Centralized Configuration Error: 3013 - Wazuh syntax error: Invalid element in the configuration: 'client'.
1,044 views
Skip to first unread message
Lamya Imam
Dec 12, 2022, 12:54:55 AM12/12/22
to Wazuh mailing list
Hello,
Once I go to Management -> Group -> agent.conf (to centrally configure my Wazuh agents from manager), and put the configuration below:
<client>
<server>
<address>192.x.x.x</address>
<port>1514</port>
<protocol>tcp</protocol>
<max_retries>5</max_retries>
<retry_interval>5</retry_interval>
</server>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<config-profile>webserver, debian8</config-profile>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
</client>
<server>
<address>192.x.x.x</address>
<port>1514</port>
<protocol>tcp</protocol>
<max_retries>5</max_retries>
<retry_interval>5</retry_interval>
</server>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<config-profile>webserver, debian8</config-profile>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
</client>
It shows the following error:
Error: 3013 - Wazuh syntax error: Invalid element in the configuration: 'client'. Syscheck remote configuration in '/var/ossec/tmp/api_tmp_file_05a4me_8.xml' is corrupted.
Can anyone please help me with the solution to this problem?
NOTE: We are trying to avoid the configuration of "Load balancing" ,"Failover" or direct configuration from agent. Is there an alternative method for centrally forwarding logs to a backup node?
Thanks in advance
Lamya
Alejandro Ruiz Becerra
Dec 12, 2022, 4:55:59 AM12/12/22
to Wazuh mailing list
Hello Lamya
These settings are only available in the local configuration file (ossec.conf). The centralized configuration (agent.conf), only takes the following configurations, as seen in our documentation.
Best regards
Alex
Message has been deleted
Lamya Imam
Dec 12, 2022, 5:24:34 AM12/12/22
to Wazuh mailing list
Dear Alex,
Thank you for your reply. I've been following the documentation so far.
Whenever I try to configure "force_reconnect_interval setting (client)" in agent.conf and put the "<client>.........</client>" part in the configuration and save it, the error pops up.
I'm not quite sure what I am doing wrong. Could you kindly look into this matter and help me out?
Best Regards
Lamya
Alejandro Ruiz Becerra
Dec 12, 2022, 6:48:49 AM12/12/22
to Wazuh mailing list
The following configuration works for me in a 4.3.10 environment
<agent_config>
<!-- Shared agent configuration here -->
<client>
<force_reconnect_interval>1d</force_reconnect_interval>
</client>
</agent_config>
<!-- Shared agent configuration here -->
<client>
<force_reconnect_interval>1d</force_reconnect_interval>
</client>
</agent_config>
Could you check that out?
In case it fails, which Wazuh version are you using?
Regards
In case it fails, which Wazuh version are you using?
Regards
Alex
Saiful Alam Shihab
Dec 12, 2022, 7:11:53 AM12/12/22
to Alejandro Ruiz Becerra, Wazuh mailing list
hi Alex,
is it possible to add one more manager node in the address section from manager console. If one goes down another will be working as manager node.
<agent_config>
<client>
<server>
<address>192.x.x.x</address>
<address>192.x.x.x</address>
<port>1514</port>
<protocol>tcp</protocol>
<max_retries>5</max_retries>
<retry_interval>5</retry_interval>
</server>
</client>
</agent_config>
</agent_config>
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/df7cda67-8fd6-4dfa-9633-67fde3080248n%40googlegroups.com.
Alejandro Ruiz Becerra
Dec 12, 2022, 8:01:22 AM12/12/22
to Wazuh mailing list
As I said previously, the centralized configuration does not allow these settings, only the ones listed here.
This is also highlighted in the documentation for the client XML section.
All these settings you are adding must be placed in the ossec.conf file, not in the agent.conf.
<port>1514</port>
<protocol>tcp</protocol>
<max_retries>5</max_retries>
<retry_interval>5</retry_interval>
</server>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<config-profile>webserver, debian8</config-profile>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
</client>
This is also highlighted in the documentation for the client XML section.
All these settings you are adding must be placed in the ossec.conf file, not in the agent.conf.
In reply to your question, yes, it's possible to add several servers, but a <server> section is required for each of them, as seen in this example.
<client>
<server>
<address>192.168.1.100</address>
<server>
<address>192.168.1.100</address>
<port>1514</port>
<protocol>tcp</protocol>
<max_retries>5</max_retries>
<retry_interval>5</retry_interval>
</server>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<config-profile>webserver, debian8</config-profile>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
</client>
Lamya Imam
Dec 13, 2022, 2:35:09 AM12/13/22
to Wazuh mailing list
Thank you Alex for your prompt reply and supporting us.
There's a little problem we are facing currently. Actually, we want to configure from the manager to push it to all the 50 agents that we have installed. It would be difficulty to configure all agents separately. Is there any way to do that?
There's a little problem we are facing currently. Actually, we want to configure from the manager to push it to all the 50 agents that we have installed. It would be difficulty to configure all agents separately. Is there any way to do that?
Alejandro Ruiz Becerra
Dec 13, 2022, 5:38:23 AM12/13/22
to Wazuh mailing list
Hello Lamya
I understand that configuring all agents one-by-one would be tedious. May I ask what are you trying to achieve exactly? From the first message, I can read your purpose, but it's not clear to me. Could you please elaborate? Which problem are you having? And, what do you mean by "direct configuration"?
An alternative method to centrally the logs in a backup node would be to use a cronjob that does that periodically
Regards
Alex
I understand that configuring all agents one-by-one would be tedious. May I ask what are you trying to achieve exactly? From the first message, I can read your purpose, but it's not clear to me. Could you please elaborate? Which problem are you having? And, what do you mean by "direct configuration"?
An alternative method to centrally the logs in a backup node would be to use a cronjob that does that periodically
Regards
Alex
Lamya Imam
Dec 13, 2022, 6:43:57 AM12/13/22
to Wazuh mailing list
Hi Alex,
Basically what I am trying to say is, our cluster has 3 nodes (1 master node and 2 worker nodes) and we have 50 agents installed that are connected to our master node only. To configure failover mode for all agents, I will have to re-configure it one by one which will be very time consuming. Instead of configuring separately, I want to configure the agents remotely from my manager so that, if our master node goes down, the worker nodes will work as my backup. Sorry, I couldn't explain it properly before, but I hope this helps with what I was trying to say.
Thanks again!
Lamya
Alejandro Ruiz Becerra
Dec 13, 2022, 7:33:40 AM12/13/22
to Wazuh mailing list
It's much clearer now, thanks!
In that case, I think this guide on how to set up a load balancer ahead of a Wazuh cluster might be useful for you. Please take a look at it and let me know if it works for you.
In that case, I think this guide on how to set up a load balancer ahead of a Wazuh cluster might be useful for you. Please take a look at it and let me know if it works for you.
Reply all
Reply to author
Forward
0 new messages