No, the manager gets the logs from all the agents and then analyzes the messages.
The manager monitors logs in real time.
Archived logs are not automatically deleted by default. However, you can choose when to manually or automatically (e.g., cron job) delete logs according to your own legal and regulatory requirements.
Log analysis is a requirement for: PCI DSS Compliance, HIPAA Compliance, FISMA Compliance and SOX Compliance.
The memory and CPU requirements of the Wazuh agent are insignificant since its primary duty is to forward events to the manager. However, on the Wazuh manager, CPU and memory consumption can increase rapidly depending on the events per second (EPS) that the manager has to analyze.
Wazuh can read log messages from text log files, Windows event logs and event channels, and via remote syslog. Logs are monitored in real time.
Yes. Wazuh has the capability to receive and process logs from devices that send logs using the syslog protocol. You can create custom decoders and rules for your device-specific logs.
This depends on your needs. Once you know the format of your application logs and the typical events, you can create decoders and rules for them.
You can configure the rules to ignore certain events that you feel are not important. For more information, see: Custom rules