It's not always clear why a file is not matching a log format. We have some clear diagnostics for the sample lines in a log format, we should do the same when detecting any file.

linux：HTTPConnectionPool(host='192.168.0.24', port=6801): Max retries exceeded with url: /listprojects.json (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7f0a78b2d828>: Failed to establish a new connection: [Errno 111] Connection refused',))
windows：HTTPConnectionPool(host='localhost', port=6801): Max retries exceeded with url: /jobs (Caused by Ne

Description

When we have an automatic email reports configuration and there are no alerts to be reported that day (e.g the rule or group of rules that we have configured in reports have not triggered during the day), the report will not be sent.

This is not good behavior because it can lead the user to think that the automatic reports are not working.

Let's also say that I have to sen

Hi team,

I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.

https://github.com/wazuh/wazuh-ruleset/blob/725a0155cfde0a849729d9d174f03e1453e31242/rules/0610-win-ms_logs_rules.xml#L37-L63

To match rules 63103, 63104 and 63105, the logs must have matched before rules `60

Hello folks,

I think it'd be great if every ENV VAR used in the images would be explained in the README.md, and also it can be included in the Wazuh official documentation once they're ready.

Feel free to share your thoughts on this here.

Regards

Description
Letters will move around as you hover over items in the Kibana App using Firefox.
This is most notable in the Management tab and when the window size is somewhat small.

Steps to reproduce
With Firefox

1. Go to Management
2. Hover over the different dashboard buttons
3. Resize browser win

According to the documentation for http_publish_uri the wildcard address 0.0.0.0 is only permissable if set via $http_bind_address. Which is the default if http_publish_uri remains unset. For default in the role http_publish_uri is set to "http://0.0.0.0:9000" which is an invalid value. The graylog-server defaults to the, probably first, non-loopback ipv4 address, however it logs this fact every s

Context

Documentation to the input is out of date and does not include information on AWS Authentication wizard
https://docs.graylog.org/en/latest/pages/integrations/inputs

Hi all, I'm trying to figure out a method to pull Windows Server 2012 event logs into Syslog format (for Octopussy), has anyone figured this out? I can only get Snare to do 2003 & 2008 logs.

If there isn't a method then I guess this is a feature request :) Windows Server is a very popular operating system, that has a near total lack of standardisation, Octopussy fills one of these gaps nicely!

Hello team!

According to https://www.elastic.co/guide/en/elasticsearch/reference/7.2/security-api-put-user.html it's possible to manage Elastic users by using API like the following example:

curl -X POST "localhost:9200/_security/user/jacknich" -H 'Content-Type: application/json' -d' 

Elastic tasks can be enhanced by allowing to create users and manage their attributes and pas

The section, referring to the hotfixes option, This option is enabled by default but no included in the initial configuration. is misspelt (no -> not)

Documentation link: https://documentation.wazuh.com/3.12/user-manual/reference/ossec-conf/wodle-syscollector.html#hotfixes

Hello,

We are using graylog 3 and when trying to install the latest version of the sidecar it fails since the package name is different from v1 onwards. In version pre 1 the name of the release is collector-sidecar while in version v1 the name is graylog-sidecar

Also interpolating variables in attributes makes it harder for people when they want to specify their own values in nodes / rol

Hello team,

We've detected a non-intuitive behavior on the following command specified on the install from sources page in our documentation:

curl -s -o install_api.sh https://raw.githubusercontent.com/wazuh/wazuh-api/v3.7.2/install_api.sh && bash ./install_api.sh download

This command, which is specified to download the API in all versions of our documentation (in this c

Hi!

I think section 3B of this paper (Chinese edition at here) may help people understand those sampling methods.

B. Feature Extraction

The main purpose of this step is to extract valuable features from log events that could be fe