CPU, Memory and Disk usage
246 views
Skip to first unread message
Fawwas Hamdi
May 8, 2023, 11:17:30 PM5/8/23
to Wazuh mailing list
Hello guys currently trying to integrate this blog post https://wazuh.com/blog/monitoring-linux-resource-usage-with-wazuh/ regarding Linux resource monitoring, and the problem is the configuration is not working since I already put it in the agent.conf for each group can someone help me troubleshoot this issue?
below is the result of verifying agent config
/var/ossec/bin/verify-agent-conf
verify-agent-conf: Verifying [etc/shared/default/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/P/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/D/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/P/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/Pagent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/C/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/c/agent.conf]
verify-agent-conf: OK
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/P/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/D/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/P/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/Pagent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/C/agent.conf]
verify-agent-conf: OK
verify-agent-conf: Verifying [etc/shared/c/agent.conf]
verify-agent-conf: OK
Abdullah Al Rafi Fahim
May 9, 2023, 12:44:35 AM5/9/23
to Wazuh mailing list
Hello Fawwas,
Thank you for sharing your issue with us!
Are you trying to configure the <localfile> sections for command monitoring through the centralized configuration files (agent groups' agent.conf) instead of adding them locally in the agent machines' ossec.conf file? You can use the centralized configuration to distribute this setting across multiple monitored endpoints. However, remote commands are disabled by default for security reasons in the agent machines and have to be explicitly enabled on each agent locally to allow this setting to work.
To enable remote command execution, you need to add the following line to the /var/ossec/etc/local_internal_options.conf file on the agent side locally.
wazuh_command.remote_commands=1
After adding this local option, you need to restart the wazuh-agent to make this change effective.
Reference: https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#wazuh-command
Other than this, all other configurations and steps in the blog can be performed from the Wazuh Server end.
I hope it helps. Please let us know if you have any further query here.
Fawwas Hamdi
May 9, 2023, 12:46:59 AM5/9/23
to Wazuh mailing list
To enable remote command execution, you need to add the following line to the /var/ossec/etc/local_internal_options.conf file on the agent side locally.
wazuh_command.remote_commands=1
Abdullah Al Rafi Fahim
May 9, 2023, 3:27:12 AM5/9/23
to Wazuh mailing list
Hello Fawwas,
Yes, you need to enable this explicitly in each agent where you want this remotely delivered command to be executed. This remote command execution is disabled in agent side by default for security reason and can be enabled locally in the mentioned file.
Reply all
Reply to author
Forward
0 new messages