Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in config file wazuh-agent in /var/ossec/etc/ossec.conf #1334

Open
poehoes opened this issue May 3, 2024 · 0 comments
Open

Error in config file wazuh-agent in /var/ossec/etc/ossec.conf #1334

poehoes opened this issue May 3, 2024 · 0 comments

Comments

@poehoes
Copy link

poehoes commented May 3, 2024

After succesfully installing docker-wazuh i want to connect the first agent:

sudo systemctl start wazuh-agent
Job for wazuh-agent.service failed because the control process exited with error code.
See "systemctl status wazuh-agent.service" and "journalctl -xe" for details.

When i examine the status i find:

systemctl status wazuh-agent.service
● wazuh-agent.service - Wazuh agent
     Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2024-05-03 16:46:52 CEST; 3s ago
    Process: 35264 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=1/FAILURE)

May 03 16:46:52 poehoes systemd[1]: Starting Wazuh agent...
May 03 16:46:52 poehoes env[35287]: 2024/05/03 16:46:52 wazuh-agentd: ERROR: (4112): Invalid server address found: 'MANAGER_IP'
May 03 16:46:52 poehoes env[35287]: 2024/05/03 16:46:52 wazuh-agentd: ERROR: (1215): No client configured. Exiting.
May 03 16:46:52 poehoes env[35264]: wazuh-agentd: Configuration error. Exiting
May 03 16:46:52 poehoes systemd[1]: wazuh-agent.service: Control process exited, code=exited, status=1/FAILURE
May 03 16:46:52 poehoes systemd[1]: wazuh-agent.service: Failed with result 'exit-code'.
May 03 16:46:52 poehoes systemd[1]: Failed to start Wazuh agent.

It appears the file /var/ossec/etc/ossec.conf will use this MANAGER_IP, but in the config is written

<ossec_config>
  <client>
    <server>
      <address>**MANAGER_IP**</address>
      <port>1514</port>
      <protocol>tcp</protocol>
    </server>
    <config-profile>ubuntu, ubuntu20, ubuntu20.04</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>60</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
  </client>

I thought should be:

<ossec_config>
  <client>
    <server>
      <address>**$**MANAGER_IP</address>
      <port>1514</port>
      <protocol>tcp</protocol>
    </server>
    <config-profile>ubuntu, ubuntu20, ubuntu20.04</config-profile>
    <notify_time>10</notify_time>
    <time-reconnect>60</time-reconnect>
    <auto_restart>yes</auto_restart>
    <crypto_method>aes</crypto_method>
  </client>

But when i made a variable from MANAGER_IP to $MANAGER_IP it still did not work. Only when i configured the hard IP-address the agent made the connection.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@poehoes