Hello Gopans, Thanks for using Wazuh!
To help you in this case the best way will be that you post here a few examples of the events you are trying to filter. By this way, I can analyze the fields that comes inside those logs. I would like that you share with me the details about some questions. How do you want to send the logs from the primary to the secondary server? Where do you want to filter those logs, inside dashboards or directly at the alerts/archives files? I will be waiting for your answer. On Sunday, January 16, 2022 at 3:10:48 PM UTC+1 Gopans wrote: > Dear All, > We are a newbie for configuring Wazuh for monitoring logs from Active > Directory.We need to cature logs of Domain Controllers and we need to > filter the logs according to One Particular OU or IP Range .Logs getting > captured and its showing in Wazuh Dashboard and we enabled json logs all on > config.But we are facing difficulty in filtering the logs and we need to > send the filtered logs to secondary siem server which is possible (sys_log > out put and server).But we could not figure out how to filter the logs > according to OU or IP Addres range > Kindly help as we need the same urgently > Thanks & Regards > Gopakumar > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/799d762c-b906-4e5a-8631-4677a7afe8d8n%40googlegroups.com.
