Windows errors can't get OS name

[Anju Bhankhodiya]

Hello ,

i am using wazuh agent on windows and it is not working it is giving me following errors

2018/02/23 11:28:32 agent-auth: CRITICAL: Could not resolve manager's hostname

2018/02/23 11:28:43 manage_agents: WARNING: Can't get OS name (bad header)

2018/02/23 11:28:43 manage_agents: WARNING: Command 'wmic' returned 1 getting OS name.

2018/02/23 11:28:44 manage_agents: WARNING: Can't get OS version (bad header)

2018/02/23 11:31:03 ossec-agent: INFO: Using notify time: 10 and max time to reconnect: 60

can anyone suggest me right way?

[rafael...@wazuh.com]

Hello Anju,

the problem looks like you aren't running the Wazuh agent with administrator privileges. On Windows right click on Manage Agent -> Run as... and open it with your administrator account.

The first error: 2018/02/23 11:28:32 agent-auth: CRITICAL: Could not resolve manager's hostname indicates that the agent isn't able to connect with the manager. Check your manager IP and do a ping from the Windows machine to see if you get a response.

If the problem still occurs, we need more info:

What version of Windows are you using?

What version of the Agent are you using?

What version of the Manager are you using and what operating system is it installed on?

Best regards.

[Anju Bhankhodiya]

Hello,

i am using wazuh-agent for windows server 2012 r2 version -3.2.0

windows 2010 and agent version -3.2.0

wazuh-manager on centos  version - 3.2.0

yes, i have checked the connectivity from both side it's reachable

can you tell me what needs to done??

[rafael...@wazuh.com]

Hi Anju,

I think from the information you posted that you have the firewall enabled on  CentOS.If you have CentOS 7 you can try running the following command as root to stop de firewall daemon: systemctl stop firewall

For CentOS 6 run the following command as root: service iptables stop

Please let me know if that was the problem.

Best regards.

[Anju Bhankhodiya]

Hi,

thanks for reply back,

i have already stopped my firewall still it is not working.

can you tell me what could be the reason for this ?

hear are my sample logs:

2018/02/26 11:47:44 ossec-agent: WARNING: Process locked. Waiting for permission...

2018/02/26 11:47:55 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:47:56 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:48:17 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:48:28 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:48:49 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:49:00 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:49:21 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:49:32 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:49:53 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:50:04 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:50:25 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:50:36 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:50:57 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:51:08 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:51:29 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:51:40 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:52:01 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:52:12 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:52:33 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:52:44 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:53:05 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:53:16 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:53:37 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:53:48 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

2018/02/26 11:54:09 ossec-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.134.213'.

2018/02/26 11:54:20 ossec-agent: INFO: Trying to connect to server (192.168.134.213:1514).

  

On Friday, February 23, 2018 at 11:47:32 AM UTC+5:30, Anju Bhankhodiya wrote:

[rafael...@wazuh.com]

Hi Anju,

You can try to see the output of the manager status. Run the following command as root on the CentOS machine: /var/ossec/bin/ossec-control status

Do a /var/ossec/bin/ossec-control restart and verify if the manager starts all the daemons.

Could you please post here your agent configuration file and your manager configuration file (/var/ossec/etc/ossec.conf)?

Best regards.

[Anju Bhankhodiya]

Hi,

i have checked  this command as you mentioned and output i have attached here .... 

On Friday, February 23, 2018 at 11:47:32 AM UTC+5:30, Anju Bhankhodiya wrote:

[rafael...@wazuh.com]

Hi Anju,

sorry for the late response. We need more info about you setup so please can you provide the following info?:

- What registration method have you used (authd or key importing)?

- On the manager: post a screenshot of /var/ossec/bin/agent_control -l 

Best regards.

On Friday, February 23, 2018 at 7:17:32 AM UTC+1, Anju Bhankhodiya wrote: