Warning: This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!
Configuring syslog output
Wazuh may be configured to send alerts to syslog as follows:
Configuration
Syslog output is configured in the ossec.conf file. All of the available options are detailed in Syslog output.
<ossec_config>
<syslog_output>
<level>9</level>
<server>192.168.1.241</server>
</syslog_output>
<syslog_output>
<server>192.168.1.240</server>
</syslog_output>
</ossec_config>
The above configuration will send alerts to 192.168.1.240 and, if the alert level is higher than 9, also to 192.168.1.241.
To apply the changes, restart Wazuh:
For Systemd:
# systemctl restart wazuh-manager
For SysV Init:
# service wazuh-manager restart