Important Wazuh Logs

Check Filebeat

filebeat test output

Check Cluster Status

curl -XGET https://<Node IP>:9200/_cluster/health?pretty -u user:pass -k

Check Cluster Shard Allocation

curl -XGET https://<Node IP>:9200/_cluster/allocation/explain?pretty -u user:pass -k

Are Alerts getting to the system?

cat /var/ossec/logs/alerts/alerts.log

General Log - Agents connecting?

cat /var/ossec/logs/ossec.log

Filebeat Log

cat /var/log/filebeat/filebeat

Indexer Cluster Logs

cat /var/log/wazuh-indexer/wazuh-indexer-cluster.log  | grep -E "ERROR|WARN|Caused"

List all agents

/var/ossec/bin/agent_control -l