New in version 4.1.0.

wazuh-logtest tool allows the testing and verification of rules against provided log examples inside a sandbox in ossec-analysisd. Helpful when writing and debugging custom rules and decoders, troubleshooting false positives and negatives.


Run as a Print debug output to the terminal.


Display the help message.

-U <rule-id:alert-level:decoder-name>

This option will cause wazuh-logtest to return a zero exit status if the test

results for the provided log line match the criteria in the arguments.

Only one log line should be supplied for this to be useful.


Display the version and license information for Wazuh and wazuh-logtest.


Quiet excecution.