Registering Wazuh agents on Windows machine with dynamic IP (DHCP based)
947 views
Skip to first unread message
Bhavesh Bhanushali
Mar 28, 2019, 9:47:05 AM3/28/19
to Wazuh mailing list
Hi Guys,
We have installed Wazuh server on one machine and ELK on another machine. The communication between wazuh manager and ELK is done as per documentation.
We have configured few agents on Linux / Windows machines which had static IPs to understand the working of Wazuh events and Alerts. We used manage_agents for adding agent manually and extracting key for client machine.
We are happy to see that the setup is simple and working fine.
Now we want to install Wazuh agents on many windows machine whose IP Addresses are dynamic pulled from DHCP server.
After checking the documentation, it is not clear whether this agents will work after restart with new IP Address when manager has already registered the clients with specific old IP address in client.keys.
We tried to use password based registration method supported by Wazuh manager for installing and registering agent on windows machine.
we get following error
--------------------
agent-auth: INFO: Started (pid: 7400).
INFO: Using password specified on file: authd.pass
INFO: Connected to 192.168.2.52:1515
INFO: Using agent name as: LD016
INFO: Send request to manager. Waiting for reply.
ERROR: Unable to create key. Either wrong password or connection not accepted by
the manager.
INFO: Connection closed.
--------------------
Please provide some direction so that we can proceed forward.
daniel...@wazuh.com
Mar 28, 2019, 4:01:52 PM3/28/19
to Wazuh mailing list
Hi Bhavesh,
I'm glad to hear you found it easy to use wazuh, don't hesitate to ask us if you don't understand something about the software.
About DHCP, Wazuh supports it by setting the agents IP which are going to use DHCP to any. There are two ways of doing it:
1. Registering the agents using the tool manage_agents ( you have to select the option "Add an agent (A)" ) set the name and set the IP to any.
This way Wazuh won't set the agent ip as static. Then you should select "Extract the key for an agent (E)" and select your new agent.
Copy the key and execute the same tool in the agent, select the option "Import key from the server (I)" and paste the key.
2. If you prefer to use the authd tool (Registration Service), just set the option <use_source_ip> to no in the manager and then restart it.
Every agent registered will have any as ip from now.
Setting <use_source_ip> to yes and restarting the manager will get you to the normal behavior again.
About password registration:
1. Check the ossec.conf of your manager, look at the <auth> section and then set the option <use_password> to yes
2. Restart the manager
3. Register the agent
Hope it helps.
Regards.
I'm glad to hear you found it easy to use wazuh, don't hesitate to ask us if you don't understand something about the software.
About DHCP, Wazuh supports it by setting the agents IP which are going to use DHCP to any. There are two ways of doing it:
1. Registering the agents using the tool manage_agents ( you have to select the option "Add an agent (A)" ) set the name and set the IP to any.
This way Wazuh won't set the agent ip as static. Then you should select "Extract the key for an agent (E)" and select your new agent.
Copy the key and execute the same tool in the agent, select the option "Import key from the server (I)" and paste the key.
This process is explained here:
2. If you prefer to use the authd tool (Registration Service), just set the option <use_source_ip> to no in the manager and then restart it.
Every agent registered will have any as ip from now.
Setting <use_source_ip> to yes and restarting the manager will get you to the normal behavior again.
You may check this link where it's explained:
About password registration:
1. Check the ossec.conf of your manager, look at the <auth> section and then set the option <use_password> to yes
2. Restart the manager
3. Register the agent
Hope it helps.
Regards.
Bhavesh Bhanushali
Apr 4, 2019, 9:26:02 AM4/4/19
to Wazuh mailing list
Thanks Daniel,
We were able to add agents as suggested by you.
Thanks for the help
Reply all
Reply to author
Forward
0 new messages