Help creating a template for Wazuh


10 posts in this topic Last Reply

Recommended Posts

1 hour ago, Squid said:

 

Thanks for the reply! So as an example i would just add the below into the extra parameters field?

RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
   echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
   echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
   groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec

 

Link to post
3 hours ago, Squid said:

No, since there isn't an adequate docker run command listed in the docker page, you'd want to use these instructions instead

 

https://forums.unraid.net/topic/36057-noobie-docker-setup-guide/#comment-345882

 

 

haha i was way over thinking it. I thought i had to replicate the dockerfile in the template but i just needed the paths ports and variables and unraid still runs the docker file. I was confused, the below worked just fine.  Thanks for the help!

 

wazuh_unraid.thumb.PNG.f1e35cc247cfdbf111df350b4ccda2e3.PNG

Link to post
  • 5 weeks later...
7 hours ago, surfshack66 said:

@trevormiller6 Are you running the other wazuh containers or just this? I have separate instances of elasticsearch, kibana, and logstash so I'm trying to integrate this container into my existing stack.

This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh.

Link to post
21 hours ago, trevormiller6 said:

This is the wazuh server and then you would install the kibana app in your case or if using splunk you would install the splunk app. From the app you connect to the server using the API. The app serves as the UI for wazuh.

So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch.

 

Link to post
4 hours ago, surfshack66 said:

So to answer my original question it sounds like you're running their elastic stack as opposed to the official kibana, logstash, and elasticsearch.

 

No I am running splunk Enterprise... Wazuh has a splunk app that you install in splunk.

 

Here is the documentation for kibana.

https://documentation.wazuh.com/3.11/user-manual/kibana-app/

Link to post
  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.