Wazuh Managers no Inventory cve etc. data

180 views
Skip to first unread message

No Data

unread,
Jun 30, 2023, 9:37:23 AM6/30/23
to Wazuh mailing list
Hi,

i installed a three node Wazuh Manager Instance (4.4.x) with a three Node Indexer. Everythings works finde , except data from the Manager nodes.

I get no Inventroy or Scan data from den Manager nodes. All Agents send data and everything is fine. But the three Manager Nodes have no Inventory data. They are also not in the 'manage_agents -l' list.

i tried to install the Wazuh Agent on den Manager nodes, but that fails because the wazuh Manager package is installed.

Is it intended that the managers have no inventory data, cve-data etc? can i reregister the manager nodes, so they collects the inventory, cve, data etc.?

Thanks in advance for your support.




Facundo Dalmau

unread,
Jun 30, 2023, 10:16:13 AM6/30/23
to Wazuh mailing list
Hi!  When installing the Wazuh manager you also have an agent in that host but with some differences from a regular one. In a cluster environment with several nodes, every one of them has the agent ID 000. You should see it using the agent_control -l command. Could you check if you can view the vulnerabilities of agent 000 by setting the agent.id filter with the value 000 in the Vulnerabilities Module of the Wazuh Dashboard?

No Data

unread,
Jun 30, 2023, 11:15:53 AM6/30/23
to Wazuh mailing list
hi, thanks for your reply.

but  thats exactly my problem. I cant select agent 000. Also i have no agent 000 in the agents overview or agents_control -l.

maybe i think i have lost the registration, but have no idea how i can reregister.

Facundo Dalmau

unread,
Jun 30, 2023, 4:23:39 PM6/30/23
to Wazuh mailing list
Related to the dashboard, was it like this from the beginning or did you make any modifications?
Please, share your logs using the following commands to check if there are any warnings or errors from the server side: 
- cat /var/log/ossec/alerts/alerts.log| grep -i -E "(error|warning)"
- cat /var/ossec/logs/ossec.log | grep -i -E "(error|warning)"

Regards

No Data

unread,
Jul 4, 2023, 1:27:43 AM7/4/23
to Wazuh mailing list
HI,

sorry for the late answer, too much to do not enough time.

some month ago i changed the backend from elastic to wazuh indexer. unfortunately i cant remeber if with the elastic backend the behavior was different.

in alert logs are some errors from agents, thats ok.

in the ossec.log are no relevant errors on all three nodes.

Facundo Dalmau

unread,
Jul 4, 2023, 12:54:12 PM7/4/23
to Wazuh mailing list
No problem. Did you follow the Migration guide to make the changes? Is it any of the agents you mention in alerts.log the 000?

No Data

unread,
Jul 7, 2023, 3:17:31 AM7/7/23
to Wazuh mailing list
I moved to complete new servers and transferd the indicies. i get some alerts for 000 in the alerts.log .

127.0.0.1->vulnerability and hostname->syscheck, also some log alerts.
Reply all
Reply to author
Forward
0 new messages