Add label to all the agents

[Wauh Test]

Hi Team,

How we can add labels for all the agents using centralized configuration?

Regards,

Ekta

[Henadence Anyam]

Hello Wauh,

To use centralized configuration, you need to understand agent groups.
Agents can be grouped together in order to send them a unique centralized configuration that is group specific. Each agent can belong to more than one group, and unless otherwise configured, all agents belong to a group called default.

If that is the case, to set the labels at the Wazuh server, use the specific agent.conf file.

For example the following configuration will add the label,  group1 to all agents in the configured group:

<agent_config>
  <labels>
    <label key="agent.set">group1</label>
  </labels>
</agent_config>

Learn more about agent labels here: https://documentation.wazuh.com/current/user-manual/agents/labels.html

Hope you find this information helpful.

Regards,

Henadence

[Wauh Test]

Hi  Henadence,

If we want to add project name as field for each agent how we can do that?

Regards,

Ekta

[Henadence Anyam]

In that case you can use the agents local configuration file /var/ossec/etc/ossec.conf for Linux agents.

For example, you can add the following configuration within the <ossec_config></ossec_config> tag in the file /var/ossec/etc/ossec.conf for a Linux endpoint:

<labels>
    <label key="project.name">first_project</label>
</labels>

Restart the Wazuh agent on the Linux endpoint.

You will get a generated alert with the agent.labels.project.name field and value first_project as seen in the image below.

Hope that helps.