I quote the documentation:
QuoteSelecting which logs to ingest
Our Wazuh agent plugin supports syslog targets like we use in the rest of the product, so if an application sends its feed to syslog and registers the application name as described in our development documentation it can be selected to send to Wazuh as well.
For Intrusion detection we can send the events as well using the same (eve) datafeed used in OPNsense, just mark the Intrusion detection events in the general settings.
But what does it mean?