Before you check the agent’s connection with the manager, first ensure the agent is pointing to the manager’s IP address. This is set in
ossec.conf using the
<client> XML tag. For more on this, see Client reference.
<ossec_config> <client> <server> <address>10.0.0.10</address> <protocol>tcp</protocol> </server> </client> </ossec_config>
This will set 10.0.0.10 as the Wazuh server. Once this is done, you will need restart the Agent:
For Systemd:# systemctl restart wazuh-agent
For SysV Init:# service wazuh-agent restart
After you register the agent and it has successfully connected, you can see a list of agents that are connected to the manager with:
# /var/ossec/bin/agent_control -lc
You can also check to see if an agent connected correctly by verifying if the TCP connection to the manager is established:
# netstat -vatunp|grep wazuh-agentd
The result should match the agent and manager IP addresses.
In the agent_control section, you can find information about the status of the agents that are registered with the manager.