How to generate Agent keys

[smit patel]

Hi Team,

Suppose I have 500 end points and I want to register agents using keys. So Is it possible to generate keys in one short? If yes please let me know.

Thanks,

Smit

[Rafael Antonio Rodriguez Otero]

Please can you explain a little better what you want to do?

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b81cb1db-bbb4-45ab-8404-b608205113d7n%40googlegroups.com.

[smit patel]

Sure, 

SUppose I have 500 end points and for each and every end points its difficult to generate keys at once so Is there any way where we can import all IP addresses  in execle or txt file and try to generate keys for all them.

[Alberto Rodriguez]

Hello Smit

Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. You only have to indicate the Wazuh manager IP in your agent's ossec.conf and your agent will automatically register and connect to the Wazuh manager. No manual registering is needed. 
Alternatively, you could use the Deployment variables, explained here. Or you can consider other deployments tools like Ansible, Chef, Puppet, etc. 

Please let me know if you have any doubt. 

Regards, 

Alberto R

[smit patel]

Hi  Alberto ,

Thanks for the update. I did tried this "the agent registers automatically with the manager through enrollment" but the problem is wazuh agent is registring only with system hostname. I want to register it using system IP address so is there any option for to archive this with autometic registration?

[Alberto Rodriguez]

If I understand you, the option that you are looking for is this one: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#use-source-ip. Does this option match with what you want?

[smit patel]

Please refer the snapshot, it will more clear. 

As per the snapshot there is only one option to register an agent using "hostname" so what will happen with this scenario SIEM or 3rd party tool can see only hostname of end machine so I was asking that is there any option to register that agent with" IP address" also, till now only hostname is present.

[smit patel]

Hi Team,

Please let me know if you have any update. 

[Alberto Rodriguez]

Hello

  So you want to put the IP in the agent name, right? You can register the agents using a command that obtains the IP. Please take a look at these two examples:

Linux

The command I used: 

/var/ossec/bin/agent-auth -m 172.17.0.2 -A $(hostname -I)

where hostname -I give me the IP. In some cases, this command can return more than one IP, so you should use cut or grep for getting the desired IP isolated. 

Windows

The command I used: 

PS C:\Program Files (x86)\ossec-agent> .\agent-auth.exe -m 172.17.0.2 -A (Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Ethernet 2").IPAddress

Note that (Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Ethernet 2").IPAddress return me the Ethernet 2 interface IP. Maybe in your case, you should change this value. 

Please let me know if this works for you. 

Regards, 

Alberto R