Wazuh

Beacon writes Wazuh-compatible JSONL endpoint events. Use beacon endpoint wazuh to print localfile configuration, generate a content pack, and write a validation event.

beacon endpoint wazuh [command]

Commands

beacon endpoint wazuh print-config

Print a Wazuh localfile snippet for the configured runtime log.

beacon endpoint wazuh install-pack

Write Wazuh rules and config snippets to a directory.

beacon endpoint wazuh validate

Write and describe a Beacon validation event.

Runtime log paths

Mode	Path
User mode	`~/.beacon/endpoint/logs/runtime.jsonl`
System mode	`/var/log/beacon-agent/runtime.jsonl`

Endpoint agent

Install and inspect the local endpoint agent.

Dashboard

Inspect Beacon events locally before forwarding.

beacon endpoint dashboard beacon endpoint wazuh print-config

⌘I

Overview

Endpoint

Dashboard

Wazuh

Hooks

Claude Cowork

Reference

Wazuh

Wazuh

Commands

beacon endpoint wazuh print-config

beacon endpoint wazuh install-pack

beacon endpoint wazuh validate

Runtime log paths

Endpoint agent

Dashboard

Overview

Endpoint

Dashboard

Wazuh

Hooks

Claude Cowork

Reference

Documentation Index

​Wazuh

​Commands

beacon endpoint wazuh print-config

beacon endpoint wazuh install-pack

beacon endpoint wazuh validate

​Runtime log paths

​Related

Endpoint agent

Dashboard

Wazuh

Commands

Runtime log paths

Related