Hello Juanjo, Thank you for the reply The problem is that I can see the logs of the Sonicwall on the directory /var/ossec/logs/archives But I don't see them on /var/ossec/logs/alerts
I receive the logs on Archives folder , but I don't receive any alert about them on alerts.json The question is : How to move the Sonicwall syslogs to the Alerts.json file ? Thanks Mikeli On Wednesday, May 23, 2018 at 5:53:11 PM UTC+2, Juanjo Jiménez wrote: > > Hello Mikel, > > If you're getting Sonicwall alerts on the alerts.json file, you can see > them in Kibana. Currently, we don't have a specific tab for Sonicwall > alerts, but you can go to the *Overview* tab, and you'll see a search bar > (circled in red) where you can type the following: > rule.groups: sonicwall > > And press enter. This will filter the alerts by this group. You can also > open the *Discover* view (circled in red) to see the alerts in a > list-view mode, just like on Kibana's Discover tab on the left sidebar. > > > <https://lh3.googleusercontent.com/-jtRSbeXeqps/WwWKq39XVsI/AAAAAAAAAIk/jP_IS45b-M4SfDp5et5GvCagt6mw7UMrgCLcBGAs/s1600/searchbar.PNG> > > Let me know if this works for you. > > Regards, > Juanjo > > El miércoles, 23 de mayo de 2018, 15:21:57 (UTC+2), Mikel Sheshi escribió: >> >> Hello , >> Is there any way to send sonicwall soslogs on Kibana dashboard (Wazuh >> server) >> I have set the logall option to "Yes" on ossec.conf >> <jsonout_output>yes</jsonout_output> >> <alerts_log>yes</alerts_log> >> <logall>yes</logall> >> I receive the logs on the /var/ossec/logs/archives >> >> But I want to see the alerts on Kibana dashboard gui >> >> >> - The file /var/ossec/logs/archives/archives.json contains all events >> whether they tripped a rule or not. >> - The file */var/ossec/logs/alerts/alerts.json* contains only events >> that tripped a rule. >> >> I want to see the sonicwall syslogs on alerts.json on Kibana in the same >> way that I see the wazuh agent logs >> >> Thanks >> Mikeli >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.