agent registration with shell

[Burak Çınar]

Hi again,

 

Im tryting to register agents with this sh file . Agents successfully register but they dont connect to wazuh app.  Both of them on same network they there’s no restriction to access wazuh server. Any help would be perfect.

 

https://raw.githubusercontent.com/wazuh/wazuh-api/2.0/examples/api-register-agent.sh

 

 

but if i use this curls, its working fine J

 

Step 1: Add the agent to the manager.

# curl -u foo:bar -k -X POST -d 'name=NewAgent&ip=10.0.0.8' https://API_IP:55000/agents

 

Step 2: Get the agent key.

# curl -u foo:bar -k -X GET https://API_IP:55000/agents/001/key

{"error":0,"data":"MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM="}

 

Step 3: Copy the key to the agent.

# /var/ossec/bin/manage_agents -i MDAxIE5ld0FnZW50IDEwLjAuMC44IDM0MGQ1NjNkODQyNjcxMWIyYzUzZTE1MGIzYjEyYWVlMTU1ODgxMzVhNDE3MWQ1Y2IzZDY4M2Y0YjA0ZWVjYzM=

Warning

 

Step 4: Restart the agent.

# /var/ossec/bin/ossec-control restart

 

 

Current status of agents now (011 added with curl , 0019 added with sbash file)

 

[root@mywazuh bin]# /var/ossec/bin/agent_control -l

 

Wazuh agent_control. List of available agents:

   ID: 000, Name: mywazuh.local (server), IP: 127.0.0.1, Active/Local

   ID: 011, Name: bupc.local, IP: 172.1.18.231, Active

   ID: 019, Name: bupcLab.local, IP: 172.1.18.232, Never connected

 

List of agentless devices:

 

 

 

Thanks.

 

[jesusg...@wazuh.com]

Hi Burak, please can you show me the output of the following command on the agent machine:

# cat /var/ossec/logs/ossec.log

You may have a connection problem related to port forwarding or something similar. I have experimented by myself that problem on virtual environments.

Regards,

Jesús.

[Burak Çınar]

Hello Je ,

i didnt see this mail , sorry for late.  log file is empty.

root@linuxagent:~# sh wz.sh 

Adding agent:

curl -s -u wazuhuser:**** -k -X POST -d 'name=ip-linuxagent' http://172.1.8.91:55000/agents

thats the output of sh execution. in wazuh docs  step 1 and 3 enough for registering, no need to step 2.  problem might be related with this.

https://documentation.wazuh.com/current/user-manual/agents/restful-api/register.html

i will try to modify sh file and reply back .

thanks

[Burak Çınar]

hello,

still same i couldnt add agent with api (bash script). any idea ?

thanks

[Jesús Ángel González]

Hi Burak. Which are you meaning with no need step 2? It gives you the key, and it’s needed to complete the registration. Also I see you didn’t set the IP making the curl request right? I think that’s could be the cause but let me know what did you do and the result. If you give me information about the environment I’m going to replicate your scenario in order to fix your issue.

King regards,

Jesús 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/bcb663af-7fec-45fa-8d09-60183d5b4937%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Best regards,
Jesús.

[Marta Gómez]

Hello Burak,

You say your ossec.log is empty. Is your agent running? Also, is the agent key added in the agent's client.keys (/var/ossec/etc/client.keys)? The client.keys line in the agent must be exactly the same to the client.keys line in the manager, otherwise, the agent won't be able to connect to the manager.

Best regards,
Marta

[Marta Gómez]

Hello again Burak,

Are you using the lastest version of Wazuh? We have reviewed the scripts and made some fixes to make them work with Wazuh v3. We're also updating our documentation, which stills points to the v2 script.

Please, try again with the following script: https://raw.githubusercontent.com/wazuh/wazuh-api/master/examples/api-register-agent.sh

Best regards,
Marta

[Burak Çınar]

Hello Marta,

 

I’m using wazuh 3.1, ( wazuh-manager-3.1.0-1.x86_64 - wazuh-api-3.1.0-1.x86_64) . when i tried this sh , it gave error on restart step,

 

2018/01/24 21:01:18 ossec-agentd: ERROR: (4104): Invalid hostname: 'MANAGER_IP'.

2018/01/24 21:01:18 ossec-agentd: ERROR: (1202): Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.

2018/01/24 21:01:18 ossec-agentd: CRITICAL: (1215): No client configured. Exiting.

 

Then i used sed command to replace MANAGER_IP value to ip address like  “ sed -i 's/MANAGER_IP/10.2.2.1/g' /var/ossec/etc/ossec.conf “

After changing this value and restart of wazuh, it has succesfuly added to agent to wazuh manager.

 

Thanks for your help .

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d8772e36-81a6-4187-99ee-d8b85a77cc9e%40googlegroups.com.

[Yolanda Prieto]

Hi

I would like to know if exist some curl command that could substitute the /var/ossec/bin/manage_agents -i  key command.

I would like use curl command  instead

Some clue?

Do you  have some method that allow make the deploy of this in a bulk process?
I am really confused, because how I can deploy it if I have several and several agents, if I need keep track of the agent ID?

I don't know if I was able to explain myself  but I would like some idea how I can register the agents  in a bulk process ( for hundred of agents).
Any idea will be highly appreciate.

Regards
 Yolanda

[Miguelangel Freitas]

Hi Yolanda,

An option is to use an automation tool for massive deploys, please take a look at the following:

Wazuh Ansible roles: https://github.com/wazuh/wazuh-ansible

Wazuh Ansible documentation: https://documentation.wazuh.com/current/deploying-with-ansible/index.html

The ansible-wazuh-agent role can be used to install, register and configure a Wazuh Agent on several hosts.

I hope it helps.

Miguelangel Freitas

 

www.wazuh.com

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/686efd6b-3ce9-48ef-abb1-e8687f8becb5%40googlegroups.com.