Checking connection with Manager
First you need to be sure that the Agent is poiting to Manager Address this is set on ossec.conf
using <client>
XML tag, for more see Client reference.
<ossec_config>
<client>
<server>
<address>10.0.0.10</address>
<protocol>udp</protocol>
</server>
</client>
</ossec_config>
This will set 10.0.0.10 as Wazuh Manager server, after you need restart the Agent:
For Systemd:
# systemctl restart wazuh-agent
For SysV Init:
# service wazuh-agent restart
After you register the agent and it be successfully connected, you could see a list of connected agents into Manager with:
# /var/ossec/bin/agent_control -lc
This will display every registered Agent, also you can check if a Agent is correctly connected verifying if the UDP connection to Manager is established:
# netstat -vatunp|grep ossec-agentd
This could match with the Agent and Manager ip addresses.
In the agent_control section it can be found information about the different states in which agents registered in a manager are.