Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: mrmanuel on April 08, 2025, 10:04:30 AM

Title: Wazuh - How to get the filterlogs?
Post by: mrmanuel on April 08, 2025, 10:04:30 AM
Hello,

I'm new to Wazuh and installed it a few days ago. I see some logs from OPNsense in Wazuh but the logs from the filter are missing. I followed the instructions at https://docs.opnsense.org/manual/wazuh-agent.html but unfortunately they did not help me.

On OPNsense under "Services -> Wazuh Agent -> Settings -> Applications" I also selected filter (filterlog) and firewall (firewall).

Is there anything else needed to get the filter logs into Wazuh?
Title: Re: Wazuh - How to get the filterlogs?
Post by: jobraun2 on April 09, 2025, 09:44:08 PM
Do you have archive logs enabled in Wazuh? (wazuh-archives-* index)
Title: Re: Wazuh - How to get the filterlogs?
Post by: mrmanuel on April 10, 2025, 10:01:19 PM
Thanks, that was the correct hint to find the needed steps!

Here are the required steps:

- Enabling archiving (https://documentation.wazuh.com/current/user-manual/manager/event-logging.html#enabling-archiving)
- Visualizing the events on the dashboard (https://documentation.wazuh.com/current/user-manual/manager/event-logging.html#visualizing-the-events-on-the-dashboard)
- Wazuh dashboard (https://documentation.wazuh.com/current/user-manual/manager/event-logging.html#wazuh-dashboard)
Text only | Text with Images