community.enhance.com/d/2213-has-anyone-tried-wazuh/46
Continuing in this thread here
Hello again after some time. I apologize for the delay. I've moved away from the Wazuh installation as it was too complex, and managing another server was too time-consuming for me. Instead, I've developed a way to monitor metrics of individual websites on Enhance servers through a WordPress plugin connected to Vector, which I'm finding increasingly appealing.
Currently, the system only handles metrics, but I plan to expand it to include logs mentioned here from cPFence and potentially other logs like PHP errors in the future. Since I'm not much of a programmer, I would welcome any help from others who might be interested in contributing.
I tested the plugin by installing WordPress on the Enhance Control Panel and adding the plugin (the link to which can be found on the detailed setup instructions page). The setup process is straightforward: install the plugin, activate it, and find the API token in its settings, which is needed to authorize data reception from Vector.
Vector needs to be installed on each Enhance server you want to monitor. I've prepared a script for installation and configuration file creation that you can simply run in the terminal (as root). Everything should proceed automatically, after which you'll need to make a few adjustments to the Vector files:
Set the URL where the plugin is installed as the API endpoint
Insert the generated token into each sink
Set the webserver name in the parsers (usually the hostname, matching how Enhance detects servers)
After these adjustments, data should automatically start flowing to the plugin every 30 seconds. While the graphs currently have limited options, I plan to update the plugin with more features if there's interest - I'm developing this for my own use as well! 🙂
For detailed documentation and to download the plugin, visit:
woolab.app/plugin/
Please note that this is initial development, which I have installed on my 5 servers and everything works so far. I assume we all have Ubuntu 🙂 I have 24.04 but Vector should work on version 22 as well, and the same goes for the plugin. I created an automatic installation and therefore I have the latest WordPress, but the plugin should work on older versions too. However, I recommend using a new basic WordPress installation and then just this plugin, keeping WordPress in maintenance mode, solely for metrics monitoring. You might also encounter interesting phenomena, like in my case where one website appears on multiple servers. It's true that I was moving it, so it's possible that the container wasn't deleted after the move, but that's probably a question for Adam about how it works.
