Has anyone found a way to verify that Wazuh is running properly via Monit?
Using pid files are problematic since they are created with the pid in the filename meaning monit check will break when the process gets a new id:
ls -lah /var/ossec/var/run/wazuh*
-rw-r----- 1 wazuh wazuh 6B Mar 30 22:21 /var/ossec/var/run/wazuh-agentd-91844.pid
-rw-r----- 1 wazuh wazuh 599B Apr 3 15:14 /var/ossec/var/run/wazuh-agentd.state
-rw-r----- 1 root wazuh 6B Mar 30 22:21 /var/ossec/var/run/wazuh-execd-87687.pid
-rw-r----- 1 root wazuh 5B Mar 30 22:21 /var/ossec/var/run/wazuh-logcollector-1027.pid
-rw-r----- 1 root wazuh 1.4K Apr 3 15:14 /var/ossec/var/run/wazuh-logcollector.state
-rw-r----- 1 root wazuh 5B Mar 30 22:21 /var/ossec/var/run/wazuh-modulesd-4657.pid
-rw-r----- 1 root wazuh 6B Mar 30 22:21 /var/ossec/var/run/wazuh-syscheckd-97682.pid
Doesn't monit check only for the existence of the pid ? In other words, it does not care what its number is, just that it exists.
I can't tell more as I tried wazuh and found it too much for my home needs. Corporate.. of course a valid option.