Building Own SIEM Environment using Opensource Tools (Part 4) |
Wazuh Server
As per last blog, we are going to install Wazuh server and Wazuh agents on different clients. we are going to build an environment for 120 workstations, 15 servers, and 10 network devices with 2-3 year logs for view. Following are software and hardware, that we used for Wazuh server & ELK ServerWe go to deploy following method for log collection from Wazuh agent (Windows, Mac OS & Linux-Ubuntu ) and shifted to Wazuh server and then synchronize these logs with ELK server. Following diagram show the detail of this,
- All-in-one Deployment
- Distributed Deployment
All-in-one |
As per above diagram, you can see that Wazuh server installed on different cluster and ELK on different.
# 192.168.0.161 | wazuh.kccl.com # Wazuh Manager
For Check System Status
# hostnamectl status
For Checking Operating System
# cat /etc/redhat-release
We need to add following ports in firewall to communicate with agents and API.
- 514/UDP/TCP - Syslog
- 1514/UDP/TCP - To get events from the agent.
- 1515/TECP - Port Used for agent Registration.
- 1516/TCP - Wazuh Cluster communications.
- 55000/TCP - Wazuh API port for incoming requests.
# firewall-cmd
--permanent --add-port={514,1514,1515,1516,55000}/tcp
# firewall-cmd
--permanent --add-port={514,1514}/udp
# firewall-cmd --reload
# firewall-cmd
--list-all
After installation of Wazuh server, you write down admin user name and password for enter on Wazuh. Now you open your browser and enter IP and give username admin and password you noted
If you have any question, you cam ask in comments section. and if you not read early parts of this blog. just click on following links,
for you miss part 1, click on following link,
https://cybersecurity-why-for-me.blogspot.com/2022/10/building-own-siem-using-opensource-tools.html
for you miss part 2, click on following link,
https://cybersecurity-why-for-me.blogspot.com/2022/10/building-own-siem-environment-using.html
for you miss part 3, click on following link,
https://cybersecurity-why-for-me.blogspot.com/2022/10/building-own-siem-environment-using_18.html
Hi Sir Thanks for your time on this this procure is very much help full to us awaiting for next part!
ReplyDelete