Wazuh Agent Connection and Enrolment through Port 443

526 views
Skip to first unread message

nithin...@gmail.com

unread,
Jun 9, 2022, 5:51:43 AM6/9/22
to Wazuh mailing list

Hello Connections,

 

How can I achieve to use port 443 for agent communication and agent enrolment together for remotely working systems.

 

I changed the agent ossec.conf file with 2 manager IP that is used for communication and enrollment.

 

How to change enrolment IP in wazuh manager ossec.conf file (to achieve authd listen to a single IP, when I checked it is listening to any IP), I am using 2 IPs for WM, one for communication and the other for enrolment.

 

When adding additional IP in the remote tag for "authd", got few errors as shown below.

 

Could not update configuration (1908) - Error validating configuration: (1244): Can't add more than one secure connection., (1202): Configuration error at 'etc/ossec.conf'.

 

 

 

 

Best Regards,

Nithin Jose

image001.png

Santiago David Vendramini

unread,
Jun 9, 2022, 8:29:29 AM6/9/22
to Wazuh mailing list
Hi! Thanks for using Wazuh! 

Can you send me the config sections of the ossec.conf file (on both the agent and manager) that you are trying to change to find out if there are any problem? 

I await your response so I can help you.
Regards.

Belen Valdivia

unread,
Jun 9, 2022, 10:55:08 AM6/9/22
to Wazuh mailing list
Hi Nithin!
In the ossec.conf of wazuh manager you can have only one remote connection. You cannot define two blocks of type secure.
<remote>
    <connection>secure</connection>
    <port>443</port>
    <protocol>tcp,udp</protocol>
    <queue_size>16384</queue_size>
    <rids_closing_time>5m</rids_closing_time>
    <local_ip>IP</local_ip>
</remote>

With the setting <local_ip> you can configure it to listen for connections from a single interface (IP) https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html#local-ip
Enrollment does not allow you to configure an IP. If you think it is necessary, you can open an issue to support local_ip in enrollment here https://github.com/wazuh/wazuh/issues/new?assignees=&labels=&template=default.md&title=.
I recommend you to create a cluster of two nodes and use one node to authenticate (master node) and another node to connect (worker node). You can follow this documentation https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html#cluster-configuration-for-multi-node-deployment

Regards!

nithin...@gmail.com

unread,
Jun 10, 2022, 8:26:02 AM6/10/22
to Belen Valdivia, Wazuh mailing list

Hi Belen,

 

Thanks for your reply.

 

Best Regards,

Nithin Jose

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7f8c3abe-00c4-4702-91c0-e9e8757a4903n%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages