{"id":983,"date":"2026-02-13T08:26:48","date_gmt":"2026-02-13T07:26:48","guid":{"rendered":"https:\/\/whoami.lausitz-event.info\/?p=983"},"modified":"2026-02-18T14:15:24","modified_gmt":"2026-02-18T13:15:24","slug":"opensource-siem-wazuh","status":"publish","type":"post","link":"https:\/\/whoami.lausitz-event.info\/?p=983","title":{"rendered":"OpenSource SIEM Elastic & Wazuh"},"content":{"rendered":"\n\n
Update und Installation Tools<\/strong><\/code><\/pre>\n\n\n\n\n\n
sudo apt update && sudo apt upgrade -y\nsudo apt install curl apt-transport-https unzip wget -y<\/code><\/pre>\n\n\n\n\n\n
Download und Start der Installation<\/strong><\/p>\n\n\n\n\n\n
curl -sO https:\/\/packages.wazuh.com\/4.7\/wazuh-install.sh\nchmod +x wazuh-install.sh\nsudo .\/wazuh-install.sh -a<\/code><\/pre>\n\n\n\n\n\n
Anpassung der Logeinstellungen und Systemkonfiguration \/var\/ossec\/etc\/ossec.conf und anschliessend Neustart Wazuh Manager<\/strong> <\/p>\n\n\n\n\n\n
<global>\n  <logall>yes<\/logall>\n  <logall_json>yes<\/logall_json>\n<\/global>\n\n<remote>\n  <connection>syslog<\/connection>\n  <port>514<\/port>\n  <protocol>udp<\/protocol>\n  <allowed-ips>0.0.0.0\/0<\/allowed-ips>\n<\/remote>\n<remote>\n  <connection>secure<\/connection>\n  <port>1514<\/port>\n  <protocol>tcp<\/protocol>\n<\/remote><\/code><\/pre>\n\n\n\n\n\n
sudo systemctl restart wazuh-manager<\/code><\/pre>\n\n\n\n\n\n
Verbesserung FortiGate & ASA Parsing<\/strong> nano \/var\/ossec\/etc\/decoders\/local_decoder.xml<\/p>\n\n\n\n\n\n
<decoder name=\"fortigate-custom\">\n  <prematch>date=<\/prematch>\n<\/decoder>\n<decoder name=\"cisco-asa-custom\">\n  <prematch>%ASA-<\/prematch>\n<\/decoder><\/code><\/pre>\n\n\n\n\n\n
sudo systemctl restart wazuh-manager<\/code><\/pre>\n\n\n\n\n\n
Download Wazuh Agent<\/strong><\/p>\n\n\n\n\n\n
https://documentation.wazuh.com\/current\/installation-guide\/packages-list.html\nmsiexec.exe \/i wazuh-agent-4.14.3-1.msi \/q WAZUH_MANAGER=\"X.X.X.X\"<\/code><\/pre>\n\n\n\n\n\n
Auf dem Windows Server<\/strong><\/p>\n\n\n\n\n\n
notepad.exe C:\\Program Files (x86)\\ossec-agent\\ossec.conf<\/code><\/pre>\n\n\n\n\n\n
  <client>\n    <server>\n      <address>X.X.X.X<\/address>\n      <port>1514<\/port>\n      <protocol>tcp<\/protocol>\n    <\/server>\n    <config-profile>windows, windows2019, windows-server, windows-server-2019<\/config-profile>\n    <crypto_method>aes<\/crypto_method>\n    <notify_time>20<\/notify_time>\n    <time-reconnect>60<\/time-reconnect>\n    <auto_restart>yes<\/auto_restart>\n  <\/client>\n  \n  <localfile>\n    <location>Security<\/location>\n    <log_format>eventchannel<\/log_format>\n  <\/localfile><\/code><\/pre>\n\n\n\n\n\n
Download https:\/\/download.sysinternals.com\/files\/Sysmon.zip
Download https:\/\/github.com\/SwiftOnSecurity\/sysmon-config<\/strong><\/p>\n\n\n\n\n\n
.\\Sysmon64.exe -accepteula -i sysmonconfig-export.xml<\/code><\/pre>\n\n\n\n\n\n
notepad.exe C:\\Program Files (x86)\\ossec-agent\\ossec.conf<\/strong><\/p>\n\n\n\n\n\n
<localfile>\n  <location>Microsoft-Windows-Sysmon\/Operational<\/location>\n  <log_format>eventchannel<\/log_format>\n<\/localfile><\/code><\/pre>\n\n\n\n\n\n
Update Wazuh-Manager<\/strong><\/p>\n\n\n\n\n\n
sudo apt update\nsudo apt install wazuh-manager<\/code><\/pre>\n\n\n\n\n\n
Agent neu registrieren<\/strong><\/p>\n\n\n\n\n\n
.\\agent-auth.exe -m X.X.X.X -p 1515<\/code><\/pre>\n\n\n","protected":false},"excerpt":{"rendered":"
Download und Start der Installation Anpassung der Logeinstellungen und Systemkonfiguration \/var\/ossec\/etc\/ossec.conf und anschliessend Neustart Wazuh Manager Verbesserung FortiGate & ASA Parsing nano \/var\/ossec\/etc\/decoders\/local_decoder.xml Download Wazuh Agent Auf dem Windows Server Download https:\/\/download.sysinternals.com\/files\/Sysmon.zipDownload https:\/\/github.com\/SwiftOnSecurity\/sysmon-config notepad.exe C:\\Program Files (x86)\\ossec-agent\\ossec.conf Update Wazuh-Manager Agent neu registrieren<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15,19,3,12,23,11],"tags":[],"class_list":["post-983","post","type-post","status-publish","format-standard","hentry","category-cisco","category-fortinet","category-it","category-linux","category-netzwerk","category-security"],"_links":{"self":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=983"}],"version-history":[{"count":4,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/983\/revisions"}],"predecessor-version":[{"id":1009,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/983\/revisions\/1009"}],"wp:attachment":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}