Run command remotely and process the output
157 views
Skip to first unread message
Alex V.
Sep 12, 2023, 5:30:02 AM9/12/23
to Wazuh | Mailing List
Following guide, trying to run utility on each linux agent and process its output - https://wazuh.com/blog/scheduling-remote-commands-for-wazuh-agents/. At this moment I cant see any processes started by "wazuh" user on agent and script. Also tried just to create empty file in "/tmp", but no file was created.
About the task: I need periodically run utility, which stores its output in json file and collect it
About the task: I need periodically run utility, which stores its output in json file and collect it
Alex V.
Sep 12, 2023, 5:40:40 AM9/12/23
to Wazuh | Mailing List
Local decoders:
Local rules:
Shared agent configuration:
Just added execution rights to script, but I dont think this is the only case
Why script "remote-test" dont execute?
Just added execution rights to script, but I dont think this is the only case
Why script "remote-test" dont execute?
вторник, 12 сентября 2023 г. в 12:30:02 UTC+3, Alex V.:
Federico Gustavo Galland
Sep 12, 2023, 6:49:26 AM9/12/23
to Wazuh | Mailing List
Hi Alex!
Thanks for reaching out.
Have you already given the script the right permissions? You would do that with:
chmod 750 /var/ossec/etc/shared/script.sh
chown root:wazuh /var/ossec/etc/shared/script.sh
On the agent side.
It is also a good idea to enable archives by switching logall_json to "yes" on your manager's /var/ossec/etc/ossec.conf and then restarting the wazuh-manager service.
This would allow you to see if the output from your script is properly getting retrieved in case your decoders/rules are not properly matching it.
Let me know if this helped.
Regards,
Federico
Reply all
Reply to author
Forward
0 new messages