<no title> — wazuh-api-kit 1.0.0 documentation

#searchbox, #searchdesc { display: none; } @media (max-width: 768px) { #navbar-toggle { display: none; } #cs-mobile-menu { display: block; } #cs-layout { margin-top: 12rem; } #cs-ext-links { margin-right: 2rem!important; } }

Provides the WazuhInternalAnalysisdConfiguration which allows to parse the analysisd section of the Wazuh internal configuration.

class WazuhInternalAnalysisdConfiguration(**kwargs)#

Bases: object

Object representation of the wazuh agent’s internal option analysisd section.

Wazuh reference: https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#analysisd

alerts_queue_size: int | None#: Sets the alerts log queue size.

archives_queue_size: int | None#: Sets the archives log queue size.

dbsync_queue_size: int | None#: Sets the database synchronization message queue size.

dbsync_threads: int | None#: Number of database synchronization dispatcher threads.

debug: int | None#

The debug log level configuration of the wazuh agent.

0: No debug output

1: Standard debug output

2: Verbose debug output

decode_event_queue_size: int | None#: Sets the decode event queue size.

decode_hostinfo_queue_size: int | None#: Sets the decode hostinfo queue size.

decode_output_queue_size: int | None#: Sets the decode output queue size.

decode_rootcheck_queue_size: int | None#: Sets the decode Rootcheck queue size.

decode_sca_queue_size: int | None#: Sets the decode SCA queue size.

decode_syscheck_queue_size: int | None#: Sets the decode Syscheck queue size.

decode_syscollector_queue_size: int | None#: Sets the decode Syscollector queue size.

decode_winevt_queue_size: int | None#: Sets the Windows event decode queue size.

decoder_order_size: int | None#: Maximum number of fields in a decoder (order tag).

default_timeframe: int | None#: Default rule time-frame.

event_threads: int | None#: Number of event decoder threads.

firewall_logging_enabled: bool = True#: Toggles firewall log on and off (at logs/firewall/firewall.log).

firewall_queue_size: int | None#: Sets the firewall log queue size.

fts_list_size: int | None#: FTS list size.

fts_min_size_for_str: int | None#: FTS minimum string size.

fts_queue_size: int | None#: Sets the fts log queue size.

geoip_output_as_json: bool#: Toggle to turn on or off the output of GeoIP data in JSON alerts.

hostinfo_threads: int | None#: Number of hostinfo event decoder threads.

label_cache_maxage: int | None#: Number of in seconds without reloading labels in cache from agents.

min_rotate_interval: int | None#: Minimum interval between log rotations. Supersedes max_output_size option.

rlimit_nofile: int | None#: Maximum number of file descriptors that Analysisd can open.

rootcheck_threads: int | None#: Number of Rootcheck event decoder threads.

rule_matching_threads: int | None#: Number of rule matching threads.

sca_threads: int | None#: Number of SCA event decoder threads.

show_hidden_labels: bool#: Make hidden labels visible in alerts.

state_interval: int | None#: Sets the Analysisd interval for updating the state file in seconds.

statistical_queue_size: int | None#: Sets the statistical log queue size.

stats_maxdiff: int | None#: Stats maximum diff.

stats_mindiff: int | None#: Stats minimum diff.

stats_percent_diff: int | None#: Stats percentage (how much to differ from average).

syscheck_threads: int | None#: Number of syscheck event decoder threads.

syscollector_threads: int | None#: Number of Syscollector event decoder threads.

upgrade_queue_size: int | None#: Sets the upgrade message queue size.

winevt_threads: int | None#: Number of Windows event decoder threads.

On this page