The agentless capability allows you to monitor devices or systems with no agent via SSH, by providing the capability to run commands on the device. Wazuh includes several built-in commands that allow you to detect any output, difference between outputs as well as verifying the integrity of files in the agentless device.
To collect logs you can configure your device to forward logs using syslog and configure Wazuh to receive them using remote syslog.
Agentless devices do not appear as individual agents themselves, their logs are registered with the manager’s agent name and
ID 000. Agentless devices don’t affect the total agent count.
You may filter agentless logs by searching for
location:agentless and each specific host can be identified by the
Yes, using the
ssh_generic_diff option: example.
Yes, using either the
To remove your agentless configuration and passwords you have to perform the following steps:
Remove the agentless configuration from your
Remove the file
Restart your Wazuh manager to apply the changes.