inventory data collection not working for some servers

[Gary Woodard]

I can't determine a pattern but random servers are not populating inventory data in Wazuh manager. 

[Juan Nicolás Asselle]

Hi,

First things first: could you please send us the next information?

- Servers OS and Wazuh Agent version.

- Wazuh Agent logs (ossec.log) from any of those agents.

- Wazuh Manager version and OS .

I look forward to your comments.

Regards,

Nico

[Gary Woodard]

Windows Server 2012 R2 and Windows Server 2016

Agent version is 4.2.5

Server version is 4.2.5 and Ubuntu OS

[Juan Nicolás Asselle]

Hi,

Thanks for your information, I will try to replicate it. In the meantime, I will need you to check the next things:

• Check that syscollector wodle, module responsible for retrieving inventory data from the agent, is enabled for those agents. This can be done using Wazuh App or Wazuh API request
• Check those agent’s ossec.log. We are looking for log lines from syscollector that could indicate some error/warn
• Check those agent’s inventory data using Wazuh API endpoints
• Check manager’s ossec.log WARNING/ERROR related to wazuh-db. This command could be helpful grep "wazuh-db" /var/ossec/logs/ossec.log | grep -E "WARNING|ERROR"

I look forward to your comments.

Regards,
Nico

​

[Gary Woodard]

Appears the configuration for inventory data is missing those agents. Do I need to uninstall and reinstall the agent so it pulls configuration from wazuh?

[Gary Woodard]

that seemed to fix it. 

[Juan Nicolás Asselle]

Hi,

It's really strange that the agent's configuration was changed unintentionally. Do you have a centralized configuration? 

Please let me know if you need to dig more about this issue or further assistance.

Regards,

Nico