Homelab Wazuh Deployment

Why a security engineer running a small home network picked Wazuh over Splunk, Elastic, and Graylog, what hardware caught the job, and the 29-task implementation plan that went through 5 patches before a single playbook ran against the target server.

How a captain-orchestrated, nine-wave Ansible build went from clean repo to bootstrap-applied on a live HUNSN, including a sudo-rs surprise, a vault leak that demanded an immediate panic-rotate, a group_vars file shadowed by a directory of the same name, and a Multipass dry-run that caught two real playbook bugs before they could touch production.

The climax of the Wazuh homelab series. deploy-wazuh.yml meets reality, eight bugs cascade across two evenings, the UDM Pro starts forwarding live syslog, three agents enroll across Linux, Pi, and Apple Silicon, and the captain pattern that orchestrated all of it gets an honest retrospective.