- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Can not get agent configuration in wazuh app for s...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can not get agent configuration in wazuh app for splunk
Hi all, a have a some problem in using wazuh app (3.3.1), when i successfully connect wazuh manager in splunk app by api, a want to get agent configuration in agent->configuration (wazuh app), but when i choose some agent a got nothing information.
/opt/splunk/var/log/splunk/web_access.log give me some inform like this when i trying get config info from web splunk(Credentials info was removed from this):
...
127.0.0.1 - admin [23/Jul/2018:02:32:27.002 -0700] "GET /en-GB/custom/SplunkAppForWazuh/agents/info?ip=MANAGER_FQDN&port=PORT&user=USER&pass=PASS&id=029&=1532339993775 HTTP/1.1" 200 407 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" - 5b55a0ab222f221475ca50 890ms
127.0.0.1 - admin [23/Jul/2018:02:32:27.900 -0700] "GET /en-GB/custom/SplunkAppForWazuh/agents/group_configuration?ip=MANAGER_FQDN&port=PORT&user=USER&pass=PASS&id=host&=1532339993776 HTTP/1.1" 200 68 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0" - 5b55a0ab222f225853d350 436ms
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vlvov,
In order to check if you currently have group configurations, please, execute the following curl commands to Wazuh API and paste here the results:
Get your list of groups:
curl -u <api-user>:<api-pass> http(s)://<wazuh-api-address>:<wazuh-api-port>/agents/groups?pretty
Example:
curl -u foo:bar http://10.0.0.5:55000/agents/groups?pretty
And:
Get the content of configuration files on each group:
curl -u <api-user>:<api-pass> http(s)://<wazuh-api-address>:<wazuh-api-port>/agents/groups/<group-name>/files/agent.conf?pretty
Example:
curl -u foo:bar http://10.0.0.5:55000/agents/groups/default/files/agent.conf?pretty
Thanks for your patience,
Best regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
request
{
"error": 0,
"data": {
"totalItems": 3,
"items": [
{
"count": 0,
"conf_sum": "xxx",
"merged_sum": "yyy",
"name": "default"
},
{
"count": 49,
"conf_sum": "xxx1",
"merged_sum": "yyy1",
"name": "guest"
},
{
"count": 11,
"conf_sum": "xxx2",
"merged_sum": "yyy2",
"name": "host"
}
]
}
}request in "guest"
{
"error": 0,
"data": {
"totalItems": 1,
"items": [
{
"config": {},
"filters": {}
}
]
}
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in "host" and "default" same response
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vlvov,
The reason you're not seeing any configuration is that the configuration group in your agent.conf file is empty. You can check our official documentation in order to set a centralized configuration. https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html
Regards
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
