Wazuh | Mailing List

Hello, still not working This decoder doesnt work and all office logs alerted by rule 1002 unknown

Hi Bony, Thanks for your support. I have made the changes in OSSEC as per the document, and I am now

Hello, the test is working. good so far On Monday, April 27, 2026 at 5:10:02 PM UTC+6 Md. Nazmur

cool cool cool On Monday, April 27, 2026 at 5:06:21 PM UTC+6 Md. Nazmur Sakib wrote: Hi, You can

Hi, I understand your issue. The /var/ossec/queue/db/ directory is used by FIM, Syscollector, and SCA

Hi MG, Realtime monitoring applies to both directories and files. For directories, it monitors all

Hi @ Musbau Adekunle Soladoye Help me with the information on my previous query .. On Tuesday, April

Hi bastian Caro Regarding your environment, can you tell me which version of Wazuh you're using?

Hello Spartan, Best way to do this is to filter from the Discover dashboard using the agent ID and

what is the proper way of changing wazuh dashboard password for multi node deployment?

Hello! Please review while mapping the user with the Wazuh API, you have given the correct permission

Update: Your destination alerts index will look like "dest": { "index": "

Hello Daniel, Good news, we checked the wazuh-indexer index directly and the vulnerability data for

Dear Md. Nazmur Sakib, I tried the decoder and ruleset you sent me, and when I applied them, an alert

Hi Aamir, There are no vulnerability alert triggers for the initial or baseline vulnerability scan.

Hi Brenno Try adding both use_own_name and a specific prematch to that child decoder: <decoder

In Wazuh, “logs” can refer to different data sources (agent logs, alerts, or events stored in the

Hi, Carlos I think is will help me: <syscheck> <disabled>no</disabled> <

Hi Diego, I was able to fix the issue. Again, it was simple permissions issue. Another problem I

Hi team, On Debian Trixie. /usr/bin/chsh /bin/passwd /usr/bin/passwd /usr/bin/chsh Is there a more

Hello! To achieve this, you need to modify the existing default decoders with the custom decoders. To

Hi , This is okay already, we created new wazuh instance and then migrated all data to it On

When it is possible to increase the shard limit, it is not advisable to increase the number too high

Hi, Apologies for the late response. From the shared manager log, it seems you have two issues. One

For that dashboard, it wont be possible to drill down. On Tuesday, April 21, 2026 at 5:23:28 PM UTC+1

The images you attached shows the conflict in data.EventCount is happening because different indices

Hello Domenica, Can you please share something similar to the log line below from archives.json file

Hi M Jones, Yes, this is possible. GeoIP data should be inserted before rule matching, so you can do

Hello team, Kindly help here. On Thursday, April 16, 2026 at 6:15:01 PM UTC+5:30 Suvadip Ghosh wrote:

Hi Isaac, I am glad that your issue has been resolved! On Monday, April 20, 2026 at 11:33:16 PM UTC+5