Wazuh Manager

Installation guide for the Wazuh Manager component.

Definition

The Wazuh Manager (also referred to as the Wazuh Server) is the core component responsible for:

Receiving and processing logs from Wazuh agents
Parsing logs using decoders
Correlating events using predefined rules
Generating alerts and storing them in the alerts.json file

In addition to these core functions, the Wazuh Manager includes a built-in Wazuh API, which allows programmatic interaction with the system. This integration simplifies deployment, as both the manager and the API run as a unified service.

📖 For a full overview of the Wazuh Manager, refer to the official documentation.

Installation

To ensure compatibility and best practices, always follow the official installation guide provided by Wazuh:

🔗 Wazuh Server Installation - Step-by-Step Guide

Next Steps

Once the Wazuh Manager is installed and running, the next step is to verify the generation of alerts in the alerts.json file, typically located at:

/var/ossec/logs/alerts/alerts.json

This file will be used by other components (like Fluent Bit) for further processing in the pipeline.

Note:

Do apt-mark hold wazuh-manager rather removing the package link so it can't be upgraded automaticaly

PreviousIndexer

NextDashboard

Getting Started

Installation

Wazuh

Wazuh Manager

Definition

Installation

Next Steps

On this page