At first, I absolutely appreciate your work and I have learned a lot from your pulications (Medium, YT, and such) so far. Many thanks for that.
But there is one thing, that I simply don't understand... I am working in a smaller setup (let's say, about 10 Servers (VM+metal), 40 Switches, etc.), spun up Wazuh 4.8.0 lately and began to harvest information via wazuh-agent and syslog-based log streams.
In all your newer publications you speak about Graylog as the central piece of software, but I don't really understand why!? Wazuh is collecting all the data it needs and it is also capable of receiving syslog-like data, so why should I need to introduce another piece of software here?
Does CoPilot need Graylog for anything special that could not be done via Wazuh as logcollector on its own?
AND, as I don't want to install Wazuh on the underlying OS but use it exclusively via Docker, how should I integrate Graylog into the given wazuh-docker stack to make it work correctly with CoPilot and Wazuh?
You have a lot of videos and I'd say I've seen them all, but it simply does not make this clear, at least for me...
Hope you don't mind...
EDIT: Yes, I watched your video about Graylog and your explanations are fine so far, but as the wazuh-docker stack is doing everything I think I need atm, is it really necessary to add complexity aka Graylog here?
Hi Taylor!
At first, I absolutely appreciate your work and I have learned a lot from your pulications (Medium, YT, and such) so far. Many thanks for that.
But there is one thing, that I simply don't understand... I am working in a smaller setup (let's say, about 10 Servers (VM+metal), 40 Switches, etc.), spun up Wazuh 4.8.0 lately and began to harvest information via wazuh-agent and syslog-based log streams.
In all your newer publications you speak about Graylog as the central piece of software, but I don't really understand why!? Wazuh is collecting all the data it needs and it is also capable of receiving syslog-like data, so why should I need to introduce another piece of software here?
Does CoPilot need Graylog for anything special that could not be done via Wazuh as logcollector on its own?
AND, as I don't want to install Wazuh on the underlying OS but use it exclusively via Docker, how should I integrate Graylog into the given wazuh-docker stack to make it work correctly with CoPilot and Wazuh?
You have a lot of videos and I'd say I've seen them all, but it simply does not make this clear, at least for me...
Hope you don't mind...
EDIT: Yes, I watched your video about Graylog and your explanations are fine so far, but as the wazuh-docker stack is doing everything I think I need atm, is it really necessary to add complexity aka Graylog here?
Regards, Holger