agent.ip missing from alerts kernel 2.6.x

39 views
Skip to first unread message

S. Grnvld

unread,
Mar 16, 2021, 6:13:58 AM3/16/21
to Wazuh mailing list
Good morning,

Might have missed something in the forums or on Slack, but I wonder if the issue has been marked that when having Wazuh agent. 3.13.2 installed on CentOs with kernel 2.6.32-754.35.1.el6.x86_64 the agent.ip is not visible in the alerts. 

Any way how to solve this besides maybe manually as mentioned here: https://groups.google.com/g/wazuh/c/BVDROfdHCms/m/LQZspL28AAAJ

Thanks!

Victor M Fernandez-Castro

unread,
Mar 17, 2021, 9:04:24 AM3/17/21
to S. Grnvld, Wazuh mailing list
Hi,

I checked this problem. It was solved in 4.0.0 (#5548). I confirm that it's failing in 3.12:

{
  "os": {
    "arch": "x86_64",
    "major": "5",
    "minor": "11",
    "name": "CentOS Linux",
    "platform": "centos",
    "uname": "Linux |centos5 |2.6.18-419.el5.centos.plus |#1 SMP Sat Feb 25 15:50:12 UTC 2017 |x86_64",
    "version": "5.11"
  },
  "node_name": "node01",
  "dateAdd": "2021-03-17T12:47:00Z",
  "name": "centos5",
  "manager": "groovy",
  "status": "active",
  "ip": "any",
  "registerIP": "any",
  "version": "Wazuh v3.13.2",
  "lastKeepAlive": "2021-03-17T12:48:34Z",
  "group": [
    "default"
  ],
  "mergedSum": "x",
  "id": "002"
}
While it's working in 4.1.2:
{
  "os": {
    "arch": "x86_64",
    "major": "5",
    "minor": "11",
    "name": "CentOS Linux",
    "platform": "centos",
    "uname": "Linux |centos5 |2.6.18-419.el5.centos.plus |#1 SMP Sat Feb 25 15:50:12 UTC 2017 |x86_64",
    "version": "5.11"
  },
  "node_name": "node01",
  "dateAdd": "1970-01-01T00:00:00Z",
  "name": "centos5",
  "manager": "groovy",
  "status": "active",
  "ip": "10.0.2.15",
  "registerIP": "any",
  "version": "Wazuh v4.1.2",
  "lastKeepAlive": "2021-03-17T12:44:16Z",
  "group": [
    "default"
  ],
  "mergedSum": "x",
  "id": "001"
}

Hope it helps.
Best regards,

Victor M. Fernandez-Castro 
Director of engineering | vic...@wazuh.com


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/eb00b5b6-c681-4ea2-8ba5-207073f753f7n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages