The agent name information on the wazuh dashboard does not match

[Juan Ferdinan]

Hi Wazuh Teams

I managed to do fortigate, vmware, postgresql and MSSQL log integration to wazuh. Where to do this integration, I don't install the wazuh agent on the asset or it can be said to be agentless. Because of this, the activity logs on these assets are detected to have agent name server wazuh. As an example I attach the activity log from fortigate and postgresql, where the agent name detected on the wazuh dashboard is the hostname of the wazuh server, not the name of fortigate or postgresql and this also affects the wazuh alert email that is sent to me, the email subject that is displayed is the wazuh server hostname.. Please confirm, does the agent name that appears on the wazuh dashboard have to be the wazuh server hostname? Why did it happen?

Thanks & Regards

Juan

[Juan Ferdinan]

[Devender Rao]

Hi Juan,

Agentless devices do not appear as individual agents themselves, their logs are registered with the manager agent name and ID 000.
That's why the agent's name is the same and the id is 000.

However, you may filter agentless logs by searching for location:agentless and each specific host can be identified by the agentless.host field.

Reference: https://documentation.wazuh.com/current/user-manual/capabilities/agentless-monitoring/agentless-faq.html#if-i-add-an-agentless-device-will-it-show-as-an-agent

Best Regards,
Devender

[Juan Ferdinan]

Hi Devender,

Thank you for the confirmation

Best Regards,

Juan