commands
// 2026-01-05
// ID: REF-Wazuh Command List
Wazuh Command List
Wazuh Command Guide
Wazuh is a SIEM/XDR platform. Steps generally involve the agent.
Top 10 Useful Commands
1. Start Agent
systemctl start wazuh-agent
Explanation: Start the service.
2. Status
systemctl status wazuh-agent
Explanation: Check if connected to manager.
3. Log Test
/var/ossec/bin/wazuh-logtest
Explanation: Test how logs are parsed/decoded.
4. Agent Control (Manager)
/var/ossec/bin/agent_control -l
Explanation: List connected agents (on Manager).
5. Restart Helper
/var/ossec/bin/ossec-control restart
Explanation: Restart local processes.
6. Edit Config
nano /var/ossec/etc/ossec.conf
Explanation: Main configuration file.
7. Active Response Log
tail -f /var/ossec/logs/active-responses.log
Explanation: See if Wazuh blocked anything automatically.
8. Keys
/var/ossec/bin/manage_agents
Explanation: Add/Remove agent keys.
9. Upgrade Agent
/var/ossec/bin/agent_upgrade -a 001
Explanation: Upgrade remote agent.
10. Verify Config
/var/ossec/bin/verify-agent-conf
Explanation: Check config syntax.
The Most Powerful Command
/var/ossec/bin/wazuh-logtest
Explanation: Interactively debug why your security rules aren't triggering on specific log lines.