From 59aca855e78db996759063a85a29fba223089ace Mon Sep 17 00:00:00 2001 From: Mateo Cervilla Date: Thu, 18 Jan 2024 14:31:54 -0300 Subject: [PATCH 1/3] Add forward_to ossec.conf reference --- .../reference/ossec-conf/global.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/source/user-manual/reference/ossec-conf/global.rst b/source/user-manual/reference/ossec-conf/global.rst index a64ea9c4a1..79e839aa0c 100644 --- a/source/user-manual/reference/ossec-conf/global.rst +++ b/source/user-manual/reference/ossec-conf/global.rst @@ -50,6 +50,7 @@ Options - `agents_disconnection_alert_time`_ - `limits`_ - `update_check`_ +- `forward_to`_ alerts_log ^^^^^^^^^^ @@ -554,6 +555,24 @@ This setting toggles whether to query the external Wazuh Cyber Threat Intelligen | **Allowed values** | yes, no | +--------------------+---------+ +.. _reference_forward_to: + +forward_to +^^^^^^^^^^ + +Specifies the name of the socket where the output will be redirected. The socket must be defined previously. + ++-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +| **Default value** | None | ++-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +| **Allowed values** | Any defined socket under /var/ossec | ++-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ + +Example: + +.. code-block:: xml + + fluentd Configuration example --------------------- From 52ba16c80cf763e7edd051d29f119035eea78ada Mon Sep 17 00:00:00 2001 From: Mateo Cervilla Date: Thu, 18 Jan 2024 14:33:24 -0300 Subject: [PATCH 2/3] Fix limits sections format --- source/user-manual/reference/ossec-conf/global.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source/user-manual/reference/ossec-conf/global.rst b/source/user-manual/reference/ossec-conf/global.rst index 79e839aa0c..39754dfc1d 100644 --- a/source/user-manual/reference/ossec-conf/global.rst +++ b/source/user-manual/reference/ossec-conf/global.rst @@ -480,8 +480,10 @@ Example: 1h +.. _reference_limits: + limits ------- +^^^^^^ This block configures the limits section. @@ -494,7 +496,7 @@ This block configures the limits section. +----------------------------+ limits\\eps -^^^^^^^^^^^ +""""""""""" This block configures the events per second limitation functionality. @@ -521,7 +523,7 @@ Events per second limits example block: limits\\eps\\maximum -^^^^^^^^^^^^^^^^^^^^ +"""""""""""""""""""" Maximum number of events per second allowed to be processed by decoders. @@ -532,7 +534,7 @@ Maximum number of events per second allowed to be processed by decoders. +--------------------+-----------------------------------------------------------------+ limits\\eps\\timeframe -^^^^^^^^^^^^^^^^^^^^^^ +"""""""""""""""""""""" A positive number expressed in seconds that indicates the time period where the events per second processed are increased and restored. From 9b9377d10ab7b63638612b06f5898be3d27b3b35 Mon Sep 17 00:00:00 2001 From: Mateo Cervilla Date: Mon, 22 Jan 2024 13:52:38 -0300 Subject: [PATCH 3/3] Apply requested changes --- source/user-manual/reference/ossec-conf/global.rst | 12 +++++++++--- source/user-manual/reference/ossec-conf/socket.rst | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/source/user-manual/reference/ossec-conf/global.rst b/source/user-manual/reference/ossec-conf/global.rst index 39754dfc1d..fb5096f677 100644 --- a/source/user-manual/reference/ossec-conf/global.rst +++ b/source/user-manual/reference/ossec-conf/global.rst @@ -562,19 +562,25 @@ This setting toggles whether to query the external Wazuh Cyber Threat Intelligen forward_to ^^^^^^^^^^ -Specifies the name of the socket where the output will be redirected. The socket must be defined previously. +Specifies the :ref:`name of the socket ` where the output will be redirected. The socket must be defined previously. +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ | **Default value** | None | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ -| **Allowed values** | Any defined socket under /var/ossec | +| **Allowed values** | Any defined socket under ``/var/ossec`` | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ Example: .. code-block:: xml - fluentd + + custom_socket + /var/ossec/custom.sock + tcp + + + custom_socket Configuration example --------------------- diff --git a/source/user-manual/reference/ossec-conf/socket.rst b/source/user-manual/reference/ossec-conf/socket.rst index 39e43c6d9d..6669a453b6 100644 --- a/source/user-manual/reference/ossec-conf/socket.rst +++ b/source/user-manual/reference/ossec-conf/socket.rst @@ -25,6 +25,7 @@ Options - `mode`_ - `prefix`_ +.. _reference_ossec_socket_name: name ^^^^^^^^^^