Change Agent Connection Port

[serano...@gmail.com]

Hi All.

We are using wauh till the 3.8 version, now we're at versio 4.2 and still using port 1514 UDP for the agents connection. Now, the new agents are using as default the 1514 TCP and anytime we need to change manually the port in configuration so my question is: it is possible to manage the port change for all the agents throught the manager? is possible to let the manager listen in both the ports, or i've to manage all the changes manually?

Thanks for your help and all your work guys.

Have a nice day.

[Jonathan Martín Valera]

Hi,

Answering your questions:

It is possible to manage the port change for all the agents through the manager?

No, it is not possible. From the wazuh-manager it is possible to add centralized configuration to the wazuh-agent, but not on connection configuration (see https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html).

You can use tools such as Ansible, to perform remote configuration in your large-scale environments.

Is possible to let the manager listen in both the ports, or i’ve to manage all the changes manually?

Yes, from 4.2.0 version is possible to configure both UDP and TCP protocols to work simultaneously in the secure connections, this can be achieved by writing in the same configuration block the accepted protocols separated with a comma.

For example:

  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>udp,tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>

See https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html#protocol

I hope this solves your doubts :)

Regards.

​