Wazuh server doesnt show agents
653 views
Skip to first unread message
Ibragim Abdulazizli
Nov 22, 2022, 6:52:21 AM11/22/22
to Wazuh mailing list
Hi everyone. I'm trying to connect agents to wazuh server. But only one of them showed in dashboard. I did same process as I added my first agent.
Ps: I'm learning wazuh so I dont know what kind of data should I provide. Pls tell me if you know solution
Tomas Sarquis
Nov 22, 2022, 7:05:10 AM11/22/22
to Wazuh mailing list
Hello ibragim.abdulazizli
In order to help you, tell me the exact steps you followed to register the agents. Also, which version of the agents and of the manager are you using?
Ibragim Abdulazizli
Nov 22, 2022, 7:25:58 AM11/22/22
to Wazuh mailing list
I'm running wazuh server on ubuntu 22.04 vm (Ram 4 gb)
wazuh version:
WAZUH_VERSION="v4.3.10"
WAZUH_REVISION="40323"
WAZUH_TYPE="server"
WAZUH_REVISION="40323"
WAZUH_TYPE="server"
This logs are from pending agent
connection from agent:
Connection to 10.10.250.66 1514 port [tcp/*] succeeded!
Connection to 10.10.250.66 1515 port [tcp/*] succeeded!
Connection to 10.10.250.66 55000 port [tcp/*] succeeded!
Connection to 10.10.250.66 1515 port [tcp/*] succeeded!
Connection to 10.10.250.66 55000 port [tcp/*] succeeded!
agent satus:
sudo grep ^status /var/ossec/var/run/wazuh-agentd.state
status='pending'
status='pending'
curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb && sudo WAZUH_MANAGER='10.10.250.66' WAZUH_REGISTRATION_PASSWORD='s+kgWuukjB' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.3.10.deb
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
------------------------------
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-11-22 16:09:18 +04; 15min ago
Tasks: 27 (limit: 2247)
Memory: 99.3M
CPU: 8.040s
CGroup: /system.slice/wazuh-agent.service
├─ 954 /var/ossec/bin/wazuh-execd
├─ 964 /var/ossec/bin/wazuh-agentd
├─1078 /var/ossec/bin/wazuh-syscheckd
├─1190 /var/ossec/bin/wazuh-logcollector
└─1205 /var/ossec/bin/wazuh-modulesd
Noy 22 16:09:17 mrxx-virtual-machine env[899]: Completed.
Noy 22 16:09:18 mrxx-virtual-machine systemd[1]: Started Wazuh agent.
Noy 22 16:22:28 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:28 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:29 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:29 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:34 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:37 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:38 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:38 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
lines 1-23/23 (END)
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-11-22 16:09:18 +04; 15min ago
Tasks: 27 (limit: 2247)
Memory: 99.3M
CPU: 8.040s
CGroup: /system.slice/wazuh-agent.service
├─ 954 /var/ossec/bin/wazuh-execd
├─ 964 /var/ossec/bin/wazuh-agentd
├─1078 /var/ossec/bin/wazuh-syscheckd
├─1190 /var/ossec/bin/wazuh-logcollector
└─1205 /var/ossec/bin/wazuh-modulesd
Noy 22 16:09:17 mrxx-virtual-machine env[899]: Completed.
Noy 22 16:09:18 mrxx-virtual-machine systemd[1]: Started Wazuh agent.
Noy 22 16:22:28 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:28 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:29 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:29 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:34 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:37 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:38 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
Noy 22 16:22:38 mrxx-virtual-machine systemd[1]: /lib/systemd/system/wazuh-agent.service:12: Unit configured to use KillMode=>
lines 1-23/23 (END)
----------------------
And I also have another agent which is connected and works well. all
Tomas Sarquis
Nov 22, 2022, 7:43:28 AM11/22/22
to Wazuh mailing list
First of all, avoid sharing delicate information like public IPs and/or secrets.
Secondly, can you search in the agent and/or server log for a clue about this problem?
For example, by running: cat <WAZUH_INSTALL_DIR>/logs/ossec.log | grep ERROR
Are you sure the agent has is connected to the server? If not, you should a message like below (on agent side):
2022/11/22 09:36:18 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.0.100]:1514/tcp': 'Connection timed out'.
2022/11/22 09:36:28 wazuh-agentd: INFO: Trying to connect to server ([192.168.0.100]:1514/tcp).
2022/11/22 09:36:28 wazuh-agentd: INFO: Trying to connect to server ([192.168.0.100]:1514/tcp).
Ibragim Abdulazizli
Nov 22, 2022, 7:50:49 AM11/22/22
to Wazuh mailing list
Thanks for remediation but ips are local. I checked logs but all errors are auth errors
such as:
2022/11/22 16:48:43 wazuh-agentd: ERROR: Unable to add agent (from manager)
2022/11/22 16:49:43 wazuh-agentd: ERROR: Invalid request for new agent (from manager)
2022/11/22 16:49:43 wazuh-agentd: ERROR: Unable to add agent (from manager)
2022/11/22 16:49:43 wazuh-agentd: ERROR: Invalid request for new agent (from manager)
2022/11/22 16:49:43 wazuh-agentd: ERROR: Unable to add agent (from manager)
Ibragim Abdulazizli
Nov 22, 2022, 7:55:56 AM11/22/22
to Wazuh mailing list
I used admin password for connection. Does it right?
Tomas Sarquis
Nov 22, 2022, 9:46:49 AM11/22/22
to Wazuh mailing list
I found a thread in our Slack community where a similar problem was reported.
- Ensure that the .key file exists in both the agent and the manager. The key file should be located in /var/ossec/etc/client.keys.
- About the grouping, the agent enrollment will fail if a non-existent group is specified.
- This poblem may be solved reinstalling Wazuh on the problematic agent.
- Try to install the agent without the group and password, just seting the WAZUH_MANAGER
Let me know if this is helpfull!
Reply all
Reply to author
Forward
0 new messages