wazuh-ansible
42 views
Skip to first unread message
Romain Hennebois
Jun 26, 2024, 5:02:49 AM (7 days ago) Jun 26
to Wazuh | Mailing List
Hi team,
I have a few questions. I am currently looking for a wazuh agent deployment via ansible. I've been following this documentation: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-agent.html
It's working fine, but I've noticed a few points.
- The log file locations aren't automatic and don't look for all possibilities as when you do it manually with the add agent on the manager.
- For the vulnerability detection, it doesn't work when u do it with ansible.
Anyone for any help ? thanks in advance.
I have a few questions. I am currently looking for a wazuh agent deployment via ansible. I've been following this documentation: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-agent.html
It's working fine, but I've noticed a few points.
- The log file locations aren't automatic and don't look for all possibilities as when you do it manually with the add agent on the manager.
- For the vulnerability detection, it doesn't work when u do it with ansible.
Anyone for any help ? thanks in advance.
Romain Hennebois
Jun 27, 2024, 2:43:48 AM (6 days ago) Jun 27
to Wazuh | Mailing List
any helps ?
Juan Antonio Garcia Ruiz
Jul 1, 2024, 10:40:48 AM (2 days ago) Jul 1
to Wazuh | Mailing List
Good morning, Romain Hennebois. I am Juan from the Wazuh team. It's a pleasure to be able to help you.
I am currently investigating the issue with file automation, but to be able to fully assist you, I need to know which version you are using.
Regarding vulnerability detection, what type of errors are you experiencing?
I look forward to your response. Have a great day.
Romain Hennebois
Jul 1, 2024, 10:45:37 AM (2 days ago) Jul 1
to Wazuh | Mailing List
Hi Juan,
For the version, we are currently using the latest version, so 4.8.0.
For the vulnerability detection, I have nothing that appears in events, inventory... but I remember that a wazuh member told me it was normal with this version.
For the version, we are currently using the latest version, so 4.8.0.
For the vulnerability detection, I have nothing that appears in events, inventory... but I remember that a wazuh member told me it was normal with this version.
Juan Antonio Garcia Ruiz
9:12 AM (3 hours ago) 9:12 AM
to Wazuh | Mailing List
Good morning Romain,
After doing some research, it is not entirely clear to me what you mean by "log file locations." If you could provide more details on the expected result, it would be very helpful.
Regarding vulnerability detection, it is activated from the manager. If you could attach the VD configuration in the manager and the issue it is causing on the dashboard, it would be very helpful.
Lastly, to ensure a more accurate response, if you can share the playbook and the inventory, hiding any sensitive information, it would be greatly appreciated.
Thank you very much for your patience.
After doing some research, it is not entirely clear to me what you mean by "log file locations." If you could provide more details on the expected result, it would be very helpful.
Regarding vulnerability detection, it is activated from the manager. If you could attach the VD configuration in the manager and the issue it is causing on the dashboard, it would be very helpful.
Lastly, to ensure a more accurate response, if you can share the playbook and the inventory, hiding any sensitive information, it would be greatly appreciated.
Thank you very much for your patience.
Romain Hennebois
9:19 AM (3 hours ago) 9:19 AM
to Wazuh | Mailing List
Hi Juan,
When I add an agent using the Wazuh GUI, the agent automatically detects my log files. (ex: /var/log/auth.log or /var/log/mail.log).
but i related that with ansible, it is a global configuration. every agent will have the same agent's logfiles and when i tried to enroll my agent using ansible, all my log files location were not detected (ex: /var/log/mail.log wasn't here).
The goal is to enroll a lot of servers and I do not want to go back to each server and do it by hand.
When I add an agent using the Wazuh GUI, the agent automatically detects my log files. (ex: /var/log/auth.log or /var/log/mail.log).
but i related that with ansible, it is a global configuration. every agent will have the same agent's logfiles and when i tried to enroll my agent using ansible, all my log files location were not detected (ex: /var/log/mail.log wasn't here).
The goal is to enroll a lot of servers and I do not want to go back to each server and do it by hand.
Reply all
Reply to author
Forward
0 new messages