Wazuh-Integratord | ossec.conf | var/ossec/etc/local_internal_options.conf
177 views
Skip to first unread message
John Carry
Dec 23, 2022, 12:23:40 AM12/23/22
to Wazuh mailing list
Hello Wazuh Team,
I am planning to make some custom scripts regarding the health check of wazuh manager critical services, could you please confirm what are the purposes/functions of below mentioned services, if possible share any relevant document,.
wazuh-integratord
wazuh-authd
wazuh-db
wazuh-execd
wazuh-analysisd
wazuh-syscheckd
wazuh-remoted
wazuh-logcollector
wazuh-monitored
wazuh-modulesd
wazuh-authd
wazuh-db
wazuh-execd
wazuh-analysisd
wazuh-syscheckd
wazuh-remoted
wazuh-logcollector
wazuh-monitored
wazuh-modulesd
My second query was is it right that ossec.conf file will be over-written during future upgrades, if yes then I think as per document https://documentation.wazuh.com/current/user-manual/reference/internal-options.html?highlight=integratord#syscheck
we should use var/ossec/etc/local_internal_options.conf to make any configuration changes.
But need to make sure making the changes at local_internal_options.conf will have its affect on main ossec.conf file or not? because all over the internet the people are making changes on ossec.conf not local_internal_options.conf.
Your professional advice would be highly appreciated.
Regards,
John Carry
Kevin Ledesma
Dec 23, 2022, 6:06:19 AM12/23/22
to Wazuh mailing list
Hello John!
It looks like you are building something interesting! Well, I'll do my best to help you!
About the services, here is a summary of what each service does:
- wazuh-integratord: Handles the integration with external APIs (Slack, PagerDuty, etc). Blog post
- wazuh-authd: Adds wazuh-agents to the manager and provides them with a key.
- wazuh-db: Stores data related to the agents and events.
- wazuh-execd: Executes active response.
- wazuh-analysisd: Compares the logs to the rules and raises alerts if matches.
- wazuh-syscheckd: Checks changes in the configured files. POC
- wazuh-remoted: Is in charge of the communication with the agent.
- wazuh-logcollector: Check configured logfiles and commands. Log data collection docs
- wazuh-monitord: Monitors agent connectivity.
- wazuh-modulesd: Manage the wazuh modules (database, CIS-CAT, Syscollector, etc).
To get more info you can check the daemons references
In response of your second query, well the local_internal_options and the ossec.conf handles different configurations. local_internal_options.conf is the local (that can't be overwritten) version of the internal_options.conf that stores your internal options (such as logs level). The ossec.conf file is your main local configuration file and wont be overwritten after an upgrade.
Check the docs for internal options and local configuration.
I hope my answer is helpful! Let me know if there is something else I can do for you!
Have a nice day!
Reply all
Reply to author
Forward
0 new messages