Alert syscheck running from agent not working

[Cláudio Lopes]

Hello.

I did observed a problem. When in host client do command for start syscheck or restart wazuh-client because will runner syscheck, i'm not receive alert in my workers from this syscheck, but when i did from API or mananger command, its create alerts and i receveit that way.

Anybody knows how resolve it?

Thank you for your help.

[Santiago David Vendramini]

Hi ! I hope you are doing well! I am reviewing this, I will write you ASAP! Regards!

[Santiago David Vendramini]

Have you seen the alert on the master node? Can you tell me more about how you have deployed wazuh-manager and this particular agent? Maybe this agent is connected to the master node, so this alert will be triggered only on the master node.

[Cláudio Lopes]

Hello,  I did verify in node where agent is connected and watch dashboard. What i saw  was when command send by API for do sysycheck i received alerts normal, but when i do by CLI on agent or manager. I saw he detect changed in debbug on agent, but not send alarmistic for manager. 

[Santiago David Vendramini]

Can you check in both test that the alert is generated in alert.json file? The logs from /var/ossec/logs/ossec.log in the manager and agent will be usefull when you trigger syscheck by cli.