Internal configuration

The main configuration is located in the ossec.conf file, however some internal configuration features are located in the /var/ossec/etc/internal_options.conf file.

Generally, this file is reserved for debugging issues and for troubleshooting. Any error in this file may cause your installation to malfunction or fail to run.

Warning

This file will be overwritten during upgrades. In order to maintain custom changes, you must use the /var/ossec/etc/local_internal_options.conf file.

Agent

agent.tolerance

Description

Number of seconds the agent is full before triggering a flooding alert.

Default value

15

Allowed value

Any integer between 0 and 600.

agent.warn_level

Description

Percentage of occupied capacity in agent buffer to trigger a warning alert.

Default value

90

Allowed value

Any integer between 1 and 100.

agent.normal_level

Description

Percentage of occupied capacity in agent buffer to return to normal state.

Default value

70

Allowed value

Any integer between 0 and agent.warn_level - 1.

agent.min_eps

Description

Minimum events per second permitted in <client_buffer> configuration.

Default value

50

Allowed value

Any integer between 1 and 1000.

agent.recv_timeout

Description

Maximum number of seconds to wait for server response from the TCP client socket.

Default value

60

Allowed value

Any integer between 1 and 600.

agent.state_interval

Description

The interval between the updates of the agent status file in seconds.

Default value

5

Allowed values

0: Disable status file

Any other integer between 1 and 86400

agent.debug

Description

Run the Unix agent processes in debug mode.

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.

agent.remote_conf

Description

Apply or refuse remote configuration.

Default value

1

Allowed value

0: Remote configuration is disabled.

1: Remote configuration is enabled.

Analysisd

analysisd.default_timeframe

Description

Default rule time-frame.

Default value

360

Allowed value

Any integer between 60 and 360.

analysisd.stats_maxdiff

Description

Stats maximum diff.

Default value

999000

Allowed value

Any integer between 10 and 999999.

analysisd.stats_mindiff

Description

Stats minimum diff.

Default value

1250

Allowed value

Any integer between 10 and 999999.

analysisd.stats_percent_diff

Description

Stats percentage (how much to differ from average).

Default value

150

Allowed value

Any integer between 5 and 9999.

analysisd.fts_list_size

Description

FTS list size.

Default value

32

Allowed value

Any integer between 12 and 512.

analysisd.fts_min_size_for_str

Description

FTS minimum string size.

Default value

14

Allowed value

Any integer between 6 and 128.

analysisd.log_fw

Description

Toggles firewall log on and off (at logs/firewall/firewall.log).

Default value

1

Allowed value

0, 1

analysisd.decoder_order_size

Description

Maximum number of fields in a decoder (order tag).

Default value

256

Allowed value

Any integer between 32 and 1024.

analysisd.geoip_jsonout

Description

Toggle to turn on or off the output of GeoIP data in JSON alerts.

Default value

0

Allowed value

0, 1

analysisd.label_cache_maxage

Description

Number of in seconds without reloading labels in cache from agents.

Default value

10

Allowed value

Any integer between 0 and 60.

analysisd.show_hidden_labels

Description

Make hidden labels visible in alerts.

Default value

0

Allowed value

0, 1

analysisd.rlimit_nofile

Description

Maximum number of file descriptors that Analysisd can open.

Default value

458752

Allowed value

Any integer between 1024 and 1048576.

analysisd.debug

Description

Debug level (manager installations).

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.

analysisd.min_rotate_interval

Description

Minimum interval between log rotations.

Supersedes max_output_size option.

Default value

600

Allowed value

Any integer between 10 and 86400.

analysisd.event_threads

Description

Number of event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.syscheck_threads

Description

Number of syscheck event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.syscollector_threads

Description

Number of Syscollector event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.rootcheck_threads

Description

Number of Rootcheck event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.sca_threads

Description

Number of SCA event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.hostinfo_threads

Description

Number of hostinfo event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.rule_matching_threads

Description

Number of rule matching threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.dbsync_threads

Description

Number of database synchronization dispatcher threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.winevt_threads

Description

Number of Windows event decoder threads.

Default value

0

Allowed value

0: Sets the number of threads according to the number of CPU cores.

Any integer between 0 and 32.

analysisd.decode_event_queue_size

Description

Sets the decode event queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_syscheck_queue_size

Description

Sets the decode Syscheck queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_syscollector_queue_size

Description

Sets the decode Syscollector queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_rootcheck_queue_size

Description

Sets the decode Rootcheck queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_sca_queue_size

Description

Sets the decode SCA queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_hostinfo_queue_size

Description

Sets the decode hostinfo queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_output_queue_size

Description

Sets the decode output queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.decode_winevt_queue_size

Description

Sets the Windows event decode queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.archives_queue_size

Description

Sets the archives log queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.statistical_queue_size

Description

Sets the statistical log queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.alerts_queue_size

Description

Sets the alerts log queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.firewall_queue_size

Description

Sets the firewall log queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.fts_queue_size

Description

Sets the fts log queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.dbsync_queue_size

Description

Sets the database synchronization message queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.upgrade_queue_size

Description

Sets the upgrade message queue size.

Default value

16384

Allowed value

Any integer between 128 and 2000000.

analysisd.state_interval

Description

Sets the Analysisd interval for updating the state file in seconds.

Default value

5

Allowed value

Any integer between 0 and 86400.

Authd

authd.debug

Description

Debug level.

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

auth.timeout_seconds

Description

Network timeout to automatically close connections (second part).

Default value

1

Allowed value

Any integer between 1 and 2147483647.

auth.timeout_microseconds

Description

Network timeout to automatically close connections (microsecond part).

Default value

0

Allowed value

Any integer between 0 and 999999.

DBD

dbd.reconnect_attempts

Description

Number of times wazuh-dbd will attempt to reconnect to the database.

Default value

10

Allowed value

Any integer between 1 and 9999.

Execd

execd.request_timeout

Description

Timeout in seconds to execute remote requests.

Default Value

60

Allowed Value

Any integer between 1 and 3600.

execd.max_restart_lock

Description

Maximum timeout that the agent cannot restart while updating.

Default Value

600

Allowed Value

Any integer between 0 and 3600.

execd.debug

Description

Debug level

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

Integrator

integrator.debug

Description

Debug level.

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

Logcollector

logcollector.loop_timeout

Description

File polling interval.

Default value

2

Allowed value

Any integer between 1 and 120

logcollector.open_attempts

Description

Number of attempts to open a log file. The value 0 means that the number of attempts is infinite.

Default value

8

Allowed value

Any integer between 0 and 998

logcollector.remote_commands

Description

Toggles Logcollector to accept remote commands from the manager or not.

Default value

0

Allowed value

0: Disable remote commands

1: Enable remote commands

logcollector.vcheck_files

Description

File checking interval, in seconds.

Default value

64

Allowed value

Any integer between 0 and 1024

logcollector.max_lines

Description

Maximum number of logs read from the same file in each iteration.

Default value

10000

Allowed value

Any integer between 100 and 100000

logcollector.sample_log_length

Description

Sample log length limit for errors about large input logs.

Default value

64

Allowed value

Any integer between 1 and 4096

logcollector.debug

Description

Debug level (used in manager or Unix agent installations)

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

logcollector.input_threads

Description

Number of input threads reading files

Default value

4

Allowed value

Any integer between 1 and 128

logcollector.queue_size

Description

Queue size for each type of socket

Default value

1024

Allowed value

Any integer between 128 and 220000

logcollector.max_files

Description

Maximum number of files to be monitored

Default value

1000

Allowed value

Any integer between 1 and 100000

logcollector.sock_fail_time

Description

Time to reattempt a socket connection after a failure, in seconds.

Default value

300

Allowed value

Any integer between 1 and 3600

logcollector.rlimit_nofile

Description

Maximum number of file descriptors that Logcollector can open.

This value must be greater than or equal to (logcollector.max_files + 100).

Default value

1100

Allowed value

Any integer between 1024 and 1048576.

logcollector.force_reload

Description

Force file handler reloading: close and reopen monitored files.

Default value

0

Allowed value

0: Disabled

1: Enabled

logcollector.reload_interval

Description

File reloading interval, in seconds.

This parameter only applies if logcollector.force_reload is set to 1.

Default value

64

Allowed value

Any integer between 1 and 86400.

logcollector.reload_delay

Description

File reloading delay (between close and open), in milliseconds.

This parameter only applies if logcollector.force_reload is set to 1.

Default value

1000

Allowed value

Any integer between 0 and 30000.

logcollector.exclude_files_interval

Description

Excluded files refresh interval, in seconds

Default value

86400

Allowed value

Any integer between 1 and 172800

logcollector.state_interval

Description

Statistics generation interval, in seconds

Default value

60

Allowed values

0: Disable statistics file generation. Statistics information will continue to be available through the API

Any other integer between 1 and 3600.

logcollector.ip_update_interval

Description

IP update interval, in seconds. This specifies how often the system IP is obtained when the out_format option is used.

Default value

60

Allowed values

0: Disable. Host IP address collection is disabled. The agent doesn't periodically obtain the system IP address.

Any other integer between 1 and 3600.

Warning: Systems with extensive routing tables can suffer from high CPU usage.

Maild

maild.strict_checking

Description

Toggle to enable or disable strict checking.

Default value

1

Allowed value

0, 1

maild.grouping

Description

Toggle to enable or disable grouping of alerts into a single email.

Default value

1

Allowed value

0, 1

maild.full_subject

Description

Toggle to enable or disable full subject in alert emails.

Default value

0

Allowed value

0, 1

maild.geoip

Description

Toggle to enable or disable GeoIP data in alert emails.

Default value

1

Allowed value

0, 1

Monitord

monitord.day_wait

Description

Number of seconds to wait before compressing or signing the files.

Default value

10

Allowed value

Any integer between 0 and 600.

monitord.compress

Description

Toggle to enable or disable log file compression.

Default value

1

Allowed value

0, 1

monitord.sign

Description

Toggle to enable or disable signing the log files.

Default value

1

Allowed value

0, 1

monitord.monitor_agents

Description

Toggle to enable or disable monitoring of agents.

Default value

1

Allowed value

0, 1

monitord.rotate_log

Description

Toggle to enable or disable daily rotation of internal logs.

Default value

1

Allowed value

0, 1

monitord.keep_log_days

Description

Number of days to keep rotated internal logs.

Default value

31

Allowed value

Any integer between 0 and 500.

monitord.size_rotate

Description

Maximum size in Megabytes of internal logs to trigger rotation.

Default value

512

Allowed value

Any integer between 0 and 4096.

monitord.daily_rotations

Description

Maximum number of rotations per day for internal logs.

Default value

12

Allowed value

Any integer between 1 and 256.

monitord.debug

Description

Debug level

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

monitord.delete_old_agents

Description

Number of minutes before deleting an old disconnected agent.

This is a time-lapse after the agent is considered as disconnected because of the disconnection time.

Default value

0

Allowed value

Any integer between 0 and 9600.

Remoted

remoted.recv_counter_flush

Description

Flush rate for the receive counter.

Default value

128

Allowed value

Any integer between 10 and 999999.

remoted.comp_average_printout

Description

Compression averages printout.

Default value

19999

Allowed value

Any integer between 10 and 999999.

remoted.verify_msg_id

Description

Toggle to enable or disable verification of msg id. This setting doesn't work with multiple threads (worker_pool > 1).

Default value

0

Allowed value

0, 1

remoted.pass_empty_keyfile

Description

Toggle to enable or disable acceptance of empty client.keys.

Default value

1

Allowed value

0, 1

remoted.sender_pool

Description

Number of parallel threads to send the shared file.

Default Value

8

Allowed Value

Any integer between 1 and 64.

remoted.request_pool

Description

Limit of parallel threads to dispatch requests.

Default Value

1024

Allowed Value

Any integer between 1 and 4096.

remoted.request_timeout

Description

Time (in seconds) the remote request listener rejects a new request.

Default Value

10

Allowed Value

Any integer between 1 and 600.

remoted.response_timeout

Description

Time (in seconds) the remote request listener rejects a request response.

Default Value

60

Allowed Value

Any integer between 1 and 3600.

remoted.request_rto_sec

Description

Re-transmission timeout in seconds for UDP.

Default Value

1

Allowed Value

Any integer between 0 and 60.

remoted.request_rto_msec

Description

Re-transmission timeout in milliseconds for UDP.

Default Value

0

Allowed Value

Any integer between 0 and 999.

remoted.max_attempts

Description

Maximum number of sending attempts.

Default Value

4

Allowed Value

Any integer between 1 and 16.

remoted.merge_shared

Description

Merge shared configuration to be broadcast to agents.

Default Value

1 (Enabled)

Allowed Value

1 (Enabled), 0 (Disabled)

remoted.disk_storage

Description

Store the temporary shared configuration file on disk.

Default Value

0 (No, store in memory)

Allowed Value

1 (Yes, store on disk), 0 (No, store in memory)

remoted.shared_reload

Description

Number of seconds between reloading of shared files.

Default Value

10

Allowed Value

Any integer between 1 and 18000.

remoted.rlimit_nofile

Description

Maximum number of file descriptors that Remoted can open.

Default value

16384

Allowed value

Any integer between 1024 and 1048576.

remoted.recv_timeout

Description

Maximum number of seconds to wait for client response in TCP.

Default value

1

Allowed value

Any integer between 1 and 60.

remoted.debug

Description

Debug level (manager installation)

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.

remoted.keyupdate_interval

Description

Keys file reloading latency (seconds)

Default value

10

Allowed value

Any integer between 1 and 3600

remoted.worker_pool

Description

Number of threads that process the payload reception

Default value

4

Allowed value

Any integer between 1 and 16

remoted.state_interval

Description

Interval between the updates of the status file in seconds.

Default value

5

Allowed values

0: Disable status file

Any other integer between 1 and 86400

remoted.guess_agent_group

Description

Toggle to enable or disable the guessing of the group to which the agent belongs when registering it again.

Note

Since version 4.4.0, in a cluster architecture, this setting only applies to the master node.

Default value

0

Allowed values

0, 1

remoted.receive_chunk

Description

Reception buffer size for TCP (bytes).
Amount of data that Remoted can receive per operation.

Default value

4096

Allowed value

Any other integer between 1024 and 16384.
Powers of two are suggested.

remoted.send_chunk

Description

Send buffer size for TCP (bytes).
Amount of data that Remoted can send per operation.

Default value

4096

Allowed value

Any other integer between 512 and 16384.
Powers of two are suggested.

remoted.send_buffer_size

Description

Send queue size for TCP (bytes).
Amount of data that Remoted can queue to send
(one queue per agent).

Default value

131072

Allowed value

Any other integer between 65536 and 1048576.
Powers of two are suggested.

remoted.send_timeout_to_retry

Description

Maximum number of seconds to wait before retrying to
queue a packet to send in TCP.

Default value

1

Allowed value

Any integer between 1 and 60.

remoted.buffer_relax

Description

Method for memory deallocation after accepting input data.
This option applies in TCP mode only.

Default value

1

Allowed values

0: Keep the memory for each TCP session.

1: Shrink memory back to receive_chunk.

2: Fully deallocate memory after usage.

remoted.tcp_keepidle

Description

Time (in seconds) the connection needs to remain idle
before TCP starts sending keepalive probes.

Default value

30

Allowed value

Any integer between 1 and 7200.

remoted.tcp_keepintvl

Description

The time (in seconds) between individual keepalive probes.

Default value

10

Allowed value

Any integer between 1 and 100.

remoted.tcp_keepcnt

Description

Maximum number of keepalive probes TCP should send before
dropping the connection.

Default value

3

Allowed value

Any integer between 1 and 50.

Syscheck

syscheck.rt_delay

Description

Time in milliseconds for delay between alerts in real-time.

Default value

10

Allowed value

Any integer between 1 and 1000

syscheck.max_fd_win_rt

Description

Maximum numbers of directories can be configured in ossec.conf for Windows in realtime and whodata mode.

Default value

256

Allowed value

Any integer between 1 and 1024

syscheck.max_audit_entries

Description

Maximum number of directories monitored for who-data on Linux.

Default value

256

Allowed value

Any integer between 1 and 4096

syscheck.default_max_depth

Description

Maximum level of recursion allowed while reading directories.

Default value

256

Allowed value

Any integer between 1 and 320

syscheck.symlink_scan_interval

Description

Check interval of the symbolic links configured in the directories section.

Default value

600

Allowed value

Any integer between 1 and 2592000

syscheck.file_max_size

Description

Maximum file size for calculating integrity hashes (in mebibytes).

Default value

1024

Allowed value

0: Unlimited

Any integer between 0 and 4095

syscheck.debug

Description

Debug level (used in manager and Unix agent installations).

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

Rootcheck

rootcheck.sleep

Description

Number of milliseconds to sleep after reading one PID or suspicious port.

Default value

50

Allowed values

Any integer between 0 and 1000.

Security Configuration Assessment

sca.request_db_interval

Description

In case of integrity fail, this is the maximum interval (minutes) to resend the scan information to the manager.

Default value

5

Allowed values

Any integer between 1 and 60.

sca.remote_commands

Description

Enable the execution of commands in policy files received from the manager (Files in etc/shared).

Default value

0

Allowed values

1 (enabled) or 0 (disabled).

sca.commands_timeout

Description

Timeout for the commands execution.

Default value

30 (seconds)

Allowed values

Any integer between 1 and 300.

Vulnerability Detection

vulnerability-detection.translation_lru_size

Description

LRU cache size assigned for package translation process (in number of elements).

Default value

2048

Allowed values

Any integer between 1 and 100000

vulnerability-detection.osdata_lru_size

Description

LRU cache size assigned for agents' OS data (in number of elements).

Default value

1000

Allowed values

Any integer between 1 and 100000

vulnerability-detection.remediation_lru_size

Description

LRU cache size assigned for vulnerability remediation (in number of elements).

Default value

2048

Allowed values

Any integer between 1 and 100000

Wazuh

wazuh.thread_stack_size

Description

Stack size assigned for child threads created in Wazuh (in KiB).

Default value

8192

Allowed values

Any integer between 2048 and 65536

Wazuh Clusterd

wazuh_clusterd.debug

Description

Debug level.

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.

Wazuh Database

The Wazuh Database Synchronization Module starts automatically on the server and local profiles and requires no configuration, however, some optional settings are available.

The module uses inotify from Linux to monitor changes to every log file in real-time. Databases will be updated as soon as possible when a change is detected. If inotify is not supported, (for example, on operating systems other than Linux) every log file will be scanned continuously, looking for changes, with a default delay of one minute between scans.

How to disable the module

To disable the Wazuh Database Synchronization Module, the sync directives must be set to 0 in the etc/local_internal_options.conf file as shown below:

wazuh_database.sync_agents=0

Once these settings have been adjusted, the file must be saved followed by a restart of Wazuh. With the above settings, the Database Synchronization Module will not be loaded when Wazuh starts.

wazuh_database.sync_agents

Description

Toggles synchronization of agent database with client.keys on or off.

Default value

1

Allowed value

0, 1

wazuh_database.real_time

Description

Toggles synchronization of data in real-time (supported on Linux only) on and off.

Default value

1

Allowed value

0, 1

wazuh_database.interval

Description

Interval to sleep between cycles. (Only used if real time sync is disabled).

Default value

60

Allowed value

Any integer between 0 and 86400 (seconds).

wazuh_database.max_queued_events

Description

Maximum number of queued events (only used if inotify is available).

Default value

0 (use system default value).

Allowed value

Any integer between 0 and 2147483647.

Wazuh Modules

wazuh_modules.task_nice

Description

Indicates the priority of the tasks. The lower the value, the higher the priority.

Default value

10

Allowed value

Any integer between -20 and 19.

wazuh_modules.max_eps

Description

Maximum number of events per second sent by all Wazuh Module.

Default value

100

Allowed value

Any integer between 1 and 1000

wazuh_modules.kill_timeout

Description

Time for a process to quit before being killed during Modulesd exiting, in seconds.

Default value

10

Allowed value

0: Kill immediately

Any integer between 1 and 3600

wazuh_modules.debug

Description

Debug level.

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.

Wazuh Command

wazuh_command.remote_commands

Description

Toggles whether Command Module should accept commands defined in the shared configuration or not.

Default value

0

Allowed value

0: Disable remote commands.

1: Enable remote commands.

Wazuh-db

wazuh_db.worker_pool_size

Description

Number of worker threads

Default value

8

Allowed value

Any integer between 1 and 32

wazuh_db.open_db_limit

Description

Maximum number of allowed open databases before closing

Default value

64

Allowed value

Any integer between 1 and 4096

wazuh_db.rlimit_nofile

Description

Maximum number of file descriptors that Wazuh-DB can open.

Default value

65536

Allowed value

Any integer between 1024 and 1048576.

wazuh_db.commit_time_min

Description

Minimum time margin before committing.

Default value

10

Allowed value

Any integer between 1 and 3600.

wazuh_db.commit_time_max

Description

Maximum time margin before committing.

Default value

60

Allowed value

Any integer between 1 and 3600.

wazuh_db.max_fragmentation

Description

Maximum fragmentation allowed for a database.

Default value

90

Allowed value

Any integer between 0 and 100.

wazuh_db.fragmentation_threshold

Description

Indicates the allowed fragmentation threshold.

Default value

75

Allowed value

Any integer between 0 and 100.

wazuh_db.fragmentation_delta

Description

Indicates the allowed fragmentation difference between the last time
the vacuum was performed and the current measurement.

Default value

5

Allowed value

Any integer between 0 and 100.

wazuh_db.free_pages_percentage

Description

Indicates the minimum percentage of free pages present in a database that
can trigger a vacuum.

Default value

0

Allowed value

Any integer between 0 and 99.

wazuh_db.check_fragmentation_interval

Description

Interval for database fragmentation check, in seconds.

Default value

7200

Allowed value

Any integer between 1 and 30758400.

wazuh_db.debug

Description

Debug level

Default value

0

Allowed value

0: No debug output

1: Standard debug output

2: Verbose debug output

Wazuh-download

wazuh_download.enabled

Description

Enable download module

Default value

1

Allowed value

0: Disable download module.

1: Enable download module.

Windows

windows.debug

Description

Debug level (used in windows agent installations).

Default value

0

Allowed value

0: No debug output.

1: Standard debug output.

2: Verbose debug output.