From the course: Complete Guide to Open Source Security
Join today to access over 24,800 courses taught by industry experts.
Collecting Nginx logs in Wazuh
From the course: Complete Guide to Open Source Security
Collecting Nginx logs in Wazuh
- To get the most value out of Wazuh, we'll want to customize both the configuration and the rules files. We're on Web oh one, our Engine X server, so let's take a look at the Wazuh agent configuration. Can do that with sudo nano var ossec, et cetera ossec.com. The first thing to note is that we have the server address details shown here as 1 9 2 1 6 8 1 1 0 3, and the collection port of 1514. There's also some connectivity settings and following this, the client buffer settings. Following the policy monitoring heading, we can see the details of Wazhu's root check. This check looks for signs of intrusion on the system being monitored, and we can see the location of Wazhu's root kit and Trojan's signature files. Following this, we find the specification for the CIS audit check, which shows how well the system meets the hardening guidelines published by the Center for Internet Security. Let's get past the various system monitoring sections and get down to the start of the second. Ossec…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
(Locked)
Installing the Wazuh SIEM5m 24s
-
(Locked)
Installing a Wazuh Linux agent3m 20s
-
(Locked)
Installing a Wazuh Windows agent1m 32s
-
(Locked)
Collecting Nginx logs in Wazuh5m 20s
-
(Locked)
Monitoring an attack with Wazuh4m 48s
-
(Locked)
Detecting web shells with Wazuh7m 42s
-
(Locked)
Activating vulnerability scanning3m 45s
-
(Locked)
-
-
-
-
-
-
-