Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new <global> option <forward_to> to configuration reference #6974

Merged
merged 3 commits into from
Jan 22, 2024
Merged

Add new <global> option <forward_to> to configuration reference #6974

merged 3 commits into from
Jan 22, 2024

Conversation

mateocervilla
Copy link
Contributor

@mateocervilla mateocervilla commented Jan 18, 2024
edited
Loading

Related issue
#6971

Description

As explained in the issue, it is necessary to add the new option created ( <forward_to> ) to the ossec.conf global configuration reference.

This option shall be introduced in the <global> block:

Name Default value Description
<forward_to> None Any socket under /var/ossec to forward messages.

Example

<global>
    <jsonout_output>yes</jsonout_output>
    <alerts_log>yes</alerts_log>
    <logall>no</logall>
    <logall_json>no</logall_json>
    <email_notification>no</email_notification>
    <smtp_server>smtp.example.wazuh.com</smtp_server>
    <email_from>[email protected]</email_from>
    <email_to>[email protected]</email_to>
    <email_maxperhour>12</email_maxperhour>
    <email_log_source>alerts.log</email_log_source>
    <agents_disconnection_time>10m</agents_disconnection_time>
    <forward_to>fluentd</forward_to> <!-- Name of the socket to forward the alert, must be the same of socket section  -->
  </global>

  <fluent-forward>
     <enabled>yes</enabled>
     <tag>debug.test</tag>
     <socket_path>var/run/fluent.sock</socket_path>  <!-- WARNING: Path must be realtive to /var/ossec  -->
     <address>localhost</address>
     <port>24224</port>
  </fluent-forward>

  <socket>
	<name>fluentd</name> <!-- Name of the socket to forward the alert -->
	<location>var/run/fluent.sock</location>  <!-- WARNING: Path must be realtive to /var/ossec  -->
	<mode>udp</mode>
  </socket>

Extra fix

I also noticed that limits was formatted incorrectly, since it was in a higher hierarchy, along with Options and not within it. This can be seen in the index.

Checks

Docs building

  • Compiles without warnings.

Code formatting and web optimization

  • Uses three spaces indentation.
  • Adds or updates meta descriptions accordingly.

Writing style

  • Uses present tense, active voice, and semi-formal registry.
  • Uses short, simple sentences.
  • Uses bold for user interface elements, italics for key terms or emphasis, and code font for Bash commands, file names, REST paths, and code.

@mateocervilla mateocervilla linked an issue Jan 18, 2024 that may be closed by this pull request
Add new <global> option <forward_to> to configuration reference #6971
Closed
@MarcelKemp MarcelKemp requested a review from javimed January 19, 2024 12:19
@MarcelKemp MarcelKemp added the type/bug Bug issue label Jan 19, 2024
@javimed javimed added the level/task Task issue label Jan 19, 2024
@mateocervilla mateocervilla requested a review from javimed January 22, 2024 16:52
@javimed javimed merged commit 56c4492 into master Jan 22, 2024
3 checks passed
@javimed javimed deleted the 6971-add-forward-to-ref branch January 22, 2024 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javimed javimed javimed approved these changes

@MarcelKemp MarcelKemp MarcelKemp approved these changes

Assignees
No one assigned
Labels
level/task Task issue type/bug Bug issue
Projects
No open projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add new <global> option <forward_to> to configuration reference
3 participants
@mateocervilla @MarcelKemp @javimed