osquery installed and enabled but missing from wazuh console
62 views
Skip to first unread message
J J Sloan
Mar 27, 2021, 5:45:33 PM3/27/21
to Wazuh mailing list
I installed wazuh on my home network to verify it was a superset of ossec, and indeed that is the case. I also installed osquery on all client machines, and then osquery appeared in the "Threat detection and response" widget on the wazuh console.
So then I replaced ossec with wazuh in a different environment, but for some reason the osquery display is missing.
Both installs used the single node unattended installation script, and the target OS is centos 8 in both cases.
The only difference I can find is the initial version of wazuh which was installed in each case; the working version was 4.1.1 at install, and I think the one which is missing osquery was 4.1.2 at install. Both are now at 4.1.4, yet the difference persists.
What could I be missing?
J J
So then I replaced ossec with wazuh in a different environment, but for some reason the osquery display is missing.
Both installs used the single node unattended installation script, and the target OS is centos 8 in both cases.
The only difference I can find is the initial version of wazuh which was installed in each case; the working version was 4.1.1 at install, and I think the one which is missing osquery was 4.1.2 at install. Both are now at 4.1.4, yet the difference persists.
What could I be missing?
J J
Maximiliano Ibarra
Mar 29, 2021, 4:43:44 PM3/29/21
to Wazuh mailing list
Hello J J, thanks for contacting us!
In order to provide some help here. Please, I need to know if i understanding your problem.
You have 2 instances of Wazuh in CentOs 8 and after to upgrade them to 4.1.4 the Osquery module is still missing.
Can you check if you have enabled Osquery Module in Setting > Module?
You have 2 instances of Wazuh in CentOs 8 and after to upgrade them to 4.1.4 the Osquery module is still missing.
Can you check if you have enabled Osquery Module in Setting > Module?
Looking forward to your reply.
Best regards.
Maximiliano
jjs - mainphrame
Mar 29, 2021, 4:55:43 PM3/29/21
to Maximiliano Ibarra, Wazuh mailing list
Thank you Maximiliano, that was it.
Oddly, I don't remember ever specifically enabling that on my earlier instances. But maybe it slipped my mind.
In any case, appreciate the accurate response.
Oddly, I don't remember ever specifically enabling that on my earlier instances. But maybe it slipped my mind.
In any case, appreciate the accurate response.
J J
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/yJTJnAzQVp8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ff0ec0a7-3cee-4e5d-8478-f29b9449f6e9n%40googlegroups.com.
Maximiliano Ibarra
Mar 30, 2021, 8:41:12 AM3/30/21
to Wazuh mailing list
Hi JJ, Please check it and advise me if the problem persist or not.
Best regards
Maximiliano
Maximiliano
J J Sloan
Mar 30, 2021, 11:41:08 AM3/30/21
to Wazuh mailing list
Hi Maximiliano,
The solution is confirmed.
If this is something that can't be found in the ossec config file. but only the web console, it would explain my bewilderment in trying to see the problem by comparing ossec.conf between the two cases.
In any event, thanks again.
J J
The solution is confirmed.
If this is something that can't be found in the ossec config file. but only the web console, it would explain my bewilderment in trying to see the problem by comparing ossec.conf between the two cases.
In any event, thanks again.
J J
Reply all
Reply to author
Forward
0 new messages