Skip to main content
Skip table of contents

How to re-ingest data (non-fluent configuration)

In some cases it may be needed to re-ingest data. For this it is important to understand the data flow. Data is collected via agent, syslog or API and is then run through a correlation engine. The results of the correlation engine is then stored in /var/ossec/logs/alerts/alerts.json on the relevant XDR/Wazuh manager host. This can be either a central worker in AWS or the log aggregator (hydra) on premises. Both of these instances will require you to enter the POD (Kubernetes in AWS) or container (hydra) and then perform the activities in the video training below. Please see the respective sections relating to the docker and kubernetes management in the guide.

The Kubernetes guide can be found here

The Docker guide can be found here

https://youtu.be/iBju-OzS_Tk

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close