How to use wazuh API get server mac info ?
318 views
Skip to first unread message
lid...@gmail.com
May 17, 2021, 6:01:43 AM5/17/21
to Wazuh mailing list
Hi,
I want to use wazuh to get all the agent server mac address, I know wazuh can use
GET /agents?select=id,ip,........ etc. to search for some info on agent server.
but I don't know what fields about MAC info or hostname info.
Can you give me some advise about how to search it or if there is a online guide for the fields list?
Víctor Fernández Poyatos
May 17, 2021, 6:24:19 AM5/17/21
to Wazuh mailing list
Hello,
You can use the GET /syscollector/{agent_id}/netiface endpoint for that. An output example using the ID 000 (manager) in my testing environment would be the following:
{
"data": {
"affected_items": [
{
"rx": {
"bytes": 14469,
"dropped": 0,
"errors": 0,
"packets": 113
},
"scan": {
"id": 0,
"time": "2021-05-17T10:11:11Z"
},
"tx": {
"bytes": 6234,
"dropped": 0,
"errors": 0,
"packets": 35
},
"mtu": 1500,
"state": "up",
"name": "eth0",
"mac": "02:42:ac:12:00:03",
"type": "ethernet",
"agent_id": "000"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
"data": {
"affected_items": [
{
"rx": {
"bytes": 14469,
"dropped": 0,
"errors": 0,
"packets": 113
},
"scan": {
"id": 0,
"time": "2021-05-17T10:11:11Z"
},
"tx": {
"bytes": 6234,
"dropped": 0,
"errors": 0,
"packets": 35
},
"mtu": 1500,
"state": "up",
"name": "eth0",
"mac": "02:42:ac:12:00:03",
"type": "ethernet",
"agent_id": "000"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All specified syscollector information was returned",
"error": 0
}
Please remember to enable the Syscollector wodle for system inventory on those manager/agents for which you want to use this endpoint.
Regards,
Víctor Fernández
Reply all
Reply to author
Forward
0 new messages