Wazuh-Logtest¶
New in version 4.1.0.
The Wazuh-Logtest whole solution was designed to replace ossec-logtest tool, now allowing to test and verify rules and decoders remotely, sharing the rules engine with ossec-analysisd
Contents
- How it works
- Configuration
- FAQ
- What happens when trying to start a new session if the maximum session limit has already been reached?
- What happens when trying to use an invalid logtest token?
- When is a session closed?
- In a Wazuh Cluster, where are the logs processed?
- What events are recognized by the Wazuh-Logtest solution?
- How is the behavior of the firedtimes counter?