Wazuh agent class


Allows active response on this host.

Default true


Enable rootcheck on this host.

Default true


Setup rootcheck frequency.

Default 36000


Enable rootcheck checkports option.

Default true


Enable rootcheck checkfiles option.

Default true

Wazuh Manager IP.
Hostname of the server.

Server port configuration.

Default 1514


Agents can be Linux or Windows. For this reason, don’t have ossec_scanpaths by default.

Default []


Whether to send email notifications or not.

Default yes


Files/Directory list to ignore

Default []


Files list for log analysis

This files are listed in params.pp in section $default_local_files


Frequency that syscheck is executed default every 12 hours

Default 43200


Command used to prevent prelinking from creating false positives.

This option can potentially impact performance negatively. The configured command will be run for each and every file checked.

Default false

This option associate Operative System Family

Specify the agent.conf profile(s) to be used by the agent.

Default []


Whether to install a SELinux policy to allow rotation of OSSEC logs.

Default false


Configure agent host name of the system

Default $::hostname


Configure agent IPv4 address for the default network interface.

Default $::ipaddress


Install Wazuh through Wazuh repositories.

Default true


Install epel repo and inotify-tools

Default true

Define package name defined in params.pp

Define package version

Default installed

Define service name defined in params.pps

Manage client keys option.

Default export


Define password for agent-auth

Default undef


A comma separated list of increasing timeouts in minutes for repeat offenders.

There can be a maximum of 5 entries.

Default empty


Enable openscap configuration in ossec.conf

Default false

Depending linux distribution assign profile xccdf.

Path of ossec configuration agent template.

Default wazuh/wazuh_agent.conf.erb

function wazuh::addlog

Configure Wazuh log name

Path to log file.

Default false

Path to log file.

The OSSEC log_format of the file.

Default syslog