I have successfully integrated wazuh with graylog so that wazuh sends json logs to graylog using fluent bit . the integration is OK and i can see traffic flowing into graylog. the main issue i am facing is that the logs are not being seen in the search bar.
Graylog is sending the logs to wazuh indexer over https and i can see that it created some indices on wazuh indexer. so i dont think i have an integration issue here.
I understand that wazuh 4.8.1 uses opensearch (the indexer) and not elasticsearch. should i install any specific plugins to be able to parse those logs correctly?
Appreciate some help to troubleshoot this issue.
i am using:
ii graylog-5.2-repository 1-2 all Package to install Graylog 5.2 GPG key and repository
ii graylog-server 5.2.9-1 amd64 Graylog server
Wazuh with Graylog has some issues. It best to use Elasticsearch and/or OpenSearch. I run a Wazuh server and OpenSearch server. What I found out Wazuh uses ossec in the back end. I haven’t had it working correctly so I stayed with just OpenSearch. Perhaps try a different input type, just an idea.
