ERROR: Duplicate agent name

[Vincent Teo]

Hi , 

I had upgrade the wazuh manager to 4.3.2 on 1 Jun , and found out majority of my servers is disconnected to wazuh-manager . Today I just upgrade the wazuh-manager to 4.3.4 to fixed the duplicate issue , but somehow after upgrading to the latest version still encounter the same issue .

Regards,

Vincent Teo

[John Soliani]

Hello Vincent,

Thank you for using Wazuh and posting in our community!

There’s an option on the manager side to force agents’ registrations in the <auth> section.
Here’s an example of how you can configure this:

<auth>
...
...
  <force>
    <enabled>yes</enabled>
    <disconnected_time enabled="yes">1h</disconnected_time>
    <after_registration_time>1h</after_registration_time>
    <key_mismatch>yes</key_mismatch>
  </force>
...
...
</auth>

NOTE: Bear in mind that all conditions must be satisfied to perform the replacement.

For more options, check our documentation here:

• Local Configuration (Auth)

Let me know if this helped!
Regards,
John.-

​

[Vincent Teo]

Hi John , 

I just changed the config on the ossec manager , but somehow still encountered the same issue with the agent , attached here is my ossec manager configure file . 

Regards,

Vincent Teo

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/-73wKxyDQmw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/59d502e6-1d2e-43ba-b2b7-9cb720d1c321n%40googlegroups.com.

[Vincent Teo]

Hi John and the team , 

Any update on this? Is my configuration not working ?

Regards,

Vincent Teo

[Vincent Teo]

Hi John and wazuh team ,

May I know any update on this ?

Regards,

Vincent

[John Soliani]

Hey Vincent,

Sorry for my late response. We’ll need to check the health of the cluster, before, I would upgrade the managers to 4.3.5, which has some issues fixed, here are the release notes.
I understand you have a cluster, let’s make sure all is correct:

• /var/ossec/bin/cluster_control -l // to check all the nodes are connected and in the same version.
• /var/ossec/bin/cluster_control -i more // to check agents’ connections per node and nodes’ data synchronization.
• cat /var/ossec/var/run/wazuh-remoted.state // to check TCP sessions (should be close to the agents connected to the node) in that node, received messages, discarded messages (should be 0 or close), etc.
• /var/ossec/bin/wazuh-control status // to check all services (in use) are running.

If this is all good, and restarting the service in the agents is not helping, enable the debug mode for authd and remoted in /var/ossec/etc/internal_options.conf and restart the manager (master).

• Here is the documentation for internal_options.

Have you tried to register an agent by executing manually in the agent agent-auth -m MASTER-IP?

• More parameters of the agent-auth tool here.

If you are still stuck on this issue, we’ll need to check the log from an agent with this behavior and the ossec.log of the master node.

Hope this helps!

​