Wazuh Fields Description
Here is the overview description of what these log fields mean in Wazuh agent dashboard:
Fields | Description |
@timestamp | The specific date and time the log entry was made |
agent.id | The unique identifier of the Wazuh agent that sent the log. |
agent.ip | The IP address of the Wazuh agent. |
agent.name | The name of the agent, presumably the hostname. |
full_log | The complete log entry, the example above indicates a PHP warning about a module being already loaded. |
location | The location on the filesystem where the log originated, typically a path to a log file. |
manager.name | The name of the manager (or server) handling this log. |
predecoder.program_name | The name of the program that generated the log. |
predecoder.hostname | The hostname where the event was pre decoded. |
rule.* | All fields regarding the rule that triggers this alert. The severity of the violated rule is also provided in rule.level |
Last updated