Documentation
  • Getting started
  • Installation guide
  • User manual
    • Overview
    • Wazuh server administration
    • Registering agents
    • Agent management
    • Capabilities
      • Log data collection
      • File integrity monitoring
      • Anomaly and malware detection
      • Monitoring security policies
      • Monitoring system calls
      • Command monitoring
        • How it works
        • Configuration
        • FAQ
      • Active response
      • Agentless monitoring
      • Anti-flooding mechanism
      • Agent labels
      • Vulnerability detection
      • VirusTotal integration
      • Vuls integration
    • Ruleset
    • RESTful API
    • Reference
  • Development
  • Docker
  • Deploying with Puppet
  • Deploying with Ansible
  • Using Wazuh for PCI DSS
  • AWS CloudTrail
  • Migrating from OSSEC
  • Release Notes
Documentation
  • Docs »
  • User manual »
  • Capabilities »
  • Command monitoring
  • Edit on GitHub

Command monitoringΒΆ

There are times when you may want to monitor things that are not in the logs. To address this, Wazuh incorporates the ability to monitor the output of specific commands and treat the output as though it were log file content.

Contents

  • How it works
    • Configure Wazuh agents to accept remote commands from the manager
    • Configure a command to monitor
    • Process the output
  • Configuration
    • Basic usage
    • Monitor running Windows processes
    • Disk space utilization
    • Check if the output changed
    • Load average
    • Detect USB Storage
  • FAQ
    • Can I monitor commands on Linux and Windows?
    • What are the command monitoring capabilities?
    • Can I check if an application is running on an agent?
Next Previous

© Copyright 2018, Wazuh, Inc.