#jinja2: lstrip_blocks: True
<!--
  Wazuh - Manager - Default configuration
  More info at: https://documentation.wazuh.com
  Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->

<ossec_config>
  <global>
    <jsonout_output>{{ wazuh_manager_config.json_output }}</jsonout_output>
    <alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log>
    <logall>{{ wazuh_manager_config.logall }}</logall>
    <logall_json>{{ wazuh_manager_config.logall_json }}</logall_json>
    <email_notification>{{ wazuh_manager_config.email_notification }}</email_notification>
    {% for to in wazuh_manager_config.mail_to %}
    <email_to>{{ to }}</email_to>
    {% endfor %}
    <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
    <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
    <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
    <email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source>
    <agents_disconnection_time>{{ wazuh_manager_config.agents_disconnection_time }}</agents_disconnection_time>
    <agents_disconnection_alert_time>{{ wazuh_manager_config.agents_disconnection_alert_time }}</agents_disconnection_alert_time>
  </global>

  <alerts>
    <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
    <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
  </alerts>

  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
  </logging>

{% if wazuh_manager_config.extra_emails is defined %}
{% for mail in wazuh_manager_config.extra_emails %}
{% if mail.enable == true %}
  <email_alerts>
    <email_to>{{ mail.mail_to }}</email_to>
    {% if mail.format is not none %}
    <format>{{ mail.format }}</format>
    {% endif %}
    {% if mail.level is not none %}
    <level>{{ mail.level }}</level>
    {% endif %}
    {% if mail.event_location is not none %}
    <event_location>{{ mail.event_location }}</event_location>
    {% endif %}
    {% if mail.group is not none %}
    <group>{{ mail.group }}</group>
    {% endif %}
    {% if mail.do_not_delay is not none and mail.do_not_delay == true %}
    <do_not_delay />
    {% endif %}
    {% if mail.do_not_group is not none and mail.do_not_group == true %}
    <do_not_group />
    {% endif %}
    {% if mail.rule_id is not none %}
    <rule_id>{{ mail.rule_id }}</rule_id>
    {% endif %}
  </email_alerts>
{% endif %}
{% endfor %}
{% endif %}



{% for connection in wazuh_manager_config.connection %}
  <remote>
    <connection>{{ connection.type }}</connection>
    {% if connection.port is defined %}
    <port>{{ connection.port }}</port>
    {% endif %}
    {% if connection.protocol is defined %}
    <protocol>{{ connection.protocol }}</protocol>
    {% endif %}
    {% if connection.allowed_ips is defined %}
    {% for allowed_ip in connection.allowed_ips %}
    <allowed-ips>{{ allowed_ip }}</allowed-ips>
    {% endfor %}
    {% endif %}
    {% if connection.denied_ips is defined %}
    {% for denied_ip in connection.denied_ips %}
    <denied-ips>{{ denied_ip }}</denied-ips>
    {% endfor %}
    {% endif %}
    {% if connection.local_ip is defined %}
    <local_ip>{{ connection.local_ip }}</local_ip>
    {% endif %}
    {% if connection.ipv6 is defined %}
    <ipv6>{{ connection.ipv6 }}</ipv6>
    {% endif %}
    {% if connection.queue_size is defined %}
    <queue_size>{{connection.queue_size}}</queue_size>
    {% endif %}
  </remote>
{% endfor %}

{% if wazuh_manager_config.reports is defined %}
{% for report in wazuh_manager_config.reports %}
{% if report.enable == true %}
  <reports>
    <category>{{ report.category }}</category>
    <title>{{ report.title }}</title>
    <email_to>{{ report.email_to }}</email_to>
    {% if report.location is not none %}<location>{{ report.location }}</location>{% endif %}
    {% if report.group is not none %}<group>{{ report.group }}</group>{% endif %}
    {% if report.rule is not none %}<rule>{{ report.rule }}</rule>{% endif %}
    {% if report.level is not none %}<level>{{ report.level }}</level>{% endif %}
    {% if report.srcip is not none %}<srcip>{{ report.srcip }}</srcip>{% endif %}
    {% if report.user is not none %}<user>{{ report.user }}</user>{% endif %}
    {% if report.showlogs is not none %}<showlogs>{{ report.showlogs }}</showlogs>{% endif %}
  </reports>
{% endif %}
{% endfor %}
{% endif %}

  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>

    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>

    <rootkit_files>{{ wazuh_dir }}/etc/rootcheck/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>{{ wazuh_dir }}/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>

    <skip_nfs>yes</skip_nfs>
  </rootcheck>

    {% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
  <wodle name="open-scap">
    <disabled>no</disabled>
    <timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout>
    <interval>{{ wazuh_manager_config.openscap.interval }}</interval>
    <scan-on-start>{{ wazuh_manager_config.openscap.scan_on_start }}</scan-on-start>
    {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
    <content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
      <profile>xccdf_org.ssgproject.content_profile_common</profile>
    </content>
    {% elif ansible_distribution == 'Debian' %}
    {% if ansible_distribution_release == 'jessie' %}
    {% if openscap_version_valid.stdout == "0" %}
    <content type="xccdf" path="ssg-debian-8-ds.xml">
      <profile>xccdf_org.ssgproject.content_profile_common</profile>
    </content>
    <content type="oval" path="cve-debian-8-oval.xml"/>
    {% endif %}
    {% elif ansible_distribution_release == 'stretch' %}
    <content type="oval" path="cve-debian-9-oval.xml"/>
    {% endif %}
    {% elif ansible_distribution == 'CentOS' %}
      {% if ansible_distribution_major_version == '8' %}
        {# Policy not available #}
      {% elif ansible_distribution_major_version == '7' %}
      <content type="xccdf" path="ssg-centos-7-ds.xml">
        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
        <profile>xccdf_org.ssgproject.content_profile_common</profile>
      </content>
      {% elif ansible_distribution_major_version == '6' %}
      <content type="xccdf" path="ssg-centos-6-ds.xml">
        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
        <profile>xccdf_org.ssgproject.content_profile_common</profile>
      </content>
      {% endif %}
    {% elif ansible_distribution == 'RedHat' %}
      {% if ansible_distribution_major_version == '8' %}
        {# Policy not available #}
      {% elif ansible_distribution_major_version == '7' %}
      <content type="xccdf" path="ssg-rhel-7-ds.xml">
        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
        <profile>xccdf_org.ssgproject.content_profile_common</profile>
      </content>
      {% elif ansible_distribution_major_version == '6' %}
      <content type="xccdf" path="ssg-rhel-6-ds.xml">
        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
        <profile>xccdf_org.ssgproject.content_profile_common</profile>
      </content>
      {% endif %}
      {% if ansible_distribution_major_version == '7' %}
      <content type="oval" path="cve-redhat-7-ds.xml"/>
      {% elif ansible_distribution_major_version == '6' %}
      <content type="oval" path="cve-redhat-6-ds.xml"/>
      {% endif %}
    {% elif ansible_distribution == 'Fedora' %}
      <content type="xccdf" path="ssg-fedora-ds.xml">
        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
        <profile>xccdf_org.ssgproject.content_profile_common</profile>
      </content>
    {% endif %}
  </wodle>
  {% endif %}

  <wodle name="cis-cat">
    <disabled>{{ wazuh_manager_config.cis_cat.disable}}</disabled>
    <timeout>{{ wazuh_manager_config.cis_cat.timeout }}</timeout>
    <interval>{{ wazuh_manager_config.cis_cat.interval }}</interval>
    <scan-on-start>{{ wazuh_manager_config.cis_cat.scan_on_start }}</scan-on-start>
    {% if wazuh_manager_config.cis_cat.install_java == 'yes' %}
    <java_path>wodles/java</java_path>
    {% else %}
    <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>
    {% endif %}
    <ciscat_path>{{ wazuh_manager_config.cis_cat.ciscat_path }}</ciscat_path>
  </wodle>

  <!-- Osquery integration -->
  <wodle name="osquery">
    <disabled>{{ wazuh_manager_config.osquery.disable }}</disabled>
    <run_daemon>{{ wazuh_manager_config.osquery.run_daemon }}</run_daemon>
    <log_path>{{ wazuh_manager_config.osquery.log_path }}</log_path>
    <config_path>{{ wazuh_manager_config.osquery.config_path }}</config_path>
    <add_labels>{{ wazuh_manager_config.osquery.ad_labels }}</add_labels>
  </wodle>

  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>{{ wazuh_manager_config.syscollector.disable }}</disabled>
    <interval>{{ wazuh_manager_config.syscollector.interval }}</interval>
    <scan_on_start>{{ wazuh_manager_config.syscollector.scan_on_start }}</scan_on_start>
    <hardware>{{ wazuh_manager_config.syscollector.hardware }}</hardware>
    <os>{{ wazuh_manager_config.syscollector.os }}</os>
    <network>{{ wazuh_manager_config.syscollector.network }}</network>
    <packages>{{ wazuh_manager_config.syscollector.packages }}</packages>
    <ports all="no">{{ wazuh_manager_config.syscollector.ports_no }}</ports>
    <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
  </wodle>

  <sca>
  {% if wazuh_manager_config.sca.enabled | length > 0 %}
    <enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
  {% endif %}
  {% if wazuh_manager_config.sca.scan_on_start | length > 0 %}
    <scan_on_start>{{ wazuh_manager_config.sca.scan_on_start }}</scan_on_start>
  {% endif %}
  {% if wazuh_manager_config.sca.interval | length > 0 %}
    <interval>{{ wazuh_manager_config.sca.interval }}</interval>
  {% endif %}
  {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
    <skip_nfs>yes</skip_nfs>
  {% endif %}
  {% if wazuh_manager_config.sca.day | length > 0 %}
    <day>{{ wazuh_manager_config.sca.day }}</day>
  {% endif %}
  {% if wazuh_manager_config.sca.wday | length > 0 %}
    <wday>{{ wazuh_manager_config.sca.wday }}</wday>
  {% endif %}
  {% if wazuh_manager_config.sca.time | length > 0 %}
    <time>{{ wazuh_manager_config.sca.time }}</time>
  {% endif %}
  </sca>

  <vulnerability-detector>
  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
  {% endif %}
  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
  {% endif %}
  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
  {% endif %}
  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
    <provider name={{ provider_.name }}>
      {% if provider_.enabled is defined %}
      <enabled>{{ provider_.enabled }}</enabled>
      {% endif %}
      {% if provider_.os is defined %}
      {% for os_ in provider_.os %}
      <os>{{ os_ }}</os>
      {% endfor %}
      {% endif %}
      {% if provider_.update_interval is defined %}
      <update_interval>{{ provider_.update_interval }}</update_interval>
      {% endif %}
    </provider>
  {% endfor %}
  {% endif %}
  </vulnerability-detector>

  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>

    <!-- Do not ignore files that change more than 'frequency' times -->
    {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %}
    <auto_ignore {{ wazuh_manager_config.syscheck.auto_ignore_frequency.frequency }} {{ wazuh_manager_config.syscheck.auto_ignore_frequency.timeframe }}>{{wazuh_manager_config.syscheck.auto_ignore_frequency.value }}</auto_ignore>
    {% endif %}

    <!-- Directories to check  (perform all possible verifications) -->
    {% if wazuh_manager_config.syscheck.directories is defined %}
    {% for directory in wazuh_manager_config.syscheck.directories %}
    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
    {% endfor %}
    {% endif %}

    <!-- Files/directories to ignore -->
    {% if wazuh_manager_config.syscheck.ignore is defined %}
    {% for ignore in wazuh_manager_config.syscheck.ignore %}
    <ignore>{{ ignore }}</ignore>
    {% endfor %}
    {% endif %}

    <!-- File types to ignore -->
    {% if wazuh_manager_config.syscheck.ignore_linux_type is defined %}
    {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
    <ignore type="sregex">{{ ignore }}</ignore>
    {% endfor %}
    {% endif %}


    <!-- Files no diff -->
    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
    <nodiff>{{ no_diff }}</nodiff>
    {% endfor %}
    {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
    <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
    {% endif %}
    {% if wazuh_manager_config.syscheck.skip_dev is defined %}
    <skip_dev>{{ wazuh_manager_config.syscheck.skip_dev }}</skip_dev>
    {% endif %}
    {% if wazuh_manager_config.syscheck.skip_proc is defined %}
    <skip_proc>{{ wazuh_manager_config.syscheck.skip_proc }}</skip_proc>
    {% endif %}
    {% if wazuh_manager_config.syscheck.skip_sys is defined %}
    <skip_sys>{{ wazuh_manager_config.syscheck.skip_sys }}</skip_sys>
    {% endif %}

    <!-- Nice value for Syscheck module -->
    <process_priority>{{ wazuh_manager_config.syscheck.process_priority }}</process_priority>

    <!-- Maximum output throughput -->
    <max_eps>{{ wazuh_manager_config.syscheck.max_eps }}</max_eps>

    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>{{ wazuh_manager_config.syscheck.sync_enabled }}</enabled>
      <interval>{{ wazuh_manager_config.syscheck.sync_interval }}</interval>
      <max_interval>{{ wazuh_manager_config.syscheck.sync_max_interval }}</max_interval>
      <max_eps>{{ wazuh_manager_config.syscheck.sync_max_eps }}</max_eps>
    </synchronization>
  </syscheck>

  <global>
{% for white_list in wazuh_manager_config.globals %}
    <white_list>{{ white_list }}</white_list>
{% endfor %}
  </global>

{% for command in wazuh_manager_config.commands %}

  <command>
    <name>{{ command.name }}</name>
    <executable>{{ command.executable }}</executable>
    {% if command.timeout_allowed is defined %}
        <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
    {% endif %}
  </command>
{% endfor %}

{% if agentless_creds is defined %}
{% for agentless in agentless_creds %}
  <agentless>
    <type>{{ agentless.type }}</type>
    <frequency>{{ agentless.frequency }}</frequency>
    <host>{{ agentless.host }}</host>
    <state>{{ agentless.state }}</state>
    {% if agentless.arguments is defined %}
      <arguments>{{ agentless.arguments }}</arguments>
    {% endif %}
  </agentless>
{% endfor %}
{% endif -%}

{% if wazuh_manager_config.active_responses is defined %}
  {% for response in wazuh_manager_config.active_responses %}
    <active-response>
      <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
      {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
      {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
      {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
      {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}
      {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}
      {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}
      {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
      {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
    </active-response>
  {% endfor %}
{% endif -%}

  <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_manager_config.localfiles.common %}

  <localfile>
     <log_format>{{ localfile.format }}</log_format>
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
     <command>{{ localfile.command }}</command>
     {% if localfile.alias is defined %}
     <alias>{{ localfile.alias }}</alias>
     {% endif %}
     {% if localfile.frequency is defined %}
     <frequency>{{ localfile.frequency }}</frequency>
     {% endif %}
     {% else %}
     <location>{{ localfile.location }}</location>
     {% if localfile.format == 'eventchannel' %}
     {% if localfile.only_future_events is defined %}
     <only-future-events>{{ localfile.only_future_events }}</only_future_events>
     {% endif %}
     {% if localfile.query is defined %}
     <query>{{ localfile.query }}</query>
     {% endif %}
     {% endif %}
     {% endif %}
     {% if localfile.format == 'json' and localfile.labels is defined %}
     {% for key, value in localfile.labels.items() %}
     <label key="{{ key }}">{{ value }}</label>
     {% endfor %}
     {% endif %}
     {% if localfile.target is defined %}
     <target>{{ localfile.target }}</target>
     {% endif %}
     {% if localfile.out_format is defined %}
     <out_format>{{ localfile.out_format }}</out_format>
     {% endif %}
  </localfile>
{% endfor %}

{% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_manager_config.localfiles.debian %}

  <localfile>
     <log_format>{{ localfile.format }}</log_format>
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
     <command>{{ localfile.command }}</command>
     {% if localfile.alias is defined %}
     <alias>{{ localfile.alias }}</alias>
     {% endif %}
     {% if localfile.frequency is defined %}
     <frequency>{{ localfile.frequency }}</frequency>
     {% endif %}
     {% else %}
     <location>{{ localfile.location }}</location>
     {% if localfile.format == 'eventchannel' %}
     {% if localfile.only_future_events is defined %}
     <only-future-events>{{ localfile.only_future_events }}</only_future_events>
     {% endif %}
     {% if localfile.query is defined %}
     <query>{{ localfile.query }}</query>
     {% endif %}
     {% endif %}
     {% endif %}
     {% if localfile.format == 'json' and localfile.labels is defined %}
     {% for key, value in localfile.labels.items() %}
     <label key="{{ key }}">{{ value }}</label>
     {% endfor %}
     {% endif %}
     {% if localfile.target is defined %}
     <target>{{ localfile.target }}</target>
     {% endif %}
     {% if localfile.out_format is defined %}
     <out_format>{{ localfile.out_format }}</out_format>
     {% endif %}
  </localfile>
{% endfor %}
{% endif -%}

{% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %}

  <localfile>
     <log_format>{{ localfile.format }}</log_format>
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
     <command>{{ localfile.command }}</command>
     {% if localfile.alias is defined %}
     <alias>{{ localfile.alias }}</alias>
     {% endif %}
     {% if localfile.frequency is defined %}
     <frequency>{{ localfile.frequency }}</frequency>
     {% endif %}
     {% else %}
     <location>{{ localfile.location }}</location>
     {% if localfile.format == 'eventchannel' %}
     {% if localfile.only_future_events is defined %}
     <only-future-events>{{ localfile.only_future_events }}</only_future_events>
     {% endif %}
     {% if localfile.query is defined %}
     <query>{{ localfile.query }}</query>
     {% endif %}
     {% endif %}
     {% endif %}
     {% if localfile.format == 'json' and localfile.labels is defined %}
     {% for key, value in localfile.labels.items() %}
     <label key="{{ key }}">{{ value }}</label>
     {% endfor %}
     {% endif %}
     {% if localfile.target is defined %}
     <target>{{ localfile.target }}</target>
     {% endif %}
     {% if localfile.out_format is defined %}
     <out_format>{{ localfile.out_format }}</out_format>
     {% endif %}
  </localfile>
{% endfor %}
{% endif -%}

{% if wazuh_manager_config.syslog_outputs is defined %}
{% for syslog_output in wazuh_manager_config.syslog_outputs %}
{% if syslog_output.server is not none  %}
  <syslog_output>
    <server>{{ syslog_output.server }}</server>
    <port>{{ syslog_output.port }}</port>
    <format>{{ syslog_output.format }}</format>
  </syslog_output>
{% endif %}
{% endfor %}
{% endif %}

{% if wazuh_manager_config.integrations is defined %}
{% for integration in wazuh_manager_config.integrations %}
{% if integration.name is not none %}
  <!-- Integration with {{ integration.name }} -->
  <integration>
    <name>{{ integration.name }}</name>
    {% if integration.hook_url is defined %}
    <hook_url>{{ integration.hook_url }}</hook_url>
    {% endif %}
    {% if integration.api_key is defined %}
    <api_key>{{ integration.api_key }}</api_key>
    {% endif %}
    {% if integration.alert_format is defined %}
    <alert_format>{{ integration.alert_format }}</alert_format>
    {% endif %}
    {% if integration.alert_level is defined %}
    <level>{{ integration.alert_level }}</level>
    {% endif %}
    {% if integration.rule_id is defined %}
    <rule_id>{{ integration.rule_id }}</rule_id>
    {% endif %}
  </integration>
{% endif %}
{% endfor %}
{% endif %}

{% if monitor_aws is defined and monitor_aws.disabled == "no" %}
  <!-- S3 -->
  <wodle name="aws-s3">
    <disabled>{{ monitor_aws.disabled }}</disabled>
    <interval>{{ monitor_aws.interval }}</interval>
    <run_on_start>{{ monitor_aws.run_on_start }}</run_on_start>
    <skip_on_error>{{ monitor_aws.skip_on_error }}</skip_on_error>
    {% for bucket in monitor_aws.s3 %}
    <bucket type="{{ bucket.bucket_type }}">
      <name>{{ bucket.name }}</name>
      {% if bucket.path is defined %}
      <path>{{ bucket.path }}</path>
      {% endif %}
      {% if bucket.only_logs_after is defined %}
      <only_logs_after>{{ bucket.only_logs_after }}</only_logs_after>
      {% endif %}
      <access_key>{{ bucket.access_key }}</access_key>
      <secret_key>{{ bucket.secret_key }}</secret_key>
    </bucket>
    {% endfor %}
  </wodle>
{% endif %}

{% if wazuh_manager_config.labels.enable == true %}
  <labels>
  {% for label in wazuh_manager_config.labels.list %}
    <label key="{{ label.key }}"{% if label.hidden is defined %} hidden="{{ label.hidden }}"{% endif %}>{{ label.value }}</label>
  {% endfor %}
  </labels>
{% endif %}


  <ruleset>
  <!-- Default ruleset -->
  <decoder_dir>ruleset/decoders</decoder_dir>
  <rule_dir>ruleset/rules</rule_dir>
  {% if wazuh_manager_config.rule_exclude is defined %}
  {% for rule in wazuh_manager_config.rule_exclude %}
  <rule_exclude>{{ rule }}</rule_exclude>
  {% endfor %}
  {% endif %}
  {% if wazuh_manager_config.ruleset.cdb_lists is defined %}
  {% for list in wazuh_manager_config.ruleset.cdb_lists %}
  <list>etc/lists/{{ list }}</list>
  {% endfor %}
  {% endif %}

  <!-- User-defined ruleset -->
  <decoder_dir>etc/decoders</decoder_dir>
  <rule_dir>etc/rules</rule_dir>
  </ruleset>

{% if wazuh_manager_config.authd.enable == true %}
  <auth>
    <disabled>no</disabled>
    {% if wazuh_manager_config.authd.port is not none %}
    <port>{{wazuh_manager_config.authd.port}}</port>
    {% else %}
    <port>1515</port>
    {% endif %}
    {% if wazuh_manager_config.authd.use_source_ip is not none %}
    <use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
    {% endif %}
    <force>
      {% if wazuh_manager_config.authd.force.enabled is not none %}
      <enabled>{{wazuh_manager_config.authd.force.enabled}}</enabled>
      {% else %}
      <enabledport>yes</enabled>
      {% endif %}
      {% if wazuh_manager_config.authd.force.key_mismatch is not none %}
      <key_mismatch>{{wazuh_manager_config.authd.force.key_mismatch}}</key_mismatch>
      {% else %}
      <key_mismatch>yes</key_mismatch>
      {% endif %}
      {% if wazuh_manager_config.authd.force.disconnected_time is not none %}
      <disconnected_time enabled="yes">{{wazuh_manager_config.authd.force.disconnected_time}}</disconnected_time>
      {% else %}
      <disconnected_time enabled="yes">1h</disconnected_time>
      {% endif %}
      {% if wazuh_manager_config.authd.force.after_registration_time is not none %}
      <after_registration_time>{{wazuh_manager_config.authd.force.after_registration_time}}</after_registration_time>
      {% else %}
      <after_registration_time>1h</after_registration_time>
      {% endif %}
    </force>
    {% if wazuh_manager_config.authd.purge is not none %}
    <purge>{{wazuh_manager_config.authd.purge}}</purge>
    {% endif %}
    {% if wazuh_manager_config.authd.use_password is not none %}
    <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
    {% endif %}
    {% if wazuh_manager_config.authd.ciphers is not none %}
    <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
    {% endif %}
    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
    <ssl_agent_ca>{{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
    {% endif %}
    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}
    <ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>
    {% endif %}
    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
    <ssl_manager_cert>{{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>
    {% endif %}
    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}
    <ssl_manager_key>{{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>
    {% endif %}
    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
    <ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>
    {% endif %}
  </auth>
{% endif %}

  <cluster>
    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
    <name>{{ wazuh_manager_config.cluster.name }}</name>
    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
    <key>{{ wazuh_manager_config.cluster.key }}</key>
    {% if wazuh_manager_config.cluster.interval is defined %}
    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>
    {% endif %}
    <port>{{ wazuh_manager_config.cluster.port }}</port>
    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
    <nodes>
    {% for node in wazuh_manager_config.cluster.nodes %}
      <node>{{ node }}</node>
    {% endfor %}
    </nodes>
    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
  </cluster>

</ossec_config>