Skip to content

Development - Separate Agent/Manager - VMs - Update the Wazuh Manager path references to /var/wazuh-manager/ #564

New issue
New issue
Closed
Task
#588
Closed
Development - Separate Agent/Manager - VMs - Update the Wazuh Manager path references to /var/wazuh-manager/#564
Task
#588
Assignees
Enaraque
Labels
level/taskTask issuetype/changeChange performed in a resource or Wazuh Cloud environment
@Enaraque

Description

@Enaraque
Enaraque
opened on Feb 5, 2026

Description

For 5.x, the path where files related to the Wazuh manager are stored will change from /var/ossec/ to /var/wazuh-manager/.

This affects certificate creation and manager configuration, since both processes take these paths into account.
Therefore, the following files need to be modified to ensure that certificates are created in the correct location and that the configuration file is properly edited:

  • This file defines the paths where certificates for each component are located, as well as the configuration file path for each one.

    wazuh-virtual-machines/configurer/core/utils/enums.py

    Lines 4 to 13 in 40c65a9

    class ComponentConfigFile(StrEnum):
    WAZUH_SERVER = "/var/ossec/etc/ossec.conf"
    WAZUH_INDEXER = "/etc/wazuh-indexer/opensearch.yml"
    WAZUH_DASHBOARD = "/etc/wazuh-dashboard/opensearch_dashboards.yml"
    class ComponentCertsDirectory(StrEnum):
    WAZUH_SERVER = "/var/ossec/etc/certs"
    WAZUH_INDEXER = "/etc/wazuh-indexer/certs"
    WAZUH_DASHBOARD = "/etc/wazuh-dashboard/certs"

  • This file is used to modify component files, including the configuration file. The path used for the manager in the referenced lines must be updated.

    wazuh-virtual-machines/configurer/core/static/configuration_mappings.yaml

    Lines 14 to 26 in 40c65a9

    wazuh_manager:
    - path: /var/ossec/etc/ossec.conf
    replace:
    keys:
    - .ossec_config[0].indexer.hosts.host
    - .ossec_config[0].indexer.ssl.certificate_authorities.ca
    - .ossec_config[0].indexer.ssl.certificate
    - .ossec_config[0].indexer.ssl.key
    values:
    - https://127.0.0.1:9200
    - /var/ossec/etc/certs/root-ca.pem
    - /var/ossec/etc/certs/manager.pem
    - /var/ossec/etc/certs/manager-key.pem

On the other hand, this change also affects the AMI post configurer, where manager log files are removed and a variable is defined with the path to the manager log file:

wazuh-virtual-machines/configurer/ami/ami_post_configurer/ami_post_configurer.py

Line 32 in 40c65a9

wazuh_manager_log_path: Path = Path("/var/ossec/logs")

Depend on

  • config.yml update
  • manager package with the new paths ready to be used

Tasks

  • Once the changes are applied, verify that the AMI is functional with an AIO without an agent.
  • Cover the new scenarios with the required tests.

Metadata

Metadata

Assignees

Labels

level/taskTask issuetype/changeChange performed in a resource or Wazuh Cloud environment

Type

Task

Projects

XDR+SIEM/Release 5.0.0

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions