Syslog to Wazuh
Hello!
We are trying to connect our fireboxes to Wazuh to decode and analyze the syslogs.
Unfortunatly this does not work as espected. It seems the syslog format of the Watchguard boxes is not compatible with Wazuh - see https://github.com/wazuh/wazuh/issues/7052
Does anybody have a solution or workaround?
Thank you very much
Axel
0
Sign In to comment.
Comments
Hi @kraeg
The date/timestamp of the log (2020-09-11T07:23:52) is necessary information. I've never heard of a logging system not being able to parse that.
We support syslog and IBM LEEF, see:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html
It looks like the problem is their ability to parse that log, and they appear to be working on that. Any workarounds will likely be on their side.
-James Carson
WatchGuard Customer Support