Wazuh Log encryption
21 views
Skip to first unread message
Max
May 11, 2026, 7:01:44 AM (6 days ago) May 11
to Wazuh | Mailing List
Hi everyone,
As the title suggests but does Wazuh encrypt their logs and indexes at rest?
As the title suggests but does Wazuh encrypt their logs and indexes at rest?
Md. Nazmur Sakib
May 11, 2026, 9:16:24 AM (6 days ago) May 11
to Wazuh | Mailing List
Hello,
Wazuh secures log data primarily by encrypting communication using Blowfish or AES encryption for communication between the agent and the manager.
AES encryption is the default encryption; Blowfish is maintained for backward compatibility, as prior to version 3.5 this was the only option.
This can be selected on the agent's ossec.conf file, for more information, you can see this page of the documentation:
https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#crypto-method
Next, for indexing the logs. Wazuh keeps the logs in shards, which are optimized binary file formats, divided into multiple immutable segments written using Apache Lucene. You can find those encrypted files in this path.
/var/lib/wazuh-indexer/nodes/0/
Let me know if you need any further information.
Reply all
Reply to author
Forward
0 new messages