This is the documentation for Wazuh 3.0. Check out the docs for the latest version of Wazuh!

Checking connection with Manager

First you need to be sure that the Agent is poiting to Manager Address this is set on ossec.conf using <client> XML tag, for more see Client reference.

<ossec_config>
  <client>
    <server>
      <address>10.0.0.10</address>
      <protocol>udp</protocol>
    </server>
  </client>
</ossec_config>

This will set 10.0.0.10 as Wazuh Manager server, after you need restart the Agent:

  1. For Systemd:
# systemctl restart wazuh-agent
  1. For SysV Init:
# service wazuh-agent restart

After you register the agent and it be successfully connected, you could see a list of connected agents into Manager with:

# /var/ossec/bin/agent_control -lc

This will display every registered Agent, also you can check if a Agent is correctly connected verifying if the UDP connection to Manager is established:

# netstat -vatunp|grep ossec-agentd

This could match with the Agent and Manager ip addresses.

In the agent_control section it can be found information about the different states in which agents registered in a manager are.