Reputation: 3

How can I use the Wazuh 4.3 API or interface to retrieve log information from the /var/ossec/logs/alerts directory?

How can I use the Wazuh 4.3 API or interface to retrieve log information from the /var/ossec/logs/alerts directory?After reviewing the official documentation, I found that calling https://192.168.186.134:55000/manager/logs did not retrieve the information I was looking for.

I tried using the official documentwiki, but it didn't give me what I wanted

Upvotes: 0

Answers (2)

ConRock5000

Reputation: 21

The Wazuh API does not have an endpoint to do this since alerts are directly indexed into Elasticsearch.

Use the Elasticsearch API. Asked and answered here: https://github.com/wazuh/wazuh/discussions/20485

Upvotes: 0

Nof

Reputation: 1

To get the vulnerabilities of an agent, you can review the following documentation.

{protocol}://{host}:{port}/vulnerability/{agent_id}

{
"data": {
"affected_items": [],
"total_affected_items": 2,
"total_failed_items": 0,
"failed_items": [ ]
},
"message": "All selected vulnerabilities were returned",
"error": 0
}

Let me know if my help helped you.

Greetings

Nicolas

Upvotes: 0

How can I use the Wazuh 4.3 API or interface to retrieve log information from the /var/ossec/logs/alerts directory?

Answers (2)

Related Questions