Wazuh Docker utilities
After installing the Wazuh-Docker containers, there are several tasks that you can do to benefit the most from your Wazuh installation.
Access to services and containers
You may access the Wazuh dashboard UI at the Docker host’s IP address, for example,
https://localhost
, if you are in the Docker host.Note
In case you use a self-signed certificate, your browser will warn you that it cannot verify its authenticity.
Agents may be enrolled by following the standard enrollment process and using the Docker host address as the manager address. For more information, see Wazuh agent enrollment.
You can list the containers you have created by executing
docker-compose ps
in the directory that contains thedocker-compose.yml
file:# docker-compose ps
Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ single-node_wazuh.dashboard_1 /entrypoint.sh Up 0.0.0.0:443->443/tcp,:::443->443/tcp single-node_wazuh.indexer_1 /entrypoint.sh opensearchw ... Up 0.0.0.0:9200->9200/tcp,:::9200->9200/tcp single-node_wazuh.manager_1 /init Up 0.0.0.0:1514->1514/tcp,:::1514->1514/tcp, 0.0.0.0:1515->1515/tcp,:::1515->1515/tcp, 1516/tcp, 0.0.0.0:514->514/udp,:::514->514/udp, 0.0.0.0:55000->55000/tcp,:::55000->55000/tcp
You can access the command line of each container by executing
docker-compose exec <service name> /bin/bash
from the directory where thedocker-compose.yml
file is located:# docker-compose exec <container name> /bin/bash
Wazuh service data volumes
Wazuh configuration and log files can be configured to exist outside of their container. This will allow these files to persist after containers are removed and to provision custom configuration files to your containers.
Multiple volumes are required to ensure persistence on a Wazuh container. The following is an example of a docker-compose.yml
with those defined:
services:
wazuh:
. . .
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
volumes:
wazuh_api_configuration:
These volumes can be listed with docker volume ls
:
DRIVER VOLUME NAME local single-node_wazuh_api_configuration
It is recommended that you create these data volumes so that persistent information from the Wazuh service is not lost.
Storage volume for Wazuh indexer and dashboard
Attaching a volume for the storage of Wazuh indexer data is also possible. By default, the single-node and multi-node deployments already have volumes configured. An example of a single-node wazuh indexer volume is shown in the docker-compose.yml
below:
wazuh.indexer: . . . volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer . . . volumes: wazuh-indexer-data