Forwarding Syslog to Wazuh with rsyslog
Why rsyslog to Wazuh? Wazuh normally collects logs through its own agent, but there are situations where syslog forwarding makes more sense: The host can’t run the Wazuh agent (embedded systems, appliances, immutable OSes) You want visibility fast without deploying an agent You’re forwarding from network devices that only speak syslog You need a lightweight option for lab or training environments To prevent log tampering rsyslog gives you a quick path to centralized log collection with minimal footprint on the client. ...