Wazuh Fields Description

Here is the overview description of what these log fields mean in Wazuh agent dashboard:

Fields

Description

@timestamp

The specific date and time the log entry was made

agent.id

The unique identifier of the Wazuh agent that sent the log.

agent.ip

The IP address of the Wazuh agent.

agent.name

The name of the agent, presumably the hostname.

full_log

The complete log entry, the example above indicates a PHP warning about a module being already loaded.

location

The location on the filesystem where the log originated, typically a path to a log file.

manager.name

The name of the manager (or server) handling this log.

predecoder.program_name

The name of the program that generated the log.

predecoder.hostname

The hostname where the event was pre decoded.

rule.*

All fields regarding the rule that triggers this alert. The severity of the violated rule is also provided in rule.level

PreviousDeploying Wazuh AgentsNextDecoders and Rulers

Last updated