Hi everyone,
I’m using IPFire 191 in my company and I wanted to send IDS logs to Wazuh. However, I noticed that IDS rules generate no logs unless I enable “Monitor Traffic Only.” When I disable it, I do get IDS logs in IPFire.
Thinking the logs might be in the syslog, I set up Wazuh to receive syslog on UDP port 514 and configured IPFire to send logs to Wazuh. I can see syslog entries in Wazuh, but I’m not sure how to:
- Interpret the syslog data properly.
- Check if IDS activity is included in the syslogs.
- Trigger the IDS to generate logs that Wazuh can detect as alerts.
Any advice on how to properly configure this and ensure IDS logs are forwarded to Wazuh?
Thanks in advance!