Wazuh Docker utilities

After deploying Wazuh with Docker, you can perform several tasks to manage your installation. Wazuh components are deployed as separate containers built from their corresponding Docker image. You can access these containers using the service names defined in your docker-compose.yml file, which are specific to your deployment type.

Access to services and containers

This section explains how to interact with your Wazuh deployment by accessing service logs and shell instances of running containers.

Access the Wazuh dashboard using the Docker host IP address.
Enroll Wazuh agents through the Wazuh agent Docker deployment or the standard Wazuh agent enrollment process. Use the Docker host address as the Wazuh manager address.

List the containers in the directory where the Wazuh docker-compose.yml file is located:

# docker compose ps

NAME                            IMAGE                                          COMMAND                  SERVICE           CREATED          STATUS                          PORTS
single-node-wazuh.dashboard-1   wazuh/wazuh-dashboard:5.0.0-beta2-latest   "/entrypoint.sh"         wazuh.dashboard   58 minutes ago   Restarting (1) 55 seconds ago
single-node-wazuh.indexer-1     wazuh/wazuh-indexer:5.0.0-beta2-latest     "/entrypoint.sh open…"   wazuh.indexer     58 minutes ago   Up 3 seconds                    0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp
single-node-wazuh.manager-1     wazuh/wazuh-manager:5.0.0-beta2-latest     "/init"                  wazuh.manager     58 minutes ago   Up 58 minutes                   0.0.0.0:1514-1515->1514-1515/tcp, [::]:1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, [::]:514->514/udp, 0.0.0.0:55000->55000/tcp, [::]:55000->55000/tcp, 1516/tcp

Run the command below from the directory where the docker-compose.yml file is located to open a shell inside the container:
```
# docker compose exec <SERVICE> bash
```
Replace <SERVICE> with the name of the service you want to access. A bash shell allows you to interact directly with the container's operating system to run commands, inspect configurations, and troubleshoot issues.

When you are done using the shell, exit it to return to your normal terminal:
```
bash-5.2# exit
```

Wazuh service data volumes

You can configure Wazuh to store its configuration and log files outside its containers on the host system. This allows the files to persist after containers are removed, and you can provision configuration files to your containers.

Listing existing volumes

Run the following to see the persistent volumes on your Docker host:

# docker volume ls

DRIVER    VOLUME NAME
local     single-node_wazuh-dashboard-config
local     single-node_wazuh-dashboard-custom
local     single-node_wazuh-indexer-data
local     single-node_wazuh_api_configuration
local     single-node_wazuh_etc
local     single-node_wazuh_logs
local     single-node_wazuh_queue
local     single-node_wazuh_var_multigroups

You can also view these volumes directly in the volumes section of the docker-compose.yml file.

Adding a custom volume

You need multiple volumes to ensure persistence on the Wazuh manager, Wazuh indexer, and Wazuh dashboard containers. Investigate the volumes section in your docker-compose.yml file and modify it to include your custom volumes:

services:
  wazuh.manager:
    . . .
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
    . . .
volumes:
  wazuh_api_configuration:

Custom commands and scripts

Run the command below to execute commands inside the containers. We use the Wazuh manager single-node-wazuh.manager container in this example:

# docker exec -it single-node-wazuh.manager bash

Every change made to this shell persists due to the data volumes.

Note

The actions you can perform inside the containers are limited.