Wazuh-Agent Grouping

653 views
Skip to first unread message

Khul Sat

unread,
Jan 19, 2023, 12:34:00 AM1/19/23
to Wazuh mailing list

Greetings!!!

Background:
To deploy a wazuh-agent, following steps are given under Wazuh Dashboard -

Choose an OS
Wazuh Server Address
Assign the agent to a group
Install and enroll the agent
Start the agent

Post selecting the values, I get following command -

sudo WAZUH_MANAGER='wazuh.example.com' WAZUH_AGENT_GROUP='default,uat,apps' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.10-1.x86_64.rpm

Issue:
Post registering the agent, I can only see the first group getting assigned to the agent. Remaining groups don’t get assigned.

WAZUH_AGENT_GROUP='uat,apps' >> UAT group will get assigned

WAZUH_AGENT_GROUP='default,apps' >> DEFAULT group will get assigned

Could someone please help?

Also wish to know the process to assign groups to existing agents which are added in past. This will probably a bulk process.

Thanks!!

-KS



elw...@wazuh.com

unread,
Jan 19, 2023, 5:51:02 AM1/19/23
to Wazuh mailing list
Hello KS,

Can you use double quotes instead as mentioned here https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-linux.html, the deployment command would be : WAZUH_MANAGER="10.0.0.2" WAZUH_REGISTRATION_SERVER="10.0.0.2" WAZUH_REGISTRATION_PASSWORD="TopSecret" WAZUH_AGENT_GROUP="my-group, group2, group3" yum install wazuh-agent.

For the existing agents, you might assign groups to them via the Wazuh UI:

image (164).png
image (165).png



Hope this helps.

Regards,
Wali

Khul Sat

unread,
Jan 20, 2023, 2:51:21 AM1/20/23
to Wazuh mailing list

Hey Wali.. Thank you so much for pointing that out!
That “Double Quote”  thing worked like a charm. We might need to get it altered under Wazuh Dashboard >> Agent >> (+) Deploy new agent.

Also I checked above snippets to manage agent groups, however there is one challenge - that while adding removing agents, I do not see agent’s existing configured groups. That could be the feature requests in upcoming releases if feasible.
If I have the list of agents which are marked for group assignment, is there any command line way where in I can assign the group these set of agents?

Regards, KS

elw...@wazuh.com

unread,
Jan 20, 2023, 6:11:43 AM1/20/23
to Wazuh mailing list
Hello KS,

Glad it is working :D.

To include that in a future version, would you please open an issue about it here https://github.com/wazuh/wazuh-kibana-app/issues

You can see the configured group (Current agents in the group) in the right tab as you can see below:

image (167).png

Hope it helps.

Regards,
Wali
Reply all
Reply to author
Forward
0 new messages