Hello Mikel, If you're getting Sonicwall alerts on the alerts.json file, you can see them in Kibana. Currently, we don't have a specific tab for Sonicwall alerts, but you can go to the *Overview* tab, and you'll see a search bar (circled in red) where you can type the following: rule.groups: sonicwall
And press enter. This will filter the alerts by this group. You can also open the *Discover* view (circled in red) to see the alerts in a list-view mode, just like on Kibana's Discover tab on the left sidebar. <https://lh3.googleusercontent.com/-jtRSbeXeqps/WwWKq39XVsI/AAAAAAAAAIk/jP_IS45b-M4SfDp5et5GvCagt6mw7UMrgCLcBGAs/s1600/searchbar.PNG> Let me know if this works for you. Regards, Juanjo El miércoles, 23 de mayo de 2018, 15:21:57 (UTC+2), Mikel Sheshi escribió: > > Hello , > Is there any way to send sonicwall soslogs on Kibana dashboard (Wazuh > server) > I have set the logall option to "Yes" on ossec.conf > <jsonout_output>yes</jsonout_output> > <alerts_log>yes</alerts_log> > <logall>yes</logall> > I receive the logs on the /var/ossec/logs/archives > > But I want to see the alerts on Kibana dashboard gui > > > - The file /var/ossec/logs/archives/archives.json contains all events > whether they tripped a rule or not. > - The file */var/ossec/logs/alerts/alerts.json* contains only events > that tripped a rule. > > I want to see the sonicwall syslogs on alerts.json on Kibana in the same > way that I see the wazuh agent logs > > Thanks > Mikeli > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
