Running Suricata and Wazuh on the Same AWS Instance – Log Collection Conflict?

IntruderC64 · March 11, 2025, 11:46am

Hi everyone,

I’m planning to run Suricata on the same AWS instance as Wazuh. Wazuh is already collecting logs from a firewall, and I want Suricata to pick up logs from the same firewall simultaneously.

At this stage, Suricata is not yet integrated with Wazuh—each tool has its own dashboard since I’m still in the development phase.

Would there be any potential conflicts or issues when both Suricata and Wazuh are collecting logs from the firewall at the same time on the same instance? Any insights or best practices would be greatly appreciated!

Thanks in advance!

Andreas_Herz · March 11, 2025, 11:50am

Suricata does not pick up logs, it creates log by itself due to the capture of network traffic.

IntruderC64 · March 11, 2025, 12:27pm

I’m sorry, I meant the traffic of firewall forwarded to suricata. Would there be any conflict, deploying suricata in same server as wazuh.

Topic		Replies	Views
Hello Im newbie using Suricata Help centos , windows , rules , suricata	3	259	January 17, 2024
Integrating wazuh and suricata to display logs on wazuh Dashboard Help	1	2305	January 29, 2024
Suricata - multiple sensors Help	8	1047	May 5, 2022
Suricata Subnet Monitoring Issue Help	1	422	June 12, 2021
Suricata traffic to siem Help	7	112	August 21, 2024

Running Suricata and Wazuh on the Same AWS Instance – Log Collection Conflict?

Related topics