Statistics files

Currently, Wazuh provides two statistical files. One for ossec-agentd and another for ossec-remoted.

ossec-agentd state file

The name of the statistical file for ossec-agentd is ossec-agentd.state and it’s located under the Wazuh installation directory in var/run/ossec-agentd.state.

This file provides information about the agent, like the current status or the number of generated events among others. By default, this file is updated every 5 seconds but this interval can be changed with the agent.state_interval variable in the internal_options.conf file.

Note

ossec-agentd.state is only available in agents.

Below you can see an example file:

# State file for ossec-agentd

# Agent status:
# - pending:      waiting for get connected.
# - connected:    connection established with manager in the last 10 seconds.
# - disconnected: connection lost or no ACK received in the last 10 seconds.
status='connected'

# Last time a keepalive was sent
last_keepalive='2018-08-21 12:11:21'

# Last time a control message was received
last_ack='2018-08-21 12:11:21'

# Number of generated events
msg_count='5619'

# Number of messages (events + control messages) sent to the manager
msg_sent='5801'

ossec-remoted state file

The name of the statistical file for ossec-remoted is ossec-remoted.state and it’s located under the Wazuh installation directory in var/run/ossec-remoted.state.

This file provides information about the ossec-remoted daemon, like the queue size, discarded messages or the number of TCP sessions among others. By default, this file is updated every 5 seconds but this interval can be changed with the remoted.state_interval variable in the internal_options.conf file.

Note

ossec-remoted.state is only available in managers.

Below you can see an example file:

# State file for ossec-remoted
# Updated every 5 seconds.

# Queue size
queue_size='0'

# Total queue size
total_queue_size='131072'

# TCP sessions
tcp_sessions='0'

# Events sent to Analysisd
evt_count='7383'

# Control messages received
ctrl_msg_count='270'

# Discarded messages
discarded_count='0'

# Messages sent
msg_sent='1267'