Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.
The purpose of this process is the identification of application or system errors, mis-configurations, intrusion attempts, policy violations or security issues.
The memory and CPU requirements of the Wazuh agent are insignificant since its primary duty is to forward events to the manager. However, on the Wazuh manager, CPU and memory consumption can increase rapidly depending on the events per second (EPS) that the manager has to analyze.
- How it works
- Are the logs analyzed on each agent?
- How often does the manager monitor the logs?
- How long are the logs stored on the server?
- How does this help me with regulatory compliance?
- What is the CPU usage like on the agents?
- From where can Wazuh get log messages?
- Can I send firewall, VPN, authentication logs to Wazuh?
- What information should Wazuh extract from my logs?
- Can I ignore events that are not important?