Configuring Wazuh single-node data volumes

Volumes allow to set Wazuh configuration and log files to exist outside their containers. This allows the files to persist after removing containers.

Β·

2 min read

So, now I have a Wazuh single-node Docker instance up and running...

My first question was therefore as follows: how can I preserve custom configs within my Wazuh Docker deployment?

Our use case should be: being able to update/modify ossec.conf file, add a python file inside the /integrations directory, and then modify the local_rules.xml file (within the container) without losing these custom configurations after stopping or removing the containers.

Let's get to it.

Within the Docker deployment, inside the Wazuh Manager image, there's a method to mount files: the /wazuh-config-mount directory steps all the files inside the /var/ossec path which is in fact, the Wazuh Manager root directory.

In the case of the single-node deployment, within the single-node/config/wazuh_cluster/ directory exists the wazuh_manager.conf file, which is mounted in etc/ossec.conf of the container. (Check line 39 of the docker-compose.yml file)

By modifying that file you will maintain the persistence of the ossec.conf configuration and, by mounting any other configuration file in the directory /wazuh-config-mount/ + destination_path you can mount whatever files you need (see above image) inside the container directory: /var/ossec/.

NOTE: The /wazuh-config-mount directory is inside the container.

To give you an example: if you want to mount the file /var/ossec/bin/test.txt inside the container you can create it in the same directory where the wazuh_manager.conf file is.

And then you have to mount it in the Wazuh Manager container in the following way:

- ./config/wazuh_cluster/test.txt:/wazuh-config-mount/bin/test.txt

Seen from the docker-compose.yml file it would look like this:

To be more clear:

Adding those files mounted in the container, the image entry-point scripts are responsible for copying them to the directory we need.

Time to check this customization within our Wazuh platform:

Now you know!

Hope this helps. πŸ˜‰

PS. I would like to thank Victor EreΓ±u (from Wazuh Inc.) for all the support.

Β