Solaris 11 Sparc - issue with system inventory and vulnerability detection

86 views
Skip to first unread message

Shashiduth Takoor

unread,
Feb 17, 2021, 11:29:27 PM2/17/21
to wa...@googlegroups.com

Hello,

We deployed Wazuh in our test environment and have some queries about the capabilities of the Wazuh agents on SunOS 11.3. We are currently not receiving any inventory data from our Oracle Solaris 11.3 Sparc servers which is in turn preventing us from pushing remote upgrade to the agents.

While performing an upgrade from version 4.0 to 4.1, we encountered the following error: "Error code: 1816 agent information not found in database" which is most probably related to the syscollector module not being able to populate the inventory data for the Solaris servers. See below screenshots:

Please note that all configurations on the agent side in the ossec.conf file is enabled by default and as per the compatibility matrix available online, there should be no issues with the upgrade.

Below are some additional information regarding our current deployment:
# Deployment option: Wazuh with Elastic Stack basic license
# Deployment type: Distributed deployment, Wazuh (version 4.1 ) single-node cluster along with Filebeat (version 7.10.2) and Elasticsearch (version 7.10.2) single node cluster along with Kibana (version 7.10.2).
# Server: Ubuntu 20.04.2 LTS (Focal Fossa)

We would also like to know if the Wazuh agents for SunOS supports the vulnerability detection capabilities.

We would appreciate if you could please assist on the aforementioned issue as most of our servers are based on Oracle Solaris 11 and manually upgrading the agents is going to be time consuming.

Thanks and best regards,
Shashiduth

Octavio Valle López

unread,
Feb 18, 2021, 12:46:12 AM2/18/21
to Wazuh mailing list
Hi Shashiduth, I hope you are well.

I am pleased to answer this question, since currently Wazuh does not support syscollector in Solaris, which due to transitivity cannot perform operations with vulnerability detector(use syscollector package list) either.

On mi side I must tell you that I am part of the team that implemented syscollector and I am eager to support solaris!

Reviewing the product roadmap, I do not find that this is currently in it, what I suggest is that you create an issue in github core team (https://github.com/wazuh/wazuh/issues/new), in which you raise the feature request, so that this has visibility until this is decided to do it, I see that You are not the only one asking about this as there was a question recently, but it did not go to the core team -> https://github.com/wazuh/wazuh-kibana-app/issues/2484

Current compatibility matrix for syscollector:
https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html#compatibility-matrix

Shashiduth Takoor

unread,
Feb 18, 2021, 10:23:17 PM2/18/21
to wa...@googlegroups.com

Hello Octavio,

Hope you are doing good and thank you for the prompt reply and advice.

I will raise an issue for the feature request on the Wazuh github core team.

Thanks again and apologies for the late reply.

Best regards,
Shashiduth

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/60df775d-3fc9-41d5-bb16-08d8b5255c65n%40googlegroups.com.
--
Reply all
Reply to author
Forward
0 new messages