This is the documentation for Wazuh 3.0. Check out the docs for the latest version of Wazuh!

agent_groups

New in version 3.0.0.

The agent_groups program allows you to list, assign and manage the agents groups.

-h Display the help message
-l List all groups
-q Quiet (no confirmation)
-l -g group_id List agents in group
-c -g group_id List configuration files in group
-a -i agent_id -g group_id [-q] Set agent group
-r -i agent_id [-q] Unset agent group
-s -i agent_id Show group of agent
-a -g group_id [-q] Create group
-r -g group_id [-q] Remove group
-d Debug

Examples

  • Assign group ‘debian’ to agent 002:
$ /var/ossec/bin/agent_groups -a -i 002 -g debian
Do you want to set the group 'debian' to the agent '002'? [y/N]: y
Group 'debian' assigned to agent '002'.
  • Get the group of agent 002:
$ /var/ossec/bin/agent_groups -s -i 002
The agent 'agent-deb-002' with ID '002' has the group: 'debian'.
  • List all agents in group ‘debian’:
$ /var/ossec/bin/agent_groups -l -g debian
3 agent(s) in group 'debian':
    ID: 002  Name: agent-deb-002.
    ID: 003  Name: agent-deb-003.
    ID: 004  Name: agent-deb-004.
  • List configuration files in group ‘debian’:
$ /var/ossec/bin/agent_groups -c -g debian
Files for group 'debian':
  agent.conf
  rootkit_trojans.txt
  merged.mg
  cis_debian_linux_rcl.txt
  rootkit_files.txt
  system_audit_ssh.txt
  system_audit_rcl.txt
  • Remove the current group of the agent 002:
$ /var/ossec/bin/agent_groups -r -i 002
Do you want to remove the current group of agent '002'? [y/N]: y
Group removed. Current group for agent '002': 'default'.
  • Remove the group ‘debian’ in every agent:
$ /var/ossec/bin/agent_groups -r -g debian
Do you want to remove the 'debian' group of every agent? [y/N]: y
Group 'debian' removed.
Affected agents: 003, 004.