Wazuh agent class
- $ossec_active_response
Allows active response on this host.
Default true
- $ossec_rootcheck
Enable rootcheck on this host.
Default true
- $ossec_rootcheck_frequency
Setup rootcheck frequency.
Default 36000
- $ossec_rootcheck_checkports
Enable rootcheck checkports option.
Default true
- $ossec_rootcheck_checkfiles
Enable rootcheck checkfiles option.
Default true
- $ossec_server_ip
Wazuh Manager IP.
- $ossec_server_hostname
Hostname of the server.
- $ossec_server_port
Server port configuration.
Default 1514
- $ossec_scanpaths
Agents can be Linux or Windows. For this reason, don't have ossec_scanpaths by default.
Default []
- $ossec_emailnotification
Whether to send email notifications or not.
Default yes
- $ossec_ignorepaths
Files/Directory list to ignore
Default []
- $ossec_local_files
Files list for log analysis
This files are listed in params.pp in section $default_local_files
- $ossec_syscheck_frequency
Frequency that syscheck is executed default every 12 hours
Default 43200
- $ossec_prefilter
Command used to prevent prelinking from creating false positives.
This option can potentially impact performance negatively. The configured command will be run for each and every file checked.
Default false
- $ossec_service_provider
This option associate Operative System Family
- $ossec_config_profiles
Specify the agent.conf profile(s) to be used by the agent.
Default []
- $selinux
Whether to install a SELinux policy to allow rotation of OSSEC logs.
Default false
- $agent_name
Configure agent host name of the system
Default $::hostname
- $agent_ip_address
Configure agent IPv4 address for the default network interface.
Default $::ipaddress
- $manage_repo
Install Wazuh through Wazuh repositories.
Default true
- $manage_epel_repo
Install epel repo and inotify-tools
Default true
- $agent_package_name
Define package name defined in params.pp
- $agent_package_version
Define package version
Default installed
- $agent_service_name
Define service name defined in params.pps
- $manage_client_keys
Manage client keys option.
Default export
- $agent_auth_password
Define password for agent-auth
Default undef
- $ar_repeated_offenders
A comma separated list of increasing timeouts in minutes for repeat offenders.
There can be a maximum of 5 entries.
Default empty
- $enable_wodle_openscap
Enable openscap configuration in ossec.conf
Default false
- $wodle_openscap_content
Depending linux distribution assign profile xccdf.
- $ossec_conf_template
Path of ossec configuration agent template.
Default wazuh/wazuh_agent.conf.erb
function wazuh::addlog
- $log_name
Configure Wazuh log name
- $agent_log
Path to log file.
Default false
- $logfile
Path to log file.
- $logtype
The OSSEC log_format of the file.
Default syslog