Hi ! 
I set up Wazuh but the problem is that in the tutorial (https://documentation.wazuh.com/3.x/installation-guide/installing-wazuh-server/wazuh_server_rpm_centos.html) they replace filebeat.yml with this: https://raw.githubusercontent.com/wazuh/wazuh/v3.9.5/extensions/filebeat/7.x/filebeat.yml. Is it possible to concatenate only the 2 files or do I have to replace it?
Thank you! Thank you!
It looks like the intention is to replace the original file (substituting your own parameters). If you are trying to read other inputs at the same time then you could merge those from your original file, but for Wazuh only you can use the file they provide.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.