Documentation
  • Getting started
  • Installation guide
  • User manual
    • Overview
    • Wazuh server administration
    • Registering agents
    • Agent management
    • Capabilities
      • Log data collection
      • File integrity monitoring
      • Auditing who-data
      • Anomaly and malware detection
      • Monitoring security policies
      • Monitoring system calls
      • Command monitoring
        • How it works
        • Configuration
        • FAQ
      • Active response
      • Agentless monitoring
      • Anti-flooding mechanism
      • Agent labels
      • System inventory
      • Vulnerability detection
      • VirusTotal integration
      • Osquery
      • Agent key polling
    • Ruleset
    • RESTful API
    • Kibana app
    • Reference
  • Development
  • Docker
  • Deploying with Puppet
  • Deploying with Ansible
  • Using Wazuh for PCI DSS
  • Using Wazuh for GDPR
  • Using Wazuh to monitor AWS
  • Using Wazuh to Monitor Microsoft Azure
  • Using Wazuh to Monitor Docker
  • Installing Splunk
  • Migrating from OSSEC
  • Release notes
Wazuh
  • Docs »
  • User manual »
  • Capabilities »
  • Command monitoring
  • Edit on GitHub

Command monitoringΒΆ

There are times when you may want to monitor things that are not in the logs. To address this, Wazuh incorporates the ability to monitor the output of specific commands and treat the output as though it were log file content.

Contents

  • How it works
    • Configure Wazuh agents to accept remote commands from the manager
    • Configure a command to monitor
    • Process the output
  • Configuration
    • Basic usage
    • Monitor running Windows processes
    • Disk space utilization
    • Check if the output changed
    • Load average
    • Detect USB Storage
  • FAQ
    • Can I monitor commands on Linux and Windows?
    • What are the command monitoring capabilities?
    • Can I check if an application is running on an agent?
Next Previous

© Copyright 2018 - Wazuh, Inc.