How can I collect logs via syslog using agentless?¶
The agentless capability allows you to monitor devices or systems with no agent via SSH, by providing the capability to run commands on the device. Wazuh includes several built-in commands that allow you to detect any output, difference between outputs as well as verifying the integrity of files in the agentless device.
To collect logs you can configure your device to forward logs using syslog and configure Wazuh to receive them using remote syslog.
If I add an agentless device will it show as an agent?¶
Agentless devices do not appear as individual agents themselves, their logs are registered with the manager’s agent name and
ID 000. Agentless devices don’t affect the total agent count.
You may filter agentless logs by searching for
location:agentless and each specific host can be identified by the
Is it possible to monitor the output of a command on a remote device?¶
Yes, using the
ssh_generic_diff option: example.
Can I monitor directories on a remote system?¶
Yes, using either the
How can I remove the Agentless monitoring configuration?¶
To remove your agentless configuration and passwords you have to perform the following steps:
Remove the agentless configuration from your
Remove the file
Restart your Wazuh manager to apply the changes.