Splunk Search

Agent list in OSSEC agent status dashboard is empty

janfabo
Explorer

Hello. Yesterday I installed OSSEC & Splunk on server, and everything is working great, except two small things: OSSEC agent status shows No results found, although on ossec's agent_control -l I can see 12 agents, which are currently reporting. OSSEC agent coverage shows two agents: zeus and 10.10.10.10. How can I see them in this dashboard?
And 2nd thing is a bit trait: IP address of zeus is 10.10.10.10, how to cancel one of them?
Thanx for advice.

Tags (4)
0 Karma

southeringtonp
Motivator

If you can't see the agents, make sure that the agent management inputs scripts are working correctly. The most common issue is that either agent polling hasn't been configured or that it is seeing a password prompt and aborting.

First, make sure that you have configured the agent polling commands in ossec_servers.conf.

Then run the following and looking for errors:

cd /opt/splunk/etc/apps/ossec/bin
./ossec_agent_status.py
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...