Merge pull request #8763 from wazuh/enhancement/idr266-update-tools-reference

Update the Tools reference section

Author: ayodeko

CHANGELOG.md

@@ -21,6 +21,7 @@ All notable changes to this project will be documented in this file.
 - **Post-release**: Added note about manual replication of `ossec.conf` between master and worker nodes. ([#8720](https://github.com/wazuh/wazuh-documentation/pull/8720))
 - **Post-release**: Added a table describing the possible environment statuses in the cloud service documentation. ([#8407](https://github.com/wazuh/wazuh-documentation/pull/8407))
 - **Post-release**: Added the Wazuh indexer API reference. ([#8756](https://github.com/wazuh/wazuh-documentation/pull/8756))
+- **Post-release**: Added examples of Wazuh tools to the user manual reference. ([#8763](https://github.com/wazuh/wazuh-documentation/pull/8763))
 
 ### Changed
 

source/development/wazuh-logtest.rst

@@ -2,9 +2,6 @@
 
 .. meta::
   :description: The Wazuh-Logtest solution is distributed by different components of the Wazuh environment: core logtest, wazuh RESTful API, and wazuh-logtest tool. 
-  
-.. _dev-wazuh-logtest:
-
 
 Wazuh-Logtest
 =============
@@ -23,18 +20,15 @@ The Wazuh-Logtest solution is distributed by different components of the Wazuh e
 
      Wazuh-Logtest replacement for ossec-logtest tool.
 
+Wazuh API and :doc:`wazuh-logtest tool </user-manual/reference/tools/wazuh-logtest>` connect to the wazuh-analysisd session manager, this acts as a sandbox with the rules engine, allowing to isolate different users with their own rules and decoders.
 
-Wazuh API and :ref:`wazuh-logtest tool <wazuh-logtest>` connect to the wazuh-analysisd session manager, this acts as a
-sandbox with the rules engine, allowing to isolate different users with their own rules and decoders.
 The below show image illustrations how the user logs test flow through the Wazuh environment.
 
 .. thumbnail:: ../images/development/logtest-flow.png
   :title: Wazuh Logtest
   :align: center
   :width: 100%
 
-
-
 Sessions
 --------
 

source/release-notes/release-3-7-0.rst

@@ -134,7 +134,7 @@ The registries generated by the File Integrity Monitoring system are now stored
 Breaking changes
 ^^^^^^^^^^^^^^^^
 
-The old File Integrity Monitoring plain text databases are no longer in use. After the upgrading process, it's necessary to execute the :ref:`migration script <fim_migrate>` in order to preserve the previous FIM entries.
+The old File Integrity Monitoring plain text databases are no longer in use. After the upgrading process, it's necessary to execute the :doc:`migration script </user-manual/reference/tools/fim-migrate>` in order to preserve the previous FIM entries.
 
 Distributed API requests in cluster mode
 ----------------------------------------

source/user-manual/reference/daemons/wazuh-maild.rst

@@ -3,12 +3,10 @@
 .. meta::
   :description: Learn about the wazuh-maild program that sends alerts via email in this section of the documentation.
 
-.. _wazuh-maild:
-
 wazuh-maild
 =============
 
-The wazuh-maild program sends alerts via email.  It is started by :ref:`wazuh-control`.
+The wazuh-maild program sends alerts via email.  It is started by :doc:`../tools/wazuh-control`.
 
 +-----------------+-------------------------------------------------------------------------------------------------+
 | **-c <config>** | Run using <config> as the configuration file.                                                   |

source/user-manual/reference/ossec-conf/rule-test.rst

@@ -15,7 +15,7 @@ rule_test
 		<rule_test>
 		</rule_test>
 
-Here is how to configure the Wazuh-Logtest solution. It allows to test rules and decoders from Wazuh API and :ref:`wazuh-logtest tool <wazuh-logtest>`
+Here is how to configure the Wazuh-Logtest solution. It allows to test rules and decoders from Wazuh API and :doc:`wazuh-logtest tool </user-manual/reference/tools/wazuh-logtest>`
 
 Options
 -------

source/user-manual/reference/tools/agent-auth.rst

@@ -7,8 +7,6 @@
 
 	Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on :ref:`Enrollment section <reference_ossec_client>`.
 
-.. _agent-auth:
-
 agent-auth
 ==========
 
@@ -72,3 +70,22 @@ The ``agent-auth`` program is the client application used along with :ref:`wazuh
 +----------------------------+------------------------------------------------------------------------------------------------------+
 
 .. _`SSL ciphers`: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
+
+Example
+-------
+
+Add agent with agent name ``Ubuntu24`` to Wazuh manager with IP address ``192.168.0.XX``:
+
+.. code-block:: console
+
+   # /var/ossec/bin/agent-auth -A Ubuntu24 -m 192.168.0.XX
+
+.. code-block:: none
+   :class: output
+
+   2025/08/04 10:57:47 agent-auth: INFO: Started (pid: 111205).
+   2025/08/04 10:57:47 agent-auth: INFO: Requesting a key from server: 192.168.0.XX
+   2025/08/04 10:57:47 agent-auth: INFO: No authentication password provided
+   2025/08/04 10:57:47 agent-auth: INFO: Using agent name as: Ubuntu24
+   2025/08/04 10:57:47 agent-auth: INFO: Waiting for server reply
+   2025/08/04 10:57:47 agent-auth: INFO: Valid key received

source/user-manual/reference/tools/agent-control.rst

@@ -3,19 +3,17 @@
 .. meta::
   :description: Learn to query the manager for information about any agent or initiate a syscheck/rootcheck scan on an agent using the agent_control program. 
 
-.. _agent_control:
-
 agent_control
 =============
 
 The agent_control program allows you to query the manager for information about any agent and also allows you to initiate a syscheck/rootcheck scan on an agent the next time it checks in.
 
 With this tool, you can check the status of each available agent, which can be any of the following:
 
-- Active: The agent is correctly connected to the manager.
-- Pending: The agent is waiting for a response from the manager.
-- Disconnected: The agent is not connected to the manager.
-- Never connected: The agent has never connected to the manager.
+-  **Active**: The agent is correctly connected to the manager.
+-  **Pending**: The agent is waiting for a response from the manager.
+-  **Disconnected**: The agent is not connected to the manager.
+-  **Never connected**: The agent has never connected to the manager.
 
 agent_control options
 ---------------------
@@ -59,8 +57,20 @@ agent_control options for Active Response
 
 .. note::
 
-    The active-response identifier for use with the ``-f`` option is composed of the command name followed by the value indicated in the ``timeout`` option (active-response block). If ``timeout_allowed`` (command block) is set to no, or no timeout has been specified, the number next to the command name is 0.
+   The active-response identifier for use with the ``-f`` option is composed of the command name followed by the value indicated in the ``timeout`` option (active-response block). If ``timeout_allowed`` (command block) is set to no, or no timeout has been specified, the number next to the command name is 0.
+
+   You can verify the identifier of an active response with the first column of ``/var/ossec/etc/shared/ar.conf``.
+
+Example
+-------
+
+Restart an agent:
+
+.. code-block:: console
+
+   # /var/ossec/bin/agent_control -R -u 001
 
-    |
+.. code-block:: none
+   :class: output
 
-    You can verify the identifier of an active response with the first column of ``/var/ossec/etc/shared/ar.conf``.
+   Wazuh agent_control: Restarting agent: 001

source/user-manual/reference/tools/agent-upgrade.rst

@@ -2,8 +2,6 @@
 
 .. meta::
   :description: List outdated agents and upgrade them using the agent_upgrade program. Learn more about it in this section of the Wazuh documentation.
-  
-.. _agent_upgrade:
 
 agent_upgrade
 ==============
@@ -46,82 +44,77 @@ The agent_upgrade program allows you to list outdated agents and upgrade them.
 Examples
 ----------
 
-* List outdated agents:
+-  List outdated agents:
 
-.. code-block:: console
+   .. code-block:: console
 
-    # /var/ossec/bin/agent_upgrade -l
+       # /var/ossec/bin/agent_upgrade -l
 
-.. code-block:: none
-    :class: output
+   .. code-block:: none
+      :class: output
 
-    ID    Name                               Version
-    002   VM_Debian9                         Wazuh v3.13.2
-    003   VM_Debian8                         Wazuh v3.13.2
-    009   VM_WinServ2016                     Wazuh v3.10.1
+      ID    Name                               Version
+      002   VM_Debian9                         Wazuh v4.2.0
+      003   VM_Debian8                         Wazuh v4.2.0
+      004   VM_WinServ2016                     Wazuh v4.1.0
 
-    Total outdated agents: 3
+      Total outdated agents: 3
 
+-  Upgrade agent:
 
-* Upgrade agent:
+   .. code-block:: console
 
-.. code-block:: console
+       # /var/ossec/bin/agent_upgrade -a 002
 
-    # /var/ossec/bin/agent_upgrade -a 002
+   .. code-block:: none
+       :class: output
 
-.. code-block:: none
-    :class: output
+       Upgrading...
 
-    Upgrading...
+       Upgraded agents:
+           Agent 002 upgraded: Wazuh v4.2.0 -> |WAZUH_CURRENT|
 
-    Upgraded agents:
-        Agent 002 upgraded: Wazuh v3.13.2 -> |WAZUH_CURRENT|
+-  Upgrade multiple agents:
 
+   .. code-block:: console
 
-* Upgrade multiple agents:
+       # /var/ossec/bin/agent_upgrade -a 003 004
 
-.. code-block:: console
+   .. code-block:: none
+      :class: output
 
-    # /var/ossec/bin/agent_upgrade -a 001 002
+      Upgrading...
 
-.. code-block:: none
-   :class: output
+      Upgraded agents:
+          Agent 003 upgraded: Wazuh v4.2.0 -> |WAZUH_CURRENT|
+          Agent 004 upgraded: Wazuh v4.1.0 -> |WAZUH_CURRENT|
 
-   Upgrading...
+-  Upgrade agent using a custom repository:
 
-   Upgraded agents:
-       Agent 001 upgraded: Wazuh v4.2.0 -> |WAZUH_CURRENT|
-       Agent 002 upgraded: Wazuh v4.0.0 -> |WAZUH_CURRENT|
+   .. code-block:: console
 
+      # /var/ossec/bin/agent_upgrade -a 002 -v v|WAZUH_CURRENT| -r http://mycompany.wpkrepo.com/
 
-* Upgrade agent using a custom repository:
+   .. code-block:: none
+      :class: output
 
-.. code-block:: console
+      Upgrading...
 
-    # /var/ossec/bin/agent_upgrade -a 002 -v v4.0.0 -r http://mycompany.wpkrepo.com/
+      Upgraded agents:
+          Agent 002 upgraded: Wazuh v4.2.0 -> |WAZUH_CURRENT|
 
-.. code-block:: none
-    :class: output
+-  Install custom WPK file:
 
-    Upgrading...
+   .. code-block:: console
 
-    Upgraded agents:
-        Agent 002 upgraded: Wazuh v3.13.2 -> 4.0.0
+      # /var/ossec/bin/agent_upgrade -a 002 -d -f /root/upgrade_openscap_debian.wpk -x install.sh
 
+   .. code-block:: none
+       :class: output
 
-* Install custom WPK file:
-
-.. code-block:: console
-
-    # /var/ossec/bin/agent_upgrade -a 002 -d -f /root/upgrade_openscap_debian.wpk -x install.sh
-
-.. code-block:: none
-    :class: output
-
-    Upgrading...
-
-    Upgraded agents:
-        Agent 002 upgraded: Wazuh v3.13.2 -> 4.0.0
+       Upgrading...
 
+       Upgraded agents:
+           Agent 002 upgraded: Wazuh v4.2.0 -> |WAZUH_CURRENT|
 
 .. note:: When the agent finishes updating, it is automatically restarted to apply the new configuration.

source/user-manual/reference/tools/clear-stats.rst

@@ -3,8 +3,6 @@
 .. meta::
   :description: The Wazuh clear_stats tool clears event stats. Learn more about this feature.
 
-.. _clear_stats:
-
 clear_stats
 ===========
 
@@ -19,3 +17,17 @@ The clear_stats program clears the events stats.
 +--------+------------------------------+
 | **-w** | Clear the weekly averages.   |
 +--------+------------------------------+
+
+Example
+-------
+
+Clear daily averages:
+
+.. code-block:: console
+
+   # /var/ossec/bin/clear_stats -d
+
+.. code-block:: none
+   :class: output
+
+   ** Internal stats clear.

source/user-manual/reference/tools/cluster-control.rst

@@ -2,8 +2,6 @@
 
 .. meta::
   :description: Manage the Wazuh cluster from any manager using the cluster_control program. Learn more about it in this section of the Wazuh documentation.
-  
-.. _cluster_control:
 
 cluster_control
 ===============
@@ -14,26 +12,26 @@ in order to use this tool.
 cluster_control options
 -----------------------
 
-+-----------------------------------------+---------------------------------------------------+
-| Option name                             | Option description                                |
-+=========================================+===================================================+
-| ``-h, --help``                          | Display the help message.                         |
-+-----------------------------------------+---------------------------------------------------+
-| ``-i, --health [more] [-fs]``           | Display the cluster's healthcheck.                |
-+-----------------------------------------+---------------------------------------------------+
-| ``-l, --list-nodes [-fn]``              | Display connected nodes in the cluster.           |
-+-----------------------------------------+---------------------------------------------------+
-| ``-d, --debug``                         | Show debug messages.                              |
-+-----------------------------------------+---------------------------------------------------+
-| ``-a, --list-agents [-fs] [-fn]``       | Display agents in the cluster.                    |
-+-----------------------------------------+---------------------------------------------------+
-| ``-fn, --filter-node [NODE_NAME]``      | Display information of specified node(s) only     |
-+-----------------------------------------+---------------------------------------------------+
-| ``-fs, --filter-agent-status [STATUS]`` | Display agents with the specified status(es) only |
-+-----------------------------------------+---------------------------------------------------+
-
-Examples of use
----------------
++---------------------------------------------+---------------------------------------------------+
+| Option name                                 | Option description                                |
++=============================================+===================================================+
+| ``-h``, ``--help``                          | Display the help message.                         |
++---------------------------------------------+---------------------------------------------------+
+| ``-i``, ``--health [more] [-fs]``           | Display the cluster's healthcheck.                |
++---------------------------------------------+---------------------------------------------------+
+| ``-l``, ``--list-nodes [-fn]``              | Display connected nodes in the cluster.           |
++---------------------------------------------+---------------------------------------------------+
+| ``-d``, ``--debug``                         | Show debug messages.                              |
++---------------------------------------------+---------------------------------------------------+
+| ``-a``, ``--list-agents [-fs] [-fn]``       | Display agents in the cluster.                    |
++---------------------------------------------+---------------------------------------------------+
+| ``-fn``, ``--filter-node [NODE_NAME]``      | Display information of specified node(s) only     |
++---------------------------------------------+---------------------------------------------------+
+| ``-fs``, ``--filter-agent-status [STATUS]`` | Display agents with the specified status(es) only |
++---------------------------------------------+---------------------------------------------------+
+
+Examples
+--------
 
 Get cluster's healthcheck
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^