No, the manager gets the logs from all the agents and then analyzes the messages.
Archived logs are not automatically deleted. You choose when to manually or automatically (i.e., cron job) delete logs according to your own legal and regulatory requirements.
Log analysis is a requirement for : PCI DSS Compliance, HIPAA Compliance, FISMA Compliance and SOX Compliance.
The memory and CPU requirements of the agent are insignificant because it mostly just forwards events to the manager. However, on the manager, CPU and memory consumption can increase quickly depending on the events per second (EPS) that the manager has to analyze.
Wazuh can read log messages from text log files, Windows event logs and event channels, and also via remote syslog. Logs are monitored in real time.
Yes. Wazuh has the capability to receive and process logs from devices that send logs using the syslog protocol. You can create custom decoders and rules for your device-specific logs.
This depends on your needs. Once you know the format of your application logs and the typical events, you can create decoders and rules for them.
You can configure the rules to ignore certain events. More info: Custom rules