Agent enrollment issues on FreeBSD
489 views
Skip to first unread message
Alonso Cárdenas Márquez
Sep 12, 2022, 4:34:04 PM9/12/22
to wa...@googlegroups.com
Hi
I'm testing wazuh infrastructure for include it into FreeBSD ports tree. I have added/updated wazuh-agent (4.3.7) and wazuh-manager (4.3.7) to ports tree some weeks ago and now I am testing wazuh-indexer (opensearch), wazuh-dashboards (opensearch-dashboards + wazuh-kibana-app) on my FreeBSD box. The good is all components is working mostly without problems. but I am having issues when I enroll a wazuh-agent from FreeBSD to my wazuh-manager on FreeBSD
wazuh-agent is registered without issues to wazuh-manager but it was not change from pending state. It seems like wazuh-agent disconnect before wazuh manager responds its HC_STARTUP. Look at the following log lines
(wazuh-manager log)
2022/09/12 15:05:44 wazuh-remoted[41237] secure.c:242 at handle_new_tcp_connection(): DEBUG: New TCP connection at 192.168.1.21 [11]
2022/09/12 15:05:44 wazuh-remoted[41237] secure.c:583 at HandleSecureMessage(): DEBUG: TCP socket 11 added to keystore.
2022/09/12 15:05:44 wazuh-remoted[41237] manager.c:267 at save_controlmsg(): DEBUG: Agent ifrit sent HC_STARTUP from 192.168.1.21.
2022/09/12 15:05:48 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:05:51 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:05:53 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:05:53 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:05:53 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:05:58 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:01 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:03 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:03 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:03 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:08 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:11 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:13 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:13 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:13 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:18 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:19 wazuh-remoted[41237] secure.c:691 at key_request_reconnect(): DEBUG: Key-polling wodle is not available. Retrying connection in 300 seconds.
2022/09/12 15:06:21 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:23 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:23 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:23 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:28 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:31 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:33 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:33 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:33 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:38 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:41 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:43 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:43 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:43 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:48 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:51 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:53 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:53 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:53 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:300 at handle_incoming_data_from_tcp_socket(): DEBUG: handle incoming close socket 192.168.1.21 [11].
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:645 at _close_sock(): DEBUG: TCP peer disconnected [11]
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:242 at handle_new_tcp_connection(): DEBUG: New TCP connection at 192.168.1.21 [11]
2022/09/12 15:05:44 wazuh-remoted[41237] manager.c:267 at save_controlmsg(): DEBUG: Agent ifrit sent HC_STARTUP from 192.168.1.21.
2022/09/12 15:05:48 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:05:51 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:05:53 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:05:53 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:05:53 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:05:58 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:01 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:03 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:03 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:03 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:08 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:11 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:13 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:13 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:13 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:18 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:19 wazuh-remoted[41237] secure.c:691 at key_request_reconnect(): DEBUG: Key-polling wodle is not available. Retrying connection in 300 seconds.
2022/09/12 15:06:21 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:23 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:23 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:23 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:28 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:31 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:33 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:33 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:33 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:38 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:41 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:43 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:43 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:43 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:48 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:51 wazuh-remoted[41237] secure.c:367 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2022/09/12 15:06:53 wazuh-remoted[41237] manager.c:629 at c_files(): DEBUG: Updating shared files sums.
2022/09/12 15:06:53 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:06:53 wazuh-remoted[41237] state.c:59 at rem_write_state(): DEBUG: Updating state file.
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:300 at handle_incoming_data_from_tcp_socket(): DEBUG: handle incoming close socket 192.168.1.21 [11].
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:645 at _close_sock(): DEBUG: TCP peer disconnected [11]
2022/09/12 15:06:54 wazuh-remoted[41237] secure.c:242 at handle_new_tcp_connection(): DEBUG: New TCP connection at 192.168.1.21 [11]
(wazuz-agent log)
2022/09/12 15:04:34 wazuh-agentd[6173] start_agent.c:98 at connect_server(): INFO: Trying to connect to server (192.168.1.22:1514/tcp).
2022/09/12 15:04:36 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:41 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:46 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:51 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:56 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:01 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:06 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:11 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:16 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:21 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:26 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:31 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:36 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:41 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:44 wazuh-agentd[6173] start_agent.c:57 at connect_server(): INFO: Closing connection to server (192.168.1.22:1514/tcp).
2022/09/12 15:05:44 wazuh-agentd[6173] start_agent.c:98 at connect_server(): INFO: Trying to connect to server (192.168.1.22:1514/tcp).
2022/09/12 15:04:36 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:41 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:46 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:51 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:04:56 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:01 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:06 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:11 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:16 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:21 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:26 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:31 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:36 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:41 wazuh-agentd[6173] state.c:67 at write_state(): DEBUG: Updating state file.
2022/09/12 15:05:44 wazuh-agentd[6173] start_agent.c:57 at connect_server(): INFO: Closing connection to server (192.168.1.22:1514/tcp).
2022/09/12 15:05:44 wazuh-agentd[6173] start_agent.c:98 at connect_server(): INFO: Trying to connect to server (192.168.1.22:1514/tcp).
And it repeats until agent wants register again but manager respond agent name is duplicate
2022/09/12 15:31:16 wazuh-authd[13763] main-server.c:564 at run_dispatcher(): INFO: New connection from 192.168.1.21
2022/09/12 15:31:16 wazuh-authd[13763] main-server.c:597 at run_dispatcher(): DEBUG: Request received: <OSSEC A:'ifrit' K:'1be5e245d1357e39cedff15352c7aee976fbfc87'
>
2022/09/12 15:31:16 wazuh-authd[13763] auth.c:106 at w_auth_parse_data(): INFO: Received request for a new agent (ifrit) from: 192.168.1.21
2022/09/12 15:31:16 wazuh-authd[13763] auth.c:313 at w_auth_validate_data(): WARNING: Duplicate name 'ifrit', rejecting enrollment. Agent '009' can't be replaced since it
is not disconnected.
2022/09/12 15:31:16 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
2022/09/12 15:31:16 wazuh-authd[13763] main-server.c:597 at run_dispatcher(): DEBUG: Request received: <OSSEC A:'ifrit' K:'1be5e245d1357e39cedff15352c7aee976fbfc87'
>
2022/09/12 15:31:16 wazuh-authd[13763] auth.c:106 at w_auth_parse_data(): INFO: Received request for a new agent (ifrit) from: 192.168.1.21
2022/09/12 15:31:16 wazuh-authd[13763] auth.c:313 at w_auth_validate_data(): WARNING: Duplicate name 'ifrit', rejecting enrollment. Agent '009' can't be replaced since it
is not disconnected.
2022/09/12 15:31:16 wazuh-remoted[41237] manager.c:653 at c_files(): DEBUG: End updating shared files sums.
(wazuh-manager open ports)
wazuh wazuh-remo 42891 4 tcp4 *:1514 *:*
wazuh wazuh-remo 42891 11 tcp4 192.168.1.22:1514 192.168.1.21:35450
root wazuh-auth 15186 3 tcp4 *:1515 *:*
wazuh python3.9 95078 34 tcp4 *:55000 *:*
wazuh wazuh-remo 42891 11 tcp4 192.168.1.22:1514 192.168.1.21:35450
root wazuh-auth 15186 3 tcp4 *:1515 *:*
wazuh python3.9 95078 34 tcp4 *:55000 *:*
(testing 1514-1515 connection from wazuh-agent)
root@ifrit:/var/ossec/logs # nc -z 192.168.1.22 1515
Connection to 192.168.1.22 1515 port [tcp/*] succeeded!
root@ifrit:/var/ossec/logs # nc -z 192.168.1.22 1514
Connection to 192.168.1.22 1514 port [tcp/*] succeeded!
root@ifrit:/var/ossec/logs #
root@ifrit:/var/ossec/logs # nc -z 192.168.1.22 1514
Connection to 192.168.1.22 1514 port [tcp/*] succeeded!
root@ifrit:/var/ossec/logs #
##############################
wazuh-agent (FreeBSD 13.1-amd64 IP 192.168.1.21)
root@ifrit:/home/acm # service wazuh-agent status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
root@ifrit:/var/ossec/bin # ./manage_agents -l
Available agents:
ID: 009, Name: ifrit, IP: 192.168.1.21
Available agents:
ID: 009, Name: ifrit, IP: 192.168.1.21
<client>
<server>
<address>192.168.1.22</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<config-profile>freebsd, freebsd13, freebsd13.1</config-profile>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
</client>
<server>
<address>192.168.1.22</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<config-profile>freebsd, freebsd13, freebsd13.1</config-profile>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
</client>
###################################
wazuh-manager (FreeBSD 12.3-amd64 IP 192.168.1.22)
root@cerberus:/home/acm # service wazuh-manager status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
root@cerberus:/var/ossec/bin # ./agent_control -l
Wazuh agent_control. List of available agents:
ID: 000, Name: cerberus (server), IP: 127.0.0.1, Active/Local
ID: 009, Name: ifrit, IP: 192.168.1.21, Pending
List of agentless devices:
<remote>
<connection>secure</connection>
<port>1514</port>
<protocol>tcp</protocol>
</remote>
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>no</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
Wazuh agent_control. List of available agents:
ID: 000, Name: cerberus (server), IP: 127.0.0.1, Active/Local
ID: 009, Name: ifrit, IP: 192.168.1.21, Pending
List of agentless devices:
<remote>
<connection>secure</connection>
<port>1514</port>
<protocol>tcp</protocol>
</remote>
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>no</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
Maybe I am missing some things I didn't read. Tell me if you want additional information about my configuration
Greetings
Jorge Eduardo Molas
Sep 12, 2022, 6:54:26 PM9/12/22
to Wazuh mailing list
Hi Alonso, thanks for using Wazuh.
I see this output in your Manager logs: "...Key-polling wodle is not available...".
I'm going to check this log with the team. Meanwhile, can you describe the steps that you made in order to install the Wazuh stack in FreeBSD?
Alonso Cárdenas Márquez
Sep 12, 2022, 9:07:30 PM9/12/22
to Jorge Eduardo Molas, Wazuh mailing list
Hi Jorge
El lun, 12 sept 2022 a las 17:54, Jorge Eduardo Molas (<jorge...@wazuh.com>) escribió:
Hi Alonso, thanks for using Wazuh.I see this output in your Manager logs: "...Key-polling wodle is not available...".I'm going to check this log with the team. Meanwhile,
Ok, thanks!
can you describe the steps that you made in order to install the Wazuh stack in FreeBSD?
Well, I have used packages generated for FreeBSD. Nowadays I'm maintaining them on FreeBSD and the binary packages are generated from wazuh source code. Take a look at:
Installation is simple like use pkg tool on FreeBSD
# pkg install wazuh-manager
# pkg install wazuh-agent
Configurations were based on wazuh documentation with some little modifications. I'm thinking add new wazuh ports to FreeBSD ports tree after of my tests will success. My main goal is added a full functional wazuh stack to FreeBSD and complementary + guides and tools
Greetings
ACM
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/868fcef1-2c30-4fc8-b619-46a38d42b1e9n%40googlegroups.com.
Jorge Eduardo Molas
Sep 13, 2022, 3:02:36 PM9/13/22
to Wazuh mailing list
Hi Alonso, sorry for the delay. As you posted, when the manager receives an "HC_STARTUP" from the agent, the state is "Pending", then the manager should send "HC_ACK". If the state persists in Pending indicates a firewall issue.
The following links describe the communications flow between Managers and Agents.
The following links describe the communications flow between Managers and Agents.
- https://documentation.wazuh.com/current/user-manual/agents/agent-life-cycle.html
- https://github.com/wazuh/wazuh/pull/6396
- https://groups.google.com/g/wazuh/c/H1gbiredPto
Alonso Cárdenas Márquez
Sep 13, 2022, 4:20:25 PM9/13/22
to Jorge Eduardo Molas, Wazuh mailing list
Hi Jorge
No firewall between these freebsd testing machines. Both of them are in the same network. OS firewall are disable too. What another thing could I test?
Greetings
ACM
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ed613fcb-d1fa-4661-8289-2ad1d7e6da09n%40googlegroups.com.
Alonso Cárdenas Márquez
Sep 13, 2022, 8:04:34 PM9/13/22
to Jorge Eduardo Molas, Wazuh mailing list
Hi Jorge
I have changed <protocol>tcp</protocol> to udp in agent/manager and it solves the issue. Agent changed to active state.
It seems like using tcp is not working or is it used on another kind of configuration? I changed protocol to tcp, udp but it didn't works too
Greetings
ACM
Jorge Eduardo Molas
Sep 13, 2022, 8:11:31 PM9/13/22
to Wazuh mailing list
Alonso, I'm glad to hear that. Let me check with the team about your test result. I am going to try to get back as soon as possible.
Reply all
Reply to author
Forward
0 new messages