This is the documentation for Wazuh 3.2. Check out the docs for the latest version of Wazuh!

util.sh

The util.sh shell script can add a log file to be monitored by ossec-logcollector. It can also add a full_command to check for changes to a website, or for changes to the nameserver of a domain.

A blogpost from Daniel Cid (for 3WoO) introduced this utility.

addfile <filename> [<format>]

Add a log file to be monitored by ossec-logtest

A local file will be added to the ossec.conf

addsite <domain>

Monitor a website for changes.

A full_command will be added to the ossec.conf using lynx to dump the initial page.

A rule can be written to monitor this output for changes.

Requires lynx

adddns <domain>

Monitor the nameserver of a domain for changes.

A full_command will be added to the ossec.conf using the host command.

Note

addsite may not be useful on pages with dynamic content.

Note

addns Requires the host command.