Change Wazuh Node Name
serano...@gmail.com
Luis González Romero
Hello! Hope you are doing great.
That is not possible, but you can follow this workaround to rename a node. You have to configure the single node as a cluster. So, you have to modify the cluster section within the /var/ossec/etc/ossec.conf configuration file. Here you have more details.
- Modified
clustersection:<cluster> <name>wazuh</name> <node_name>wazuh-server</node_name> <key>9fb3c76920d84ea4c688720ae159742a</key> <node_type>master</node_type> <port>1516</port> <bind_addr>0.0.0.0</bind_addr> <nodes> <node>192.168.56.200</node> </nodes> <hidden>no</hidden> <disabled>no</disabled> </cluster>
For the key field, you can generate a key like this:
root@manager1:/home/vagrant# openssl rand -hex 16
9fb3c76920d84ea4c688720ae159742a
If you change the node_name field, the name will be updated. Also, you can set disabled to no and check that it changes:
root@manager1:/home/vagrant# /var/ossec/bin/cluster_control -l
NAME TYPE VERSION ADDRESS
wazuh-node-1 master 4.2.6 192.168.56.200
root@manager1:/home/vagrant# vim /var/ossec/etc/ossec.conf
root@manager1:/home/vagrant# systemctl restart wazuh-manager
root@manager1:/home/vagrant# /var/ossec/bin/cluster_control -l
NAME TYPE VERSION ADDRESS
wazuh-server master 4.2.6 192.168.56.200
Within the alerts, you will have this structure
,"manager":{"name":"manager1"},"id":"1649156925.978681","cluster":{"name":"wazuh","node":"wazuh-server"}, where you can see the node inside thecluster field can be renamed. The name field inside the manager field will have the system hostname.
Do not hesitate to ask us whatever you need!
Hope this helps,
Luis.