Windows Wazuh agent powershell script issue
1,216 views
Skip to first unread message
Marco
Oct 10, 2018, 4:04:21 AM10/10/18
to Wazuh mailing list
Hi everyone,
Wazuh manager version:v3.6.1
Wazuh windows client version: v3.4.0
I'm having a problem with Windows powershell agent - server registration script available on wazuh 3.x documentation.
When I run the script the agent and key are correctly created on wazuh manager, but when I try to retrive thiese informations throuth API, the powershell script on client host return following error:
------------------------------------------------------------------------------
Adding agent:
Agent 'XXXXXXXXXXXX' with ID '@{id=014; key=MDE0IFdJTjEwQUdFTlQgMTcyLjE3LjIwLjI0NSA4YzRmMmIxZGZmNThlNmIyZDFiNzkyNzFjYmU0NmFhNDY5NDNjMTU0OGJiZjU5ZGQ1YTA0YjYyOTRkZTdjNGFi}' added.
Getting agent key:
ConvertFrom-Json : Invalid JSON primitive: System.Net.WebException.
At C:\Program Files (x86)\ossec-agent\register-agent.ps1:89 char:70
+ ... -method "GET" -resource "/agents/$($agent_id)/key" | ConvertFrom-Json
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
----------------------------------------------------------------------------------------
It seems as if the API return the requested information in a wrong format and the script can't pharse the JSON.
How can I resolve this problem?
Many thanks
Marco
Wazuh manager version:v3.6.1
Wazuh windows client version: v3.4.0
I'm having a problem with Windows powershell agent - server registration script available on wazuh 3.x documentation.
When I run the script the agent and key are correctly created on wazuh manager, but when I try to retrive thiese informations throuth API, the powershell script on client host return following error:
------------------------------------------------------------------------------
Adding agent:
Agent 'XXXXXXXXXXXX' with ID '@{id=014; key=MDE0IFdJTjEwQUdFTlQgMTcyLjE3LjIwLjI0NSA4YzRmMmIxZGZmNThlNmIyZDFiNzkyNzFjYmU0NmFhNDY5NDNjMTU0OGJiZjU5ZGQ1YTA0YjYyOTRkZTdjNGFi}' added.
Getting agent key:
ConvertFrom-Json : Invalid JSON primitive: System.Net.WebException.
At C:\Program Files (x86)\ossec-agent\register-agent.ps1:89 char:70
+ ... -method "GET" -resource "/agents/$($agent_id)/key" | ConvertFrom-Json
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
----------------------------------------------------------------------------------------
It seems as if the API return the requested information in a wrong format and the script can't pharse the JSON.
How can I resolve this problem?
Many thanks
Marco
Marco
Oct 11, 2018, 5:53:06 AM10/11/18
to Wazuh mailing list
Please,
someone can help me with this issue? I need to deploy this functionality as soon as possible.
someone can help me with this issue? I need to deploy this functionality as soon as possible.
thanks in advance
Marco
juancarl...@wazuh.com
Oct 11, 2018, 2:24:27 PM10/11/18
to Wazuh mailing list
Hello Marco,
I've reproduced the issue you are experiencing and I'm trying to determine the extent and cause of it.
Since time seems to be of the essence in your case, I would suggest you try the following workaround for the time being:
Regards,
Juan Carlos Tello
I've reproduced the issue you are experiencing and I'm trying to determine the extent and cause of it.
Since time seems to be of the essence in your case, I would suggest you try the following workaround for the time being:
- Open the Wazuh Agent Manager GUI on your Windows client.
- Open from the View dropdown menu the View Config
- Go to the end of the file and remove the lines at the end which have the following form:<ossec_config> <client> <server> <address><Wazuh-Manager-IP></address> </server> </client> </ossec_config>
- Save the file and exit
- Exit the Wazuh Agent Manager and start it again
- Copy the key that is mentioned in the Powershell output (in your case it started with "MDE" and ended in "GFi", this may have changed if you have executed the script since your first email)
- Paste the key and save the configuration
- Start the agent from the Manage menu
Regards,
Juan Carlos Tello
juancarl...@wazuh.com
Oct 15, 2018, 9:23:27 AM10/15/18
to Wazuh mailing list
Dear Marco,
It seems the problem is due to incompatibility of this script with the current API.
I have done a pull request to change the script but while that is approved you may download and test the script from here:
https://raw.githubusercontent.com/wazuh/wazuh-api/da51c966f61e2cb2dad0ace706a77656e65d1068/examples/api-register-agent.ps1
Let me know if that helps.
Regards,
Juan Carlos
It seems the problem is due to incompatibility of this script with the current API.
I have done a pull request to change the script but while that is approved you may download and test the script from here:
https://raw.githubusercontent.com/wazuh/wazuh-api/da51c966f61e2cb2dad0ace706a77656e65d1068/examples/api-register-agent.ps1
Let me know if that helps.
Regards,
Juan Carlos
Reply all
Reply to author
Forward
0 new messages