You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -68,6 +68,8 @@ All notable changes to this project will be documented in this file.
68
68
-**Post-release**: Updated the vulnerability detection capability section. ([#8693](https://github.com/wazuh/wazuh-documentation/pull/8693))
69
69
-**Post-release**: Changed the warning note on using the `$` and `&` characters when changing passwords in Docker deployments. ([#8694](https://github.com/wazuh/wazuh-documentation/pull/8694))
70
70
-**Post-release**: Changed Windows commands in the backup guide to PowerShell. ([#8761](https://github.com/wazuh/wazuh-documentation/pull/8761))
-**Post-release**: Updated the *Deployment on Docker* documentation. ([#8793](https://github.com/wazuh/wazuh-documentation/pull/8793))
71
73
72
74
### Fixed
73
75
@@ -80,6 +82,10 @@ All notable changes to this project will be documented in this file.
80
82
-**Post-release**: Fixed incorrect URL and filepaths in the YARA download steps of the *Leveraging LLMs for Alert Enrichment* PoC. ([#8686](https://github.com/wazuh/wazuh-documentation/pull/8686))
81
83
-**Post-release**: Corrected inaccurate references to the Wazuh Syscollector module. ([#8713](https://github.com/wazuh/wazuh-documentation/pull/8713))
82
84
85
+
### Removed
86
+
87
+
-**Post-release**: Removed `us-gov-*` AWS regions references. ([#8791](https://github.com/wazuh/wazuh-documentation/pull/8791))
Copy file name to clipboardExpand all lines: source/cloud-security/amazon/services/prerequisites/considerations.rst
+5-13Lines changed: 5 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ If the S3 bucket contains a long history of logs and its directory structure is
23
23
24
24
- ``only_logs_after``: Allows filtering logs produced after a given date. The date format must be ``YYYY-MMM-DD``. For example, ``2018-AUG-21`` would filter logs generated on or after the 21st of August 2018.
25
25
- ``aws_account_id``: This option will only work on CloudTrail, VPC, and Config buckets. If you have logs from multiple accounts, you can filter which ones will be read by Wazuh. You can specify multiple IDs separating them by commas.
26
-
- ``regions``: This option will only work on CloudTrail, VPC, Config buckets, and Inspector service. If you have logs from multiple regions, you can filter which ones will be read by Wazuh. You can specify multiple regions separating them by commas. It is mandatory to specify the region when configuring an S3 bucket from an AWS GovCloud region (available GovCloud regions are ``us-gov-east-1`` and ``us-gov-west-1``).
26
+
- ``regions``: Works only with CloudTrail, VPC, Config buckets, and Inspector service. Use it to filter which regions Wazuh reads when you have logs from multiple regions. Separate multiple regions with commas.
27
27
- ``path``: If your logs are stored in a given path in an S3 bucket, this option can be specified. For example, to read logs stored in the directory ``vpclogs/``, it is necessary to specify the path ``vpclogs`` in the Wazuh module for AWS configuration. It can also be specified with ``/`` or ``\``.
28
28
- ``aws_organization_id``: This option will only work on CloudTrail buckets. If you have configured an organization, you need to specify the name of the AWS organization by using this parameter.
29
29
@@ -245,20 +245,12 @@ Below is an example of different AWS services configuration:
245
245
<aws_profile>default</aws_profile>
246
246
</bucket>
247
247
248
-
<!-- CloudTrail, 'gov1' profile, and 'us-gov-east-1' GovCloud region -->
248
+
<!-- CloudTrail, 'dev' profile, and 'us-east-1' region -->
249
249
<buckettype="cloudtrail">
250
250
<name><WAZUH_AWS_BUCKET></name>
251
-
<path>cloudtrail-govcloud</path>
252
-
<regions>us-gov-east-1</regions>
253
-
<aws_profile>gov1</aws_profile>
254
-
</bucket>
255
-
256
-
<!-- CloudTrail, 'gov2' profile, and 'us-gov-west-1' GovCloud region -->
:description:Check the tasks that help you benefit the most from the installation of Wazuh after the installation of the Wazuh-Docker.
4
+
:description:Perform several tasks to manage and customize your installation after deploying Wazuh with Docker.
5
5
6
6
Wazuh Docker utilities
7
7
======================
8
8
9
-
After installing the Wazuh Docker containers, there are several tasks you can do to benefit the most from your Wazuh installation.
10
-
11
-
The Wazuh components are deployed as separate containers, each built from its corresponding Docker image. Access each container using the service names defined in the ``docker-compose.yml`` file specific to your deployment type.
9
+
After deploying Wazuh with Docker, you can perform several tasks to manage and customize your installation. Wazuh components are deployed as separate containers built from their corresponding Docker image. You can access these containers using the service names defined in your ``docker-compose.yml`` file, which are specific to your deployment type.
12
10
13
11
Access to services and containers
14
12
---------------------------------
15
13
16
14
This section explains how to interact with your Wazuh deployment by accessing service logs and shell instances of running containers.
17
15
18
-
#. Access the Wazuh dashboard using the Docker host IP address. For example, ``https://localhost``, if you are on the Docker host.
19
-
20
-
.. note::
21
-
22
-
If you use a self-signed certificate, your browser will warn you that it cannot verify its authenticity.
23
-
24
-
#. Enroll agents through the :ref:`Wazuh agent Docker deployment <agent_docker>` or the standard :doc:`Wazuh agent enrollment </user-manual/agent/agent-enrollment/index>` process. When enrolling, use the Docker host address as the Wazuh manager address.
25
-
16
+
#. Access the Wazuh dashboard using the Docker host IP address.
17
+
#. Enroll agents through the standard :doc:`Wazuh agent enrollment </user-manual/agent/agent-enrollment/index>` process. Use the Docker host address as the Wazuh manager address.
26
18
#. List the containers in the directory where the Wazuh ``docker-compose.yml`` file is located:
27
19
28
20
.. code-block:: console
@@ -37,43 +29,112 @@ This section explains how to interact with your Wazuh deployment by accessing se
#. Run the command below from the directory where the ``docker-compose.yml`` file is located to access the command line of each container:
32
+
#. Run the command below from the directory where the ``docker-compose.yml`` file is located to open a shell inside the container:
41
33
42
34
.. code-block:: console
43
35
44
36
# docker-compose exec <SERVICE> bash
45
37
38
+
Tuning Wazuh services
39
+
---------------------
40
+
41
+
You can tune the Wazuh indexer and Wazuh dashboard by replacing their default configuration with custom parameters. This allows you to adjust performance settings, change the dashboard interface, or override default options.
42
+
43
+
Tuning the Wazuh indexer
44
+
^^^^^^^^^^^^^^^^^^^^^^^^
45
+
46
+
The Wazuh indexer uses a default internal configuration that is not exposed by default. Follow the steps below to override the default configuration:
Replace ``<new_wazuh_indexer>`` with your new service name.
55
+
56
+
#. Map your configuration file inside the container in the ``docker-compose.yml`` file. Update the Wazuh indexer container declaration to:
57
+
58
+
.. code-block:: yaml
59
+
:emphasize-lines: 4,5,7
60
+
61
+
<new_wazuh_indexer>:
62
+
image: wazuh/wazuh-indexer:latest
63
+
ports:
64
+
- "9200:9200"
65
+
- "9300:9300"
66
+
environment:
67
+
ES_JAVA_OPTS: "-Xms6g -Xmx6g"
68
+
networks:
69
+
- docker_wazuh
70
+
71
+
Tuning the Wazuh dashboard
72
+
^^^^^^^^^^^^^^^^^^^^^^^^^^
73
+
74
+
The Wazuh dashboard reads its configuration from ``config/wazuh_dashboard/opensearch_dashboards.yml``. Edit this file to customize the Wazuh dashboard with your desired settings. After making changes, restart the Wazuh Docker container for the updates to take effect.
75
+
76
+
Refer to the OpenSearch documentation on `Modifying the YAML files <https://docs.opensearch.org/latest/security/configuration/yaml/>`__ for details about the available variables you can override in this configuration.
77
+
46
78
Wazuh service data volumes
47
79
--------------------------
48
80
49
81
You can set Wazuh configuration and log files to exist outside their containers. This allows the files to persist after containers are removed, and you can provision custom configuration files to your containers.
50
82
51
-
You need multiple volumes to ensure persistence on a Wazuh container. The following is an example of a ``docker-compose.yml`` with persistent volumes:
83
+
Adding a persistent volume
84
+
^^^^^^^^^^^^^^^^^^^^^^^^^^
52
85
53
-
.. code-block:: yaml
54
-
:emphasize-lines: 4-5,7-8
86
+
You need multiple volumes to ensure persistence on a Wazuh container. Here’s an example of defining a persistent volume in your ``docker-compose.yml`` file:
You can list persistent volumes with ``docker volume ls``:
100
+
Listing existing volumes
101
+
^^^^^^^^^^^^^^^^^^^^^^^^
102
+
103
+
Run the following to see the persistent volumes on your Docker host:
104
+
105
+
.. code-block:: console
106
+
107
+
# docker volume ls
66
108
67
109
.. code-block:: none
68
110
:class: output
69
111
70
-
DRIVER VOLUME NAME
71
-
local single-node_wazuh_api_configuration
112
+
DRIVER VOLUME NAME
113
+
local single-node_wazuh_api_configuration
114
+
115
+
Wazuh indexer volumes
116
+
^^^^^^^^^^^^^^^^^^^^^
117
+
118
+
By default, single‑node and multi‑node deployments include preconfigured volumes for the Wazuh indexer.
119
+
120
+
For example, in a multi-node deployment, the ``wazuh1.indexer`` service uses the following volume (as defined in ``wazuh-docker/multi-node/docker-compose.yml``):
121
+
122
+
.. code-block:: yaml
123
+
:emphasize-lines: 4
124
+
125
+
wazuh1.indexer:
126
+
...
127
+
volumes:
128
+
- wazuh-indexer-data-1:/var/lib/wazuh-indexer
129
+
130
+
This ensures that Wazuh indexer data remains available even if the container is restarted or rebuilt.
72
131
73
132
Storage volume for Wazuh indexer and dashboard
74
133
----------------------------------------------
75
134
76
-
Attaching a volume for the storage of Wazuh indexer data is also possible. By default, the single-node and multi-node deployments already have volumes configured. An example of a single-node wazuh indexer volume is shown in the ``docker-compose.yml`` below:
135
+
You can also attach volumes to store Wazuh indexer data. By default, single‑node and multi‑node Docker deployments include preconfigured volumes.
136
+
137
+
The example below shows a single-node Wazuh indexer volume in the ``docker-compose.yml`` file:
77
138
78
139
.. code-block:: yaml
79
140
@@ -87,17 +148,16 @@ Attaching a volume for the storage of Wazuh indexer data is also possible. By de
87
148
volumes:
88
149
wazuh-indexer-data
89
150
90
-
91
151
Custom commands and scripts
92
152
---------------------------
93
153
94
-
To execute commands in the Wazuh manager container, you can execute a shell:
154
+
Run the command below to execute commands inside the containers. We use the Wazuh manager ``single-node-wazuh.manager-1`` container in this example:
#. After saving the changes in the configuration files, restart the environment:
188
+
#. Restart the stack:
130
189
131
190
.. code-block:: console
132
191
133
192
# docker-compose up -d
134
193
135
-
These files are mounted into the container at runtime (``/wazuh-config-mount/etc/ossec.conf``), ensuring your changes take effect when the containers start.
194
+
These files are mounted into the container at runtime (``/wazuh-config-mount/etc/ossec.``), ensuring your changes take effect when the containers start.
0 commit comments