wazuh agent event not display on wazuh dashboard
30 views
Skip to first unread message
beletech shewayirga
Sep 23, 2024, 9:54:56 AM9/23/24
to Wazuh | Mailing List
why ? and how to fix it?
Olusegun Adenrele Oyebo
Sep 23, 2024, 11:17:59 AM9/23/24
to Wazuh | Mailing List
Hello Beletech,
Is this issue specific to just an agent or all the agents in your environment?
Is the agent service running? Kindly confirm the status of the service using the below commands depending on the OS version:
If the above have been confirmed okay, check the /var/ossec/logs/alerts/alerts.log file to see if you're seeing any alerts generated from the affected agent(s).
Next, check if filebeat is running by doing a test with command filebeat test output.
Next, you can check the Wazuh indexer logs for error/warning related entries that could give more clue into the issue:
Is this issue specific to just an agent or all the agents in your environment?
Also, are you having this issue with just a particular event, or no events is showing on the dashboard? Will need more clarity on this.
Is the agent service running? Kindly confirm the status of the service using the below commands depending on the OS version:
- Windows (cmd): sc query wazuhsvc
- Linux: systemctl status wazuh-agent
- Mac: /Library/Ossec/bin/wazuh-control status
If the above have been confirmed okay, check the /var/ossec/logs/alerts/alerts.log file to see if you're seeing any alerts generated from the affected agent(s).
Next, check if filebeat is running by doing a test with command filebeat test output.
Next, you can check the Wazuh indexer logs for error/warning related entries that could give more clue into the issue:
- cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn|crit|fatal"
Best regards.
Reply all
Reply to author
Forward
0 new messages