Puppet ossec Module configuration/setup Help
459 views
Skip to first unread message
Eric Adkins
Sep 22, 2016, 9:57:58 PM9/22/16
to Wazuh mailing list
System Deets:
Puppet Server version: 3.8.7
Mix of Windows/*nix OS Puppet Agents (server newer than all Agent versions)
I have taken the following steps to implement puppet ossec module by wazuh installation.
- Configured puppet/server agent and confirmed they can communicate. [ puppet agent -t ]
- Confirmed ossec module installed on Server at /etc/puppet/modules/ossec*
- Therefore next step I see, which I need help with, is the required settings/configurations necessary to setup module to install ossec-agent on ALL puppet agents. To do so, I attempted to build my own site.pp with the following content:
Node default { }Class { “ossec::client”:ossec_server_ip => “Ossec.Server.IP.Address”}
Note: site.pp currently located at directory /etc/puppet/manifests/site.pp
I assumed that all the required puppet content was pre-configured into the installed module, with condition that I must correctly adapt that module to my unique environment settings. Puppet Wazuh Ossec Module Official Documentation
If this is not the case I would greatly appreciate some clarity on what tasks I am expected/required to perform after installing ossec puppet module on puppet server, to result in the install of ossec agents to ALL puppet agents in environment using puppet ossec module. Please let me know if additional information is required to answer the question. Thanks in advance for your patients in helping me understand puppet workings.
Jose Luis Ruiz
Sep 23, 2016, 10:54:08 AM9/23/16
to Eric Adkins, Wazuh mailing list
Hi Eric,
I have a few questions to better understand actual installation:
- Do you already already a Puppet environment working? or this is a fresh Puppet installation only for Ossec?
- Do you have Export Resources working in your actual environment? (We need these to keys to extract the key from agents)
- Which are you Puppet manager OS?
After that it’s easy, you only need to add to your manifest site.pp the manager configuration, similar than:
node "server.yourhost.com" {
class { 'ossec::server':
mailserver_ip => 'localhost',
ossec_emailto => ['us...@mycompany.com'],
use_mysql => true,
mysql_hostname => '127.0.0.1',
mysql_name => 'ossec',
mysql_password => 'yourpassword',
mysql_username => 'ossec',
}
}
Run in your server.yourhost.com this command puppet agent --no-daemonize --debug --trace to verify the installation in debug mode.
If all run nice you need to add to your manifest in the Puppet server the agent configuration:
node "client.yourhost.com" {
class { "ossec::client":
ossec_server_ip => "Ossec.Server.IP.Address"
}
}
and run the same command than in your manager puppet agent --no-daemonize --debug --trace.
After finish the installation, your client has a client.keys file created in /var/ossec/etc/client.keys, and saved in Export Resources.
The last step is copy the agent client.keys to the Ossec manager, we do that running again puppet agent --no-daemonize --debug --trace, in order to made Puppet ask to Export resources for new configuration, and export resources ship the client.keys to the Ossec manager.
A brief summary:
- Verify your Export Resources is installed and working
- Verify the manager installation after run
puppet agent --no-daemonize --debug --trace - Verify the agent installation after run
puppet agent --no-daemonize --debug --trace - Run puppet agent again in the Ossec manager and verify the content from /var/ossec/etc/client.keys should have the client information.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/297caa22-5a35-4f18-b43e-03b50ede3fbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Eric Adkins
Sep 23, 2016, 10:50:00 PM9/23/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
To first answer your questions:
- I have a Fresh Puppet installation just for ossec.
- I am not sure exactly what is meant by Export Resources, however, I am in process of confirming the PuppetDB is installed and working to correctly act as the export resource receiver for client content. In particular the mentioned client.keys content.
- I will update on thread with PuppetDB working status once available.
- Export Resource Puppet Documentation
- Puppet Manager OS is CENTOS 6
- I will post with updated results on the remaining suggestions after confirming working Export Resource.
Thanks for all your help, I greatly appreciate it. Please let me know if additional details are required.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/297caa22-5a35-4f18-b43e-03b50ede3fbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Jose Luis Ruiz
Sep 24, 2016, 11:10:46 AM9/24/16
to Eric Adkins, Wazuh mailing list
Hi Eric,
With PuppedDB working, Ossec installation should be easy, you only need the Ossec declarations in site.pp as mentioned in the the last mail.
The communication between Ossec Agents and Manager is through port 1514UDP, please be sure this port is open in your environment.
Please let me know if this works.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/37795950-699e-49b4-906d-8a5fa744eb4d%40googlegroups.com.
Message has been deleted
Eric Adkins
Oct 2, 2016, 3:03:37 AM10/2/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
Commands Performed with Snips of relevant output Provided Below:
$ sudo rpm -Uvh http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm
$ yum install puppetdb-terminus.noarch puppetdb postgresql94-server postgresql94 postgresql94-contrib.x86_64
$ sudo /usr/pgsql-9.4/bin/postgresql94-setup initdb
$ service puppetdb start
$ vi /var/lib/pgsql/9.4/data/pg_hba.conf – CentOS
Change to md5$ su postgres
/usr/pgsql-9.4/bin/pg_ctl -D /var/lib/pgsql/9.4/data -l logfile start
Createuser -DRSP puppetdb
Enter password 2x
Created -O puppetdb puppetdb$ psql -h 127.0.0.1 -p 5432 -U puppetdb -W puppetdb
Password for user puppetdb:
psql (8.4.13)
Type "help" for help.
puppetdb=> CREATE EXTENSION pg_trgm;
puppetdb=> \q$ vi /etc/puppetdb/conf.d/database.iniclassname = org.postgresql.Driver
subprotocol = postgresql
subname = //127.0.0.1:5432/puppetdb
username = puppetdb
password = yourpassword
log-slow-statements = 10
$ vi /etc/puppet/manifests/site.pp
node "default" {
class { "ossec::client":
ossec_server_ip => "Ossec.Server.IP.Address"
}
}
$ vi /etc/puppet/puppetdb.conf
[main]
server_urls = https://puppetdb.company.FQDN.com:8081
$ vi /etc/puppetlabs/puppet/routes.yaml
ON SERVER$ puppet agent –no-daemonize –debug –traceNo outputON AGENT$ puppet agent –no-daemonize –debug –trace
ON SERVER
$ puppet agent --test
ON AGENT
$ puppet agent --test
ON SERVER
$ vi /var/ossec/etc/client.keys
only has 1 entry
shows puppet server key
I have been unable to resolve the above errors. Please provide any feedback you may have on resolving the above errors. Please let me know if additional detail is required to proceed.
Jose Luis Ruiz
Oct 2, 2016, 11:14:50 AM10/2/16
to Eric Adkins, Wazuh mailing list
Hi Erick,
Looks like puppetdb is not working properly.
Can you review the next configuration?
Review if your puppetdb has created the tables in your database:
[root@localhost puppet]# psql -h 127.0.0.1 -p 5432 -U puppetdb -W puppetdb
Password for user puppetdb:
psql (9.4.9)
Type "help" for help.
puppetdb=> \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------+-------+----------
public | catalog_resources | table | puppetdb
public | catalogs | table | puppetdb
public | certnames | table | puppetdb
public | edges | table | puppetdb
public | environments | table | puppetdb
public | fact_paths | table | puppetdb
public | fact_values | table | puppetdb
public | facts | table | puppetdb
public | factsets | table | puppetdb
public | producers | table | puppetdb
public | report_statuses | table | puppetdb
public | reports | table | puppetdb
public | resource_events | table | puppetdb
public | resource_params | table | puppetdb
public | resource_params_cache | table | puppetdb
public | schema_migrations | table | puppetdb
public | value_types | table | puppetdb
(17 rows)
puppetdb=>
If not please be sure the password is correct:
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //127.0.0.1:5432/puppetdb
username = puppetdb
password = yourpassword
log-slow-statements = 10
Please be sure the server is accesible by DNS, you can try a $ ping puppetdb.company.FQDN.com in the same machine and if you have any firewall running open the por 8081.
server_urls = https://puppetdb.company.FQDN.com:8081
After review that restart puppetdb and puppetserver, look the logs from both, and search any error.
On October 2, 2016 at 3:03:39 AM, Eric Adkins (eaad...@rams.colostate.edu) wrote:
/var/lib/pgsql/9.4/data/pg_hba.conf
Eric Adkins
Oct 11, 2016, 6:51:38 AM10/11/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
I have been performing the advised checks and tests to confirm the setup and correct function of puppetdb. I am still recieving an error but remain hopeful we are near the end of this rabbit hole. To report my findings:
ON SERVER
Returned the 17 rows provided
puppetdb=> \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------+-------+----------
public | catalog_resources | table | puppetdb
public | catalogs | table | puppetdb
public | certnames | table | puppetdb
public | edges | table | puppetdb
public | environments | table | puppetdb
public | fact_paths | table | puppetdb
public | fact_values | table | puppetdb
public | facts | table | puppetdb
public | factsets | table | puppetdb
public | producers | table | puppetdb
public | report_statuses | table | puppetdb
public | reports | table | puppetdb
public | resource_events | table | puppetdb
public | resource_params | table | puppetdb
public | resource_params_cache | table | puppetdb
public | schema_migrations | table | puppetdb
public | value_types | table | puppetdb- I then confirmed successful ability to ping puppetdb.company.FQDN.com
- As well as, used TELNET to confirm port access (8081,8140)
- restart of services
- run: puppet agent --no-daemonize --debug --trace
Results:
puppetdb ssl-setup
PEM files in /etc/puppetlabs/puppetdb/ssl already exists, checking integrity.
Setting ssl-host in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-port in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-key in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-cert in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-ca-cert in /etc/puppetlabs/puppetdb/conf.d/jetty.ini already correctThe logs reflect the above error on SERVER under:
/var/log/messagesAdditionally, the following was discovered in Puppetdb logs under:
/var/log/puppetlabs/puppetdb/puppetdb.log
Finally to confirm my SSL settings where correctly configured I used:
puppetdb ssl-setup
.
As always I would greatly appreciate any assistance you may be able to provide. Please let me know if anything else is required.
Hi Erick,
Please be sure the server is accesible by DNS, you can try a
$ ping puppetdb.company.FQDN.comin the same machine and if you have any firewall running open the port8081.
server_urls = https://puppetdb.company.FQDN.com:8081After review that restart puppetdb and puppetserver, look the logs from both, and search any error.
Jose Luis Ruiz
Oct 12, 2016, 10:03:50 AM10/12/16
to Eric Adkins, Wazuh mailing list
Hi Eric
Can you show me your sites.pp??
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3a8bcf02-e43a-43d9-9611-d606f1b0d495%40googlegroups.com.
Eric Adkins
Oct 14, 2016, 7:24:17 PM10/14/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hi Jose,
Below is the sites.pp manifest I have.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Jose Luis Ruiz
Oct 14, 2016, 7:59:41 PM10/14/16
to Eric Adkins, Wazuh mailing list
Hi Eric
A estandar definition for a client should be like:
node "client.yourhost.com" {
class { "ossec::client":
ossec_server_ip => "192.168.209.166"
}
}
where client.yourhost.com is the name from the agent puppet certificate.
So if you run $ puppet cert list --all
The result is all puppet agents registered in your server.
You need to use as node name the cert name.
[root@centos1 manifests]# puppet cert list --all
+ “centos1.wazuh.com" (B4:52:73:D6:22:9B:55:35:E7:E3:DE:51:48:67:30:A0) (alt names: "DNS:centos1.example.com", "DNS:puppet", "DNS:puppet.example.com")
+ “centos2.wazuh.com" (B3:A6:A3:F2:2F:AA:7F:7A:25:37:8B:27:7A:E1:8C:77)
This is an example in this case we should use
node “centos1.wazuh.com" {
class { "ossec::client":
ossec_server_ip => "192.168.209.166"
}
}
node “centos2.wazuh.com" {
class { "ossec::client":
ossec_server_ip => "192.168.209.166"
}
}
Of course if you do a ping to any of the names certificates the name need to be resolved by DNS.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2e9f8f2a-a00c-485e-bd59-9205c08665ce%40googlegroups.com.
Eric Adkins
Oct 15, 2016, 2:08:51 AM10/15/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
Thanks for the help. I have made the appropriate changes suggested to my sites.pp manifest. I restarted all services and rerun
ON SERVER
puppet agent –no-daemonize –debug –trace
see attachment for full output
Error: Cannot create /var/ossec/logs; parent directory /var/ossec does not exist...
Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /var/ossec/etc/ossec.conf20161014-32062-1dmzrx9.lock
Everything appears to be working as intended until the above Error. Do you have any thoughts on what might be causing this? Please let me know if additional info is required.
Jose Luis Ruiz
Oct 15, 2016, 11:53:07 AM10/15/16
to Eric Adkins, Wazuh mailing list
Hi Eric, now look better.
What is your OS for the Server?
Do you delete manually this folder?
Can you uninstall manually the package from the Server and run again the puppet agent –no-daemonize –debug –trace ??
Regards
-----------------------
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/11b08a7b-6c9a-4885-a409-7228e143ba65%40googlegroups.com.
<PuppetError.txt>
Eric Adkins
Oct 17, 2016, 6:39:33 AM10/17/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
cat /etc/redhat-release
CentOS release 6.8 (Final)I am delighted to report that I made my first successful puppet run ERROR FREE! As you guessed I had accidentally (in the course of lab trail and error) deleted the oh so important /var/ossec directory and it’s contents that where installed by the OSSEC Master (wazuh fork). Once I reran this manual install with below commands:
$ sudo yum install make gcc git
$ sudo yum install openssl-devel
$ cd ~
$ mkdir ossec_tmp && cd ossec_tmp
$ git clone -b stable https://github.com/wazuh/ossec-wazuh.git
$ cd ossec-wazuh
$ sudo ./install.sh
choose "server"
$ sudo /var/ossec/bin/ossec-control startI noted during the install directory was allowed specified as /var/ossec.
I restarted services, reran
and to my surprise I received no errors on puppet server. I took an md5sum of the /var/ossec/etc/ossec.conf file before and after the puppet run, confirming the puppet wazuh module installed the new ossec.conf file replacing the original from the manual install of OSSEC Master (wazuh fork). I will be testing the agents this week, hopefully error free as well. I thank you for all the help you have provided and welcome any suggestions you may have on becoming more proficient with puppet wazuh module. Thanks again.
puppet agent --no-daemonize --debug –traceand to my surprise I received no errors on puppet server. I took an md5sum of the /var/ossec/etc/ossec.conf file before and after the puppet run, confirming the puppet wazuh module installed the new ossec.conf file replacing the original from the manual install of OSSEC Master (wazuh fork). I will be testing the agents this week, hopefully error free as well. I thank you for all the help you have provided and welcome any suggestions you may have on becoming more proficient with puppet wazuh module. Thanks again.
Jose Luis Ruiz
Oct 18, 2016, 2:59:16 PM10/18/16
to Eric Adkins, Wazuh mailing list
Hi Eric
Wonderful news,
By
default the Puppet module install s
Ossec-HIDS 2.8.3 . If it didn't for you, that was because of the previous deletion of
the folder /var/ossec . This does not remove
the whole
Ossec-HIDS package
from your system, meaning that
Puppet won't
install the server again.Try run this command:
$ rpm -qa | grep ossec
If this command is successful and shows you Ossec-HIDS, it means that you have the package ossec-hids 2.8.3 installed.
The current Puppet module is only compatible with ossec-hids 2.8.3. We will have a new module for the Ossec Wazuh Version soon. You now have two options:
1.- Keep your current configuration with the manual installation you did using Wazuh github.
2.- Delete Wazuh, remove also the package ossec-hids 2.8.3 and run puppet again in the server to install, remember, the Ossec-HIDS 2.8.3 with puppet.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/bbf4faf4-b8ec-4f3f-b4f5-153abe3ea61d%40googlegroups.com.
Eric Adkins
Oct 28, 2016, 3:42:06 AM10/28/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello again Jose,
NOTE: OSSEC MANAGER IP = Puppet Server IP
OSSEC MANAGER version = Ossec-hids 2.8.3
After performing the advised changes to OSSEC manager for puppet module compatibility. I am still having issue with getting puppet to properly authorize ossec-hids 2.8.3 on agent node and connect with OSSEC manager. I was able perform
on puppet server. While the ossec-hids 2.8.3 was installed and the agent key was created as was evident at /var/ossec/keys on agent, the OSSEC manager did not show any additional agent keys copied into /var/ossec/keys on manager besides puppet server key after several puppet run attempts and reboot of hosts.
puppet run puppet agent --no-daemonize --debug –traceon puppet server. While the ossec-hids 2.8.3 was installed and the agent key was created as was evident at /var/ossec/keys on agent, the OSSEC manager did not show any additional agent keys copied into /var/ossec/keys on manager besides puppet server key after several puppet run attempts and reboot of hosts.
The puppet run on agents
puppet agent --no-daemonize --debug –trace installs ossec 2.8.3 and I confirmed this fact by md5sum of /var/ossec/conf file is the same for ALL agents. And installed programs shows install of version ossec agent 2.8.3 on windows. Also on linux using command
$ rpm -qa | grep ossec
I confirmed ossec 2.8.3 successful install. I then confirmed that the client key file was correctly created by puppet on the agent node. Finally, I ran list agent command on OSSEC master, and inspected the ossec keys file on OSSEC master. Both locations revealed the authorization had not occurred in OSSEC master. The ossec key was not transferred and the agent was not listed in OSSEC manager.
Furthermore, it was not copying the keys from either windows or linux agents consistently. Strangely the only key on the OSSEC manager was the host itself. Since puppetdb is just a postgresDB I logged into the puppetdb and performed SQL query to inspect if tables where populating. The tables where populating however, I could not figure out which table housed (or in what form) the agent key content. Therefore, I will require help in determining why the keys are not being transferred from puppetdb to OSSEC manager. Also, how to confirm the agent keys are in fact making it into the puppetdb. Please let me know if any additional information is required.
Jose Luis Ruiz
Oct 28, 2016, 7:43:20 AM10/28/16
to Eric Adkins, Wazuh mailing list
Hi Eric
After one agent is installed you need to run again puppet agent in the manager.
When you add a new agent, puppet create the client.keys in the agent and save the key in PuppetDB, then, when you run Puppet Agent again in the manager, puppet should add the keys from the agent to the client.keys in the manager.
Do you ran puppet agent in the Manager after add the different Ossec Agents??
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/884bdefb-accc-4b06-8792-d9ca2b1775b6%40googlegroups.com.
Eric Adkins
Oct 29, 2016, 3:14:07 AM10/29/16
to Wazuh mailing list, eaad...@rams.colostate.edu
Hello Jose,
I performed the following commands to execute puppet agent runs on both agent and manager.
First On MANAGER: https://puppet.FQDN
puppet run puppet agent --no-daemonize --debug –trace
Second On AGENT https://puppetagent.FQDN
puppet run puppet agent --no-daemonize --debug –trace
Again on MANAGER https://puppet.FQDN
puppet run puppet agent --no-daemonize --debug –trace
Then I checked the log files as mentioned in earlier correspondence. Additionally, I confirmed successful run by inspecting
vi /var/lib/puppet/state/last_run_summary.yaml
I still confirm that OSSEC manager does not have a copy of the newly created agent keys. Any thoughts on how to troubleshoot? I had thought about starting with confirming pupppetdb does in fact contain a copy of the agent ossec key, however I cannot determine where to look for this. Also, is there any method to check that puppetdb is exporting resources to OSSEC manager?
Jose Luis Ruiz
Nov 1, 2016, 7:36:06 AM11/1/16
to Eric Adkins, Wazuh mailing list
Hi Eric
Its very weird, can you take a look fro this two tables in the database and verify if you have information inside?
puppetdb=# select * from certnames ;
id | certname | latest_report_id | deactivated | expired
----+-----------------------------+------------------+-------------+---------
1 | localhost.localdomain | | |
2 | agente.xxxxxxx.com | | |
3 | ubuntu.xxxxxxx.com | | |
4 | agent.xxxxxxxxxxx | | |
5 | desktop-cv0cpi7.xxxxxxxxxxx | | |
puppetdb=# select * from catalogs;
id | hash | transaction_uuid | certname | producer_timestamp | api_version | timestamp | catalog_version | environment_id | code_id | catalog_uui
d | producer_id
----+--------------------------------------------+--------------------------------------+-----------------------------+----------------------------+-------------+----------------------------+-----------------+----------------+---------+------------------------
--------------+-------------
5 | \xaff36436c2515e61d64dfcf850fb8c8d7faf0411 | 8990ef90-c094-417a-8b6d-d176aa2b0787 | desktop-cv0cpi7.xxxxxxxxxxx | 2016-07-28 14:35:33.99-05 | 1 | 2016-07-28 14:35:34.516-05 | 1469734530 | 1 | | ea7af532-0c8b-4dda-ba49
-1ccc6edf605f |
2 | \x3572733b6e2bef5ea65539f8980da374764b0390 | 7df2adf6-e014-4811-a802-a6d0ddbe805a | agente.xxxxxxx.com | 2016-07-05 15:38:33.633-05 | 1 | 2016-07-05 15:38:33.818-05 | 1467751112 | 1 | | a54d9240-11cf-469b-b788
-7e05cc00d39b |
3 | \xf8e16747b8a7dc6a2304f0695b4622395598f61a | 04bc0066-f1aa-4309-8eeb-2fd2b6111392 | ubuntu.xxxxxxx.com | 2016-07-06 14:05:36.082-05 | 1 | 2016-07-06 14:05:36.322-05 | 1467831934 | 1 | | 1b375089-99e3-4663-9a4f
-b56c3556810c |
4 | \x809317e3578a301342973148c28f74d3ac435157 | 88795fce-438a-4698-ae77-3c3536080e21 | agent.xxxxxxxxxxx | 2016-10-20 11:40:43.489-05 | 1 | 2016-10-20 11:40:43.608-05 | 1476981642 | 1 | | 26d12062-430e-450e-aeda
-2ae8a1c63796 | 1
1 | \x9481fe3ad169a608274fa6683479aedbff75281a | 48bfc809-6d25-4447-b390-dfa4c36bdfc1 | localhost.xxxxxxxxxxx | 2016-10-20 11:49:09.954-05 | 1 | 2016-10-20 11:49:10.096-05 | 1476982148 | 1 | | 49e127d0-7eb2-424c-93db
-2b0841a1922e | 1
(5 rows)
In this two tables you need to have the list from all your machines included the ossec manager.
and can you show me the site.pp from the manager please?
Thanks!
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7ec237d4-e094-4dba-bc17-e5e6a611f0c7%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages