Monit + Wazuh?

Started by sorano, April 03, 2026, 03:26:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 03, 2026, 03:26:42 PM
Has anyone found a way to verify that Wazuh is running properly via Monit?

Using pid files are problematic since they are created with the pid in the filename meaning monit check will break when the process gets a new id:


ls -lah /var/ossec/var/run/wazuh*
-rw-r-----  1 wazuh wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-agentd-91844.pid
-rw-r-----  1 wazuh wazuh  599B Apr  3 15:14 /var/ossec/var/run/wazuh-agentd.state
-rw-r-----  1 root  wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-execd-87687.pid
-rw-r-----  1 root  wazuh    5B Mar 30 22:21 /var/ossec/var/run/wazuh-logcollector-1027.pid
-rw-r-----  1 root  wazuh  1.4K Apr  3 15:14 /var/ossec/var/run/wazuh-logcollector.state
-rw-r-----  1 root  wazuh    5B Mar 30 22:21 /var/ossec/var/run/wazuh-modulesd-4657.pid
-rw-r-----  1 root  wazuh    6B Mar 30 22:21 /var/ossec/var/run/wazuh-syscheckd-97682.pid
26.1.5|Intel N150|4x3.6GHz|8GB|256GB NVMe
Cisco L3 switch OSPF + FRR
Chrony|DoT|HAProxy+NAXSI|Suricata+Wazuh|NetFlow->Akvorado
IPSec|OpenVPN|Wireguard
MultiWAN: 1Gbit fiber dual stack + 4G failover

--
Available for private support.
Today at 12:41:36 AM #1
Doesn't monit check only for the existence of the pid ? In other words, it does not care what its number is, just that it exists.
I can't tell more as I tried wazuh and found it too much for my home needs. Corporate.. of course a valid option.
Print
Go Up Pages1
User actions