wazuh-modulesd

The wazuh-modulesd program manages the Wazuh modules described below.

Database wodle

The Wazuh core uses list-based databases to store information related to agent keys, and FIM/Rootcheck event data. This information is highly optimized to be handled by the core.

In order to provide well-structured data that can be accessed by the user or the Wazuh API, new SQLite-based databases have been introduced in the Wazuh manager. The Database Synchronization Module is a user-transparent component that collects the following information from the core:

Agent information: name, address, encryption key, last connection time, operating system, version, and shared configuration hash.

FIM data: creation, modification, and deletion of regular files and Windows registry entries.

Rootcheck detected defects: issue message, first detection date, and last alert time.

Static core settings: maximum permitted agents or SSL being enabled for Authd.

wazuh-modulesd options

-d	Basic debug mode.
-dd	Verbose debug mode.
-f	Run in the foreground.
-h	Display the help message.
-t	Test configuration.