Wazuh documentation index Wazuh documentation index
  • Product
  • Cloud
  • Services
  • Partners
  • Resources
    • Blog
    • FAQ
  • Company
    • Customers
    • About us
    • Our team
    • Newsroom
    Search now!
    • Getting started
      • Components
        • Wazuh indexer
        • Wazuh server
        • Wazuh dashboard
        • Wazuh agent
      • Architecture
      • Use cases
        • Log data analysis
        • File integrity monitoring
        • Rootkits detection
        • Active response
        • Configuration assessment
        • System inventory
        • Vulnerability detection
        • Cloud security
        • Container security
        • Regulatory compliance
    • Quickstart
    • Installation guide
      • Wazuh indexer
        • Wazuh installation assistant
        • Step-by-step installation
      • Wazuh server
        • Wazuh installation assistant
        • Step-by-step installation
      • Wazuh dashboard
        • Wazuh installation assistant
        • Step-by-step installation
      • Wazuh agent
        • Linux
        • Windows
        • macOS
        • Solaris
        • AIX
        • HP-UX
      • Packages list
    • Installation alternatives
      • Virtual Machine (OVA)
      • Amazon Machine Images (AMI)
      • Deployment on Docker
        • Docker installation
        • Wazuh Docker deployment
        • Wazuh Docker utilities
        • Data migration to Wazuh indexer
        • FAQ
      • Deployment on Kubernetes
        • Kubernetes configuration
        • Deployment
        • Upgrade Wazuh installed in Kubernetes
        • Clean Up
      • Offline installation
      • Installation from sources
        • Installing Wazuh server from sources
        • Installing Wazuh agent from sources
      • Installing Wazuh with Elastic Stack basic license
        • All-in-one deployment
        • Distributed deployment
          • Elasticsearch cluster
            • Elasticsearch single-node cluster
            • Elasticsearch multi-node cluster
          • Wazuh cluster
            • Wazuh single-node cluster
            • Wazuh multi-node cluster
          • Kibana
      • Installing Wazuh with Splunk
        • Wazuh manager installation
        • Install and configure Splunk
          • Install Splunk in an all-in-one architecture
          • Install a minimal Splunk distributed architecture
          • Install Splunk in a multi-instance cluster
        • Install the Wazuh app for Splunk
        • Set up reverse proxy configuration for Splunk
        • Customize agents status indexation
        • Create and map internal users (RBAC)
      • Deployment with Ansible
        • Installation Guide
          • Install Ansible
          • Install Wazuh indexer and dashboard
          • Install Wazuh manager
          • Install a Wazuh cluster
          • Install Wazuh Agent
        • Remote endpoints connection
        • Roles
          • Wazuh indexer
          • Wazuh dashboard
          • Filebeat
          • Wazuh Manager
          • Wazuh Agent
        • Variables references
      • Deployment with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Wazuh manager class
          • Wazuh agent class
    • Upgrade guide
      • Wazuh central components
      • Wazuh and Open Distro for Elasticsearch
      • Wazuh and Elastic Stack basic license
      • Wazuh agent
      • Upgrading from a legacy version
        • Upgrading the Wazuh server
          • Upgrading the Wazuh server from 2.x to 3.x
            • Restore the Wazuh alerts from Wazuh 2.x
          • Upgrading the Wazuh server from 1.x to 2.x
        • Upgrading Elastic Stack
          • Upgrading Elastic Stack from 6.8 to 7.x
          • Upgrading Elastic Stack from 6.x to 6.8
          • Upgrading Elastic Stack from 2.x to 5.x
        • Upgrading the Wazuh agent
          • Upgrading the Wazuh agent from 2.x to 3.x
          • Upgrading the Wazuh agent from 1.x to 2.x
      • Compatibility matrix
    • Migration guide
      • Migrating to the Wazuh indexer
      • Migrating to the Wazuh dashboard
      • Migrating from OSSEC
        • Migrating OSSEC server
        • Migrating OSSEC agent
    • Wazuh Cloud service
      • Getting started
        • Sign up for a trial
        • Access Wazuh WUI
        • Register agents
        • Cloud service FAQ
      • Your environment
        • Authentication and authorization
        • Cancellation
        • Monitor usage
        • Forward syslog events
        • Agents without Internet access
        • SMTP configuration
        • Technical FAQ
      • Account and billing
        • Edit user settings
        • Manage your billing details
        • See your billing cycle and history
        • Update billing and operational contacts
        • Stop charges for an environment
        • Billing FAQ
      • Cold storage
        • Configuration
        • Filename format
        • Access
      • Wazuh Cloud API
        • Authentication
        • Reference
      • CLI
      • Glossary
    • User manual
      • Wazuh server administration
        • Remote service
        • Defining an alert level threshold
        • Integration with external APIs
        • Configuring syslog output
        • Configuring database output
        • Generating automatic reports
        • Configuring email alerts
          • SMTP server with authentication
      • Certificates deployment
      • Deployment variables
        • Linux
        • Windows
        • macOS
        • AIX
      • Wazuh agent enrollment
        • Enrollment via agent configuration
          • Linux/Unix endpoint
          • Windows endpoint
          • macOS endpoint
        • Enrollment via manager API
          • Requesting the key
          • Importing the key to the agent
        • Additional security options
          • Using password authentication
          • Manager identity verification
          • Agent identity verification
        • Troubleshooting
      • Agent management
        • Agent life cycle
        • Listing agents
          • Listing agents using the CLI
          • Listing agents using the Wazuh API
          • Listing agents using the Wazuh app
        • Removing agents
          • Remove agents using the CLI
          • Remove agents using the Wazuh API
        • Checking connection with Manager
        • Grouping agents
        • Remote upgrading
          • Upgrading agent
          • Agent upgrade module
          • Adding a custom repository
          • Custom WPK packages creation
            • WPK
            • Generate WPK packages manually
          • Installing a custom WPK package
          • WPK List
        • Query configuration
      • Deploying a Wazuh cluster
        • Basics
        • Agents connections
        • Cluster management
      • Capabilities
        • Log data collection
          • How it works
          • How to collect Windows logs
          • How to collect macOS ULS logs
          • Configuration
          • FAQ
        • File integrity monitoring
          • How it works
          • FIM fields rule mapping
          • Configuration
        • Auditing who-data
          • Auditing who-data in Linux
          • Auditing who-data in Windows
          • Manual configuration of the Local Audit Policies in Windows
        • Anomaly and malware detection
          • How it works
          • Configuration
          • FAQ
        • Security Configuration Assessment
          • What is SCA
          • How SCA works
          • How to configure SCA
          • Creating custom SCA policies
          • Use case: Getting an alert when a check changes its result value
        • Monitoring security policies
          • Rootcheck
            • How it works
            • Configuration
            • FAQ
          • OpenSCAP
            • How it works
            • Configuration
            • FAQ
          • CIS-CAT integration
        • Monitoring system calls
          • How it works
          • Configuration
        • Command monitoring
          • How it works
          • Configuration
          • FAQ
        • Active response
          • How it works
          • Configuration
          • Custom Active Response
          • Use cases
            • Blocking attacks with Active Response
            • How to integrate Wazuh with YARA
            • Detecting and removing malware
          • FAQ
        • Agentless monitoring
          • How it works
          • Configuration
          • FAQ
        • Anti-flooding mechanism
        • Agent labels
        • System inventory
        • Vulnerability detection
          • How it works
          • Compatibility matrix
          • Running a vulnerability scan
          • Offline Update
          • Scan vulnerabilities on unsupported systems
          • CPE Helper
        • VirusTotal integration
          • About VirusTotal
          • How it works
        • Osquery
        • Agent key polling
        • Fluentd forwarder
        • Wazuh-Logtest
          • How it works
          • Configuration
          • FAQ
      • Ruleset
        • Getting started
        • Update ruleset
        • JSON decoder
        • Custom rules and decoders
        • Dynamic fields
        • Ruleset XML syntax
          • Decoders Syntax
          • Rules Syntax
          • Regular Expression Syntax
          • Perl-compatible Regular Expressions
          • Sibling Decoders
        • Testing decoders and rules
        • Using CDB lists
        • Enhancing with MITRE
        • Contribute to the ruleset
        • Rules classification
      • RESTful API
        • Getting started
        • Configuration
        • Securing the Wazuh API
        • Migrating from the Wazuh API 3.X
        • Role-Based Access Control
          • How it works
          • Configuration
          • Authorization Context
          • RBAC Reference
        • Filtering data using queries
        • Examples
        • Reference
      • Securing Wazuh
        • Change the Wazuh indexer passwords
        • Change the Open Distro for Elasticsearch passwords
        • Change the Elasticsearch passwords
      • Reference
        • Local configuration (ossec.conf)
          • active-response
          • agentless
          • agent-upgrade
          • alerts
          • auth
          • client
          • client_buffer
          • cluster
          • command
          • database_output
          • email_alerts
          • global
          • github
          • integration
          • labels
          • localfile
          • logging
          • office365
          • remote
          • reports
          • rootcheck
          • sca
          • rule_test
          • ruleset
          • socket
          • syscheck
          • syslog_output
          • task-manager
          • fluent-forward
          • gcp-pubsub
          • gcp-bucket
          • wodle name="open-scap"
          • wodle name="command"
          • wodle name="cis-cat"
          • wodle name="aws-s3"
          • wodle name="syscollector"
          • vulnerability-detector
          • wodle name="osquery"
          • wodle name="docker-listener"
          • wodle name="azure-logs"
          • wodle name="agent-key-polling"
          • Verifying configuration
        • Centralized configuration (agent.conf)
        • Internal configuration
        • Daemons
          • wazuh-agentd
          • wazuh-agentlessd
          • wazuh-analysisd
          • wazuh-authd
          • wazuh-csyslogd
          • wazuh-dbd
          • wazuh-execd
          • wazuh-logcollector
          • wazuh-maild
          • wazuh-monitord
          • wazuh-remoted
          • wazuh-reportd
          • wazuh-syscheckd
          • wazuh-clusterd
          • wazuh-modulesd
          • wazuh-db
          • Tables available for wazuh-db
          • wazuh-integratord
        • Tools
          • agent-auth
          • agent_control
          • manage_agents
          • wazuh-control
          • wazuh-logtest
          • clear_stats
          • wazuh-regex
          • update_ruleset
          • verify-agent-conf
          • agent_groups
          • agent_upgrade
          • cluster_control
          • fim_migrate
        • Unattended Installation
        • Statistics files
          • wazuh-agentd.state
          • wazuh-remoted.state
          • wazuh-analysisd.state
          • wazuh-logcollector.state
      • Elasticsearch
        • Elasticsearch tuning
        • Wazuh Kibana plugin troubleshooting
        • Indices configuration
        • Elasticsearch indices
      • Wazuh dashboard
        • Wazuh RBAC - How to create and map internal users
        • How to enable multi-tenancy
        • Settings
        • Configuration file
        • Troubleshooting
      • Uninstalling the Wazuh components
        • Uninstalling the Wazuh central components
        • Uninstalling Wazuh with Open Distro for Elasticsearch
        • Uninstalling Wazuh with Elastic Stack
    • Cloud security
      • Using Wazuh to monitor AWS
        • Monitoring AWS instances
        • Monitoring AWS based services
          • Prerequisites
            • Configuring an S3 Bucket
            • Configuring AWS credentials
            • Installing dependencies
            • Considerations for configuration
          • Supported services
            • AWS CloudTrail
            • Amazon VPC
            • AWS Config
            • Amazon ALB
            • Amazon CLB
            • Amazon NLB
            • AWS Key Management Service
            • Amazon Macie
            • AWS Trusted Advisor
            • Amazon GuardDuty
            • Amazon WAF
            • S3 Server Access
            • Amazon Inspector
            • AWS CloudWatch Logs
            • Amazon ECR Image scanning
            • Cisco Umbrella
          • Troubleshooting
      • Using Wazuh to monitor Microsoft Azure
        • Monitoring instances
        • Monitoring activity and services
          • Prerequisites
            • Authentication options
            • Considerations for configuration
          • Monitoring Azure platform and services
            • Using Azure Log Analytics
            • Using Azure Storage
          • Monitoring Azure Active Directory
            • Using Microsoft Graph
      • Using Wazuh to monitor GitHub
        • Monitoring GitHub Activity
      • Using Wazuh to monitor GCP services
        • Prerequisites
          • Installing dependencies
          • Configuring GCP credentials
          • Configuring Google Cloud Pub/Sub
          • Considerations for configuration
        • Supported services
          • Audited resources
          • DNS queries
          • VPC Flow logs
          • Firewall Rules Logging
          • HTTP(S) Load Balancing Logging
          • Usage logs & storage logs
      • Using Wazuh to monitor Office 365
        • Monitoring Office 365 Activity
    • Container security
      • Using Wazuh to monitor Docker
        • Installing dependencies
        • Monitoring Docker server
        • Monitoring containers activity
    • Development
      • Client keys file
      • Standard OSSEC message format
      • Makefile options
      • Wazuh cluster
      • Wazuh packages generation guide
        • AIX
        • Debian
        • HPUX
        • Wazuh Kibana plugin
        • macOS
        • RPM
        • Solaris
        • Splunk App
        • Virtual machine
        • Windows
        • WPK
      • Wazuh-Logtest
      • SELinux Wazuh context
    • Compliance
      • Using Wazuh for PCI DSS
        • Log analysis
        • Policy monitoring
        • Rootkit detection
        • File integrity monitoring
        • Active response
        • Wazuh dashboard
      • Using Wazuh for GDPR
        • GDPR II, Principles <gdpr_II>
        • GDPR III, Rights of the data subject <gdpr_III>
        • GDPR IV, Controller and processor <gdpr_IV>
    • Learning Wazuh
      • Prepare your Wazuh Lab Environment
        • Build the Wazuh Lab VPC
        • Launch the EC2 instances
        • Establish access to your EC2 instances
        • Install Wazuh server Components
        • Install the Elastic Stack
        • Configure X-Pack Security
        • Install the Linux Wazuh agents
        • Install the Windows Wazuh agent
      • Detect an SSH brute-force attack
      • Detect an RDP brute force attack
      • Expose hiding processes
      • Detect filesystem changes
      • Change the rules
      • Survive a log flood
      • Detect and react to a Shellshock attack
      • Keep watch for malicious command execution
      • Catch suspicious network traffic
      • Track down vulnerable applications
    • Proof of Concept guide
      • Auditing commands run by a user
      • Amazon AWS infrastructure monitoring
      • Detecting a brute-force attack
      • Monitoring Docker
      • File integrity monitoring
      • Blocking a malicious actor
      • Detecting unauthorized processes
      • Osquery integration
      • Network IDS integration
      • Detecting a Shellshock attack
      • Detecting an SQL Injection attack
      • Slack integration
      • Detecting suspicious binaries
      • Detecting and removing malware using VirusTotal integration
      • Vulnerability Detector
      • Detecting malware using Yara integration
    • Release notes
      • 4.x
        • 4.3.1 Release notes
        • 4.3.0 Release notes
        • 4.2.6 Release notes
        • 4.2.5 Release notes
        • 4.2.4 Release notes
        • 4.2.3 Release notes
        • 4.2.2 Release notes
        • 4.2.1 Release notes
        • 4.2.0 Release notes
        • 4.1.5 Release notes
        • 4.1.4 Release notes
        • 4.1.3 Release notes
        • 4.1.2 Release notes
        • 4.1.1 Release notes
        • 4.1.0 Release notes
        • 4.0.4 Release notes
        • 4.0.3 Release notes
        • 4.0.2 Release notes
        • 4.0.1 Release notes
        • 4.0.0 Release notes
      • 3.x
        • 3.13.3 Release notes
        • 3.13.2 Release notes
        • 3.13.1 Release notes
        • 3.13.0 Release notes
        • 3.12.3 Release notes
        • 3.12.2 Release notes
        • 3.12.1 Release notes
        • 3.12.0 Release notes
        • 3.11.4 Release notes
        • 3.11.3 Release notes
        • 3.11.2 Release notes
        • 3.11.1 Release notes
        • 3.11.0 Release notes
        • 3.10.2 Release notes
        • 3.10.1 Release notes
        • 3.10.0 Release notes
        • 3.9.5 Release notes
        • 3.9.4 Release notes
        • 3.9.3 Release notes
        • 3.9.2 Release notes
        • 3.9.1 Release notes
        • 3.9.0 Release notes
        • 3.8.2 Release notes
        • 3.8.1 Release notes
        • 3.8.0 Release notes
        • 3.7.2 Release notes
        • 3.7.1 Release notes
        • 3.7.0 Release notes
        • 3.6.1 Release notes
        • 3.6.0 Release notes
        • 3.5.0 Release notes
        • 3.4.0 Release notes
        • 3.3.1 Release notes
        • 3.3.0 Release notes
        • 3.2.4 Release notes
        • 3.2.3 Release notes
        • 3.2.2 Release notes
        • 3.2.1 Release notes
        • 3.2.0 Release notes
        • 3.1.0 Release notes
        • 3.0.0 Release notes
      • 2.x
        • 2.1 Release notes
    • Documentation
    • User manual
    • Capabilities
    • Wazuh-Logtest

    Wazuh-Logtest

    New in version 4.1.0.

    The Wazuh-Logtest whole solution was designed to replace ossec-logtest, now allowing to test and verify rules and decoders remotely, sharing the rules engine with wazuh-analysisd

    Contents

    • How it works
      • Use cases: Test log from Wazuh-Logtest Tool
      • Use cases: Test log from RESTful API
    • Configuration
    • FAQ
      • What happens when trying to start a new session if the maximum session limit has already been reached?
      • What happens when trying to use an invalid logtest token?
      • When is a session closed?
      • In a Wazuh Cluster, where are the logs processed?
      • What events are recognized by the Wazuh-Logtest solution?
      • What is the behavior of the firedtimes counter?
    Fluentd forwarder How it works
    Wazuh Wazuh
    Platform
    • Product
    • Cloud
    Documentation
    • Quickstart
    • Getting started
    • Installation guide
    Services
    • Support
    • Training
    Resources
    • Blog
    • FAQ
    • Community
    Company
    • About us
    • Customers
    • Our partners
    • Careers
    • Contact us
    • Community
    • Contact us
    © 2022 · Wazuh Inc.
    Edit on GitHub