have been waiting for this video for months, thank you!! It is necessary to activate/change something somewhere to use custom decoders? the parent decoder is not working for me (I have tested with your code and log sample. I have tested with just a few numbers in Decoders Tool with same result: No result found for:...)
@@taylorwalton_socfortress Well, I tried with logs from a Synology NAS. Every step was ok but, in Kibana I see the generated alert but is not showing the log content from NAS alert, instead I have: decoder.name-> synology-nas, full_log > lun 02 may 2022 10[:]11[:]20 CEST active-response/bin/restart[.]sh manager, location -> /var/ossec/logs/active-responses.log, why is that? The alert fields are showing other log content but with NAS decoder and rule fired, how it is possible? :( Thank you!
Hey Taylor this is the most important video I have seen on Wazuh. Clearly that you are a very good hearted person. I hope everyone that is in a position to buy you a cup of coffee is doing that right now.
Awesome video, thank you! I was really having a hard time understanding decoders in Wazuh, but this really clears things up for me. Thank you again!
Great explanation, thanks a lot Taylor!
This is solid content. Please keep it up.
Have you tried Enhance Speech from Adobe to improve the sound?
HI Taylor, thank you for the great video. I have tried to write a decoder for a Wildfly log, however it didn't work out. It is interesting that the pre-deconding phase extracts the timestamp from the full event. In my decoder I have tried to match the timestamp, even just one digit at the start of the line but it never matches the decoder. What am I missing?
Soo we don't need setup local file location on wazuh agent?
Thank bro, you help me solution problem stuck one day
My Man 👍
Great video!
Do you know the max EPS that wazuh (through syslog) can ingest and correlate?
Really depends on the specs (cpu and memory) dedicated to your wazuh manger....but if you start to run into issues, i recommend clustering the wazuh managers to enable more throughput
Great video
Very nice video, thank you very much !!!!
I have been waiting for this video for months, thank you!! It is necessary to activate/change something somewhere to use custom decoders? the parent decoder is not working for me (I have tested with your code and log sample. I have tested with just a few numbers in Decoders Tool with same result: No result found for:...)
Only thing you should need to do is restart the wazuh-manager service. Let me know if that still gives you issues.
@@taylorwalton_socfortress Well, I tried with logs from a Synology NAS. Every step was ok but, in Kibana I see the generated alert but is not showing the log content from NAS alert, instead I have: decoder.name-> synology-nas, full_log > lun 02 may 2022 10[:]11[:]20 CEST active-response/bin/restart[.]sh manager, location -> /var/ossec/logs/active-responses.log, why is that? The alert fields are showing other log content but with NAS decoder and rule fired, how it is possible? :( Thank you!
Hey Bro! You know how to automatization restart incidents in wazuh?