client
Configure the connection parameters related to connecting to the manager.
Subsections
server
New in version 3.0.0.
Configure the connection parameters for each server connected to an agent.
Server subsection options
address
Specify the IP address or the hostname of the Wazuh manager.
Default value |
n/a |
Allowed values |
Any valid IP address or any resolvable hostname is allowed. |
port
Specify the port on the manager to send events to. This must match the associated listening port configured on the Wazuh manager.
Default value |
1514 |
Allowed values |
Any port number from 1 to 65535 is allowed. |
protocol
Specifies the protocol to use when connecting to manager.
Default value |
udp |
Allowed values |
udp, tcp |
Options
server-ip
Deprecated since version 3.0.
Specify the IP address of the Wazuh manager.
Default value |
n/a |
Allowed values |
Any valid IP address is allowed. |
server-hostname
Deprecated since version 3.0.
Specify the hostname of the Wazuh manager.
Default value |
n/a |
Allowed values |
Any resolvable hostname is allowed. |
Warning
This parameter is incompatible with server-ip. Since version 3.0, these fields have been merged into a single field called address that accepts both formats.
port
Deprecated since version 3.0.
Specify the port on the manager to send events to. This must match the associated listening port configured on the Wazuh manager.
Default value |
1514 |
Allowed values |
Any port number from 1 to 65535 is allowed. |
protocol
Deprecated since version 3.0.
Specifies the protocol to use when connecting to manager.
Default value |
udp |
Allowed values |
udp, tcp |
config-profile
Specify the agent.conf profile(s) to be used by the agent.
Default value |
n/a |
Allowed values |
Multiple profiles can be included, separated by a comma and a space. |
notify_time
Specify the time in seconds between agent checkins to the manager. More frequent checkins speed up dissemination of an updated agent.conf file to agents, but also could put undue load on the manager if there are a large number of agents.
Default value |
60 |
Allowed values |
A positive number (seconds) |
time-reconnect
This is the time in seconds until a reconnection attempt. This should be set to a higher number than notify_time. For example, a notify_time time of 60 combined with a time-reconnect of 300 would mean that agents will cause the agent to attempt to check in once per minute, but if a checkin attempt fails to get a response from the manager, the agent will wait five minutes before trying again. Once it again succeeds, checkins will resume their normal one-minute interval.
Default value |
300 |
Allowed values |
A positive number (seconds) |
Warning
Notice that the notify_time value uses an underscore while the time-reconnect value uses a dash. This is an unfortunate legacy naming inconsistency, and is easy to mix up.
local_ip
When the agent has multiple network interfaces, this parameter specifies which IP address will comunicate with the manager from.
Default value |
n/a |
Allowed values |
Any valid IP address is allowed. |
disable-active-response
Deprecated: This is an obsolete method to disable active response.
Warning
The recommended way is using the active-response section.
Default value |
no |
Allowed values |
The options accepted are yes and no |
auto_restart
This parameter enable or disable the agent restart when it receives a new valid configuration from the manager.
Default value |
yes |
Allowed values |
The options accepted are yes and no |
Example of configuration
<client>
<server>
<address>192.168.1.100</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<config-profile>webserver, debian8</config-profile>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
</client>