adampielak/wazuh-reload-rules

GitHub: adampielak/wazuh-reload-rules

一个 Shell 脚本工具，通过 Wazuh API 认证并触发 analysisd 规则集热重载，支持单节点和完整集群模式，无需重启 wazuh-manager 即可完成规则更新与问题排查。

Stars: 0 | Forks: 0

# Wazuh 重新加载规则（无需重启 wazuh-manager）通过 Wazuh API 进行身份验证，触发规则集重新加载（analysisd），使用 jq 美化打印结果，解析问题表，并追踪 ossec.log。支持**单节点**和**完整集群**（master + 所有 worker）的重新加载。 ## 前置条件 - `curl`, `jq` - Wazuh API 访问权限（默认端口 55000） ## 安装说明 ``` cd /usr/local/bin/ wget -O wazuh-reload-rules https://raw.githubusercontent.com/adampielak/wazuh-reload-rules/refs/heads/main/wazuh-reload-rules.sh chmod 0750 wazuh-reload-rules ``` ## 使用方法 ### 仅限 Manager（默认） ``` wazuh-reload-rules -u https://localhost:55000 -U wazuh -p 'PASS' -k # 或通过 env WAZUH_PASS='PASS' wazuh-reload-rules ``` ### 完整集群（master + 所有 worker） ``` wazuh-reload-rules --cluster -u https://localhost:55000 -U wazuh -p 'PASS' -k # 或通过 env WAZUH_PASS='PASS' CLUSTER=true wazuh-reload-rules ``` ### 所有选项 ``` -u, --url Wazuh API URL (default: https://127.0.0.1:55000) -U, --user API username (default: wazuh) -p, --pass API password (or set WAZUH_PASS) -k, --insecure Skip TLS verification -L, --log Path to ossec.log (default: /var/ossec/logs/ossec.log) -v, --verbose Verbose HTTP output --cluster Reload all cluster nodes via /cluster/analysisd/reload --no-table Skip parsed ruleset issues table ``` ## 输出示例 ### 仅限 Manager ``` [*] Authenticating to https://127.0.0.1:55000 as 'wazuh'… [*] Requesting ruleset reload (manager only)… [✓] API accepted reload request. Message: Reload request sent to all specified nodes Affected items: 1, Failed items: 0 Parsed ruleset issues: Rule Issue Detail -------- -------------------- ---------------------------------------------- 99909 if_sid_sig_missing sid=89606 99909 if_sid_empty if_sid empty 99910 if_sid_sig_missing sid=89607 99910 if_sid_empty if_sid empty ``` ### 集群 ``` [*] Authenticating to https://127.0.0.1:55000 as 'wazuh'… [*] Requesting cluster-wide ruleset reload (all nodes)… [✓] API accepted reload request. Message: Reload request sent to all specified nodes Affected items: 22, Failed items: 0 Per-node results: Node Status Message ------------------------------------ -------- ------------------------------------------------ siem-manager-01-dc1 OK Ruleset reload request sent successfully. siem-manager-01-dc2 WARN (7617): Signature ID '89606' was not found … siem-manager-02-dc1 OK Ruleset reload request sent successfully. ... Ruleset issues detected — breakdown: [siem-manager-01-dc2] Rule Issue Detail -------- -------------------- ---------------------------------------------- 99909 if_sid_sig_missing sid=89606 99909 if_sid_empty if_sid empty ``` ## 作者由 **tick** 创建

标签：Cutter, Shell脚本, Wazuh, 提示注入, 规则管理, 运维工具, 集群管理