This guide uses Docker Compose to run the Wazuh security platform (SIEM/XDR).
For Docker installation, see Docker.
mkdir -p /opt/wazuh/{config,data}
cd /opt/wazuh
Create docker-compose.yml:
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.14.3
container_name: wazuh-manager
hostname: wazuh-manager
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=none
volumes:
- ./config/wazuh_cluster:/wazuh-queue
- ./config/wazuh_api:/wazuh/api/configuration
restart: unless-stopped
networks:
- wazuh
wazuh.indexer:
image: wazuh/wazuh-indexer:4.14.3
container_name: wazuh-indexer
hostname: wazuh.indexer
ports:
- "9200:9200"
environment:
- OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
- bootstrap.memory_lock=true
volumes:
- ./data/indexer:/var/lib/wazuh-indexer
- ./config/indexer:/usr/share/wazuh-indexer/opensearch.yml
restart: unless-stopped
networks:
- wazuh
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.14.3
container_name: wazuh-dashboard
hostname: wazuh.dashboard
ports:
- "443:5601"
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
volumes:
- ./config/dashboard:/usr/share/wazuh-dashboard/data/wazuh/config
depends_on:
- wazuh.indexer
- wazuh.manager
restart: unless-stopped
networks:
- wazuh
networks:
wazuh:
driver: bridge
docker compose up -d
Note: Initial startup may take 5-10 minutes.
Check container status:
docker compose ps
View logs:
docker compose logs -f wazuh.manager
Access Wazuh Dashboard at https://SERVER_IP with:
adminSecretPassword (change immediately!)docker compose exec wazuh.manager /var/ossec/bin/cluster_control -l
docker compose exec wazuh.manager /var/ossec/bin/agent_control -l
docker compose restart
docker compose down
docker compose pull
docker compose up -d
./data directoryOn Linux endpoints (Debian/Ubuntu):
curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.14.3-1_amd64.deb
WAZUH_MANAGER=your-wazuh-server-ip dpkg -i ./wazuh-agent.deb
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent
Deploying Wazuh in containers for production? Our consulting covers:
Get expert help: office@linux-server-admin.com | Contact Page