Wazuh dashboard settings
The Wazuh dashboard includes a configuration file located at /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
where you can define custom values for several options. This section describes all the settings available in this file.
The configuration file shows the default values for all of the possible options. You can edit this file, uncomment any of them, and apply the desired values. You can edit these settings from the Wazuh dashboard in Dashboard management > App Settings > Configuration.
The configuration file reference is organized into sections:
General options
pattern
timeout
ip.selector
ip.ignore
logs.level
hideManagerAlerts
alerts.sample.prefix
enrollment.dns
enrollment.password
cron.prefix
Monitoring
wazuh.monitoring.enabled
wazuh.monitoring.frequency
wazuh.monitoring.pattern
wazuh.monitoring.creation
Health check
checks.pattern
checks.template
checks.api
checks.setup
checks.fields
checks.metaFields
checks.timeFilter
checks.maxBuckets
Advanced index options
wazuh.monitoring.shards
wazuh.monitoring.replicas
Cron statistics
cron.statistics.status
cron.statistics.apis
cron.statistics.interval
cron.statistics.index.name
cron.statistics.index.creation
cron.statistics.shards
cron.statistics.index.replicas
General
hosts
Defines the list of APIs to connect with your Wazuh managers.
hosts:
- <host_id/host_name>:
url: http(s)://<WAZUH_MANAGER_IP>
port: <port>
username: <username>
password: <password>
Note
It is required to specify at least one host.
This is an example of a multi-host configuration:
hosts:
- wazuh_prod:
url: https://wazuh.com
port: 55000
username: wazuh-wui
password: secret_password
run_as: false
- wazuh_test:
url: https://localhost
port: 55000
username: wazuh-wui
password: wazuh-wui
run_as: false
The following table shows the configuration options for the Wazuh dashboard:
Configuration name |
Description |
Default value |
Allowed values |
---|---|---|---|
General options |
|||
pattern |
The property defines the default index pattern to use on the Wazuh dashboard. If there is no valid index pattern specified, the Wazuh dashboard automatically creates one with the name indicated in this option. |
|
Any valid index pattern |
timeout |
This property defines the maximum time (in
milliseconds) the Wazuh dashboard will wait for an API
response when making requests to it. Setting a value
under |
|
Any number starting from 1500 |
ip.selector |
This property defines if a user can change the selected index pattern directly from the top menu bar on the Wazuh dashboard WUI. |
|
true, false |
ip.ignore |
This property is used to disable certain index pattern names from being available in the index pattern selector on the Wazuh dashboard. An empty list (the default value) won't ignore any valid index pattern. |
|
Array of strings. Eg:
|
hideManagerAlerts |
This property controls if the Wazuh manager alerts in the dashboard visualizations are visible or not. A value of false displays the Wazuh manager alerts on dashboard visualizations. |
|
true, false |
alerts.sample.prefix |
This property defines the index name prefix of sample alerts. It must match the template used by the index pattern to avoid unknown fields in dashboards. |
|
Any valid index pattern |
enrollment.dns |
This property specifies the Wazuh registration server used for Wazuh agent enrollment. |
|
Any string |
enrollment.password |
This property specifies the password used to
authenticate during the agent enrollment.
|
|
Any string |
cron.prefix |
This property defines the index prefix of predefined cron jobs. The predefined jobs are the statistics monitoring jobs. |
|
Any string |
Monitoring |
|||
wazuh.monitoring.enabled |
Enables or disables the
|
Warning The Wazuh dashboard user interface
allows selecting either |
true,false |
wazuh.monitoring.frequency |
This property defines the frequency (in seconds) of API requests to get the state of the agents to create a new document in the wazuh-monitoring-* index with the returned data. Warning: Although the minimum value can be 60, we recommend adjusting it to at least 300 seconds to avoid overloading resources due to the excessive creation of documents into the index. |
Warning Although the minimum value can be
|
Any number starting from 60 |
wazuh.monitoring.pattern |
This property defines the index pattern to use for Wazuh dashboard monitoring tasks. This setting does not remove any existing patterns or templates, it only updates the Wazuh dashboard to add new ones. |
|
Any valid index pattern |
wazuh.monitoring.creation |
This property configures |
|
h (hourly), d (daily), w (weekly), m (monthly) |
Health checks |
|||
checks.pattern |
This property enables or disables the index pattern health check when opening the Wazuh dashboard. If set to false, index patterns will not be checked during the Wazuh healthcheck. |
|
true, false |
checks.template |
This property enables or disables the template health check when opening the Wazuh dashboard. It checks to see if the defined index has a valid template. Set this value to false if you do not want the index template to be validated when opening the Wazuh dashboard. |
|
true, false |
checks.api |
This property enables or disables the Wazuh server API
health check when opening the Wazuh dashboard. Set
the value of this property to |
|
true, false |
checks.setup |
This property enables or disables the setup health
check when opening the Wazuh dashboard. It checks
that the Wazuh server version is compatible with
the plugin version. Setting this value to |
|
true, false |
checks.fields |
This property enables or disables the known fields health check when opening the Wazuh dashboard. Known fields refer to the fields in your indexed documents that the indexer has identified, mapped, and available for querying. |
|
true, false |
checks.metaFields |
Meta fields are special fields that provide additional
metadata about indexed documents such as the |
|
true, false |
checks.timeFilter |
This property enables or disables the timeFilter health check when opening the Wazuh dashboard. It checks to ensure a value is set for the dashboard time filter. The time filter is used to set the time range of data displayed on the dashboard. |
|
true, false |
checks.maxBuckets |
This property enables or disables the maxBuckets health check when opening the Wazuh dashboard. It checks to ensure that the maximum number of buckets that a single aggregation request can create is at optimal levels. This helps to prevent excessive memory usage and potential out-of-memory errors. |
|
true, false |
Advanced index options Warning These options are only valid if they're modified before starting the Wazuh dashboard for the first time You can read more about configuring the shards and replicas in Wazuh indexer tuning. |
|||
wazuh.monitoring.shards |
This defines the number of shards to use for the
|
|
Any number starting from 1 |
wazuh.monitoring.replicas |
This property defines the number of replicas to use
for the |
|
Any number starting from 0 |
Cron statistics |
|||
cron.statistics.status |
This property enables or disables the statistics tasks. If enabled, it allows the statistics task to run, which is to fetch statistics information from the Wazuh server and index it in indexes. |
|
true, false |
cron.statistics.apis |
Use this property to configure the IP of the hosts you want to save statistical data from and leave this empty to run the task on every host. |
|
Array of APIs |
cron.statistics.interval |
This defines the frequency of task execution using cron schedule expressions. |
|
Any cron expressions |
cron.statistics.index.name |
This defines the name of the index in which the statistics documents will be saved. |
|
Any valid index pattern |
cron.statistics.index.creation |
This property defines the interval in which a new
index (as specified in the
|
|
h (hourly), d (daily), w (weekly), m (monthly) |
cron.statistics.shards |
This property defines the number of shards to use for the statistics indices. |
|
Any number starting from 1 |
cron.statistics.index.replicas |
This property is used to define the number of replicas to use for the statistics indices. On default, no replicas are created for the statistics indices. |
|
Any number starting from 0 |
Example
This is an example of the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
configuration:
#General options
hosts:
- env-1:
url: https://env-1.example
port: 55000
username: wazuh-wui
password: wazuh-wui
run_as: true
- env-2:
url: https://env-2.example
port: 55000
username: wazuh-wui
password: wazuh-wui
run_as: true
pattern: 'wazuh-alerts-*'
timeout: 20000
ip.selector: true
ip.ignore: []
logs.level: info
hideManagerAlerts: true
alerts.sample.prefix: wazuh-alerts-4.x-
#Monitoring
wazuh.monitoring.enabled: true
wazuh.monitoring.frequency: 900
wazuh.monitoring.pattern: wazuh-monitoring-*
wazuh.monitoring.creation: w
wazuh.monitoring.shards: 1
wazuh.monitoring.replicas: 0
#Health checks
checks.pattern : true
checks.template: true
checks.fields : true
checks.api : true
checks.setup : true
checks.metaFields: true
checks.timeFilter: true
checks.maxBuckets: true
#Custom branding
customization.enabled: true
customization.logo.app: 'custom/images/customization.logo.app.jpg'
customization.logo.healthcheck: 'custom/images/customization.logo.healthcheck.svg'
customization.logo.reports: 'custom/images/customization.logo.reports.jpg'
customization.reports.footer: '123 Custom footer Ave.\nSan Jose, CA 95148'
customization.reports.header: 'Custom Company\ninfo@custom.com\n@social_reference'
#Cron
cron.prefix: wazuh
cron.statistics.status: true
cron.statistics.apis: []
cron.statistics.interval: 0 */5 * * * *
cron.statistics.index.name: statistics
cron.statistics.index.creation: w
#Enrollment DNS
enrollment.dns: ''
enrollment.password: ''