Changes

From SME Server
Jump to navigationJump to search

User talk:Mmccarn (view source)

Revision as of 13:03, 22 January 2018

187 bytes removed ,  13:03, 22 January 2018
Update agent config for wazuh 3.x
Line 12: Line 12:     
===Agent Configuration===
 
===Agent Configuration===
The [https://documentation.wazuh.com/2.0/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] say to use '''yum install wazuh-agent''' (which, since the repo created above is disabled by default, would need to be '''yum --enablerepo=wazuh install wazuh-agent''' on a SME server), but this does not work...
+
[https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions]  
   −
Instead, I had to download the rpm and do use localinstall
+
Wazuh 3.x installs correctly from the yum repository:
  <nowiki>mkdir -p ~/wazuh
+
  yum --enablerepo=wazuh install wazuh-agent
cd ~/wazuh
+
 
wget https://packages.wazuh.com/yum/rhel/6Server/x86_64/wazuh-agent-2.0.1-1.rhel6.x86_64.rpm
+
Create the client account on the wazuh manager:
yum --enablerepo=wazuh localinstall wazuh-agent-2.0.1-1.rhel6.x86_64.rpm
+
/var/ossec/bin/agent-auth -m [ip.of.wazuh.server]
/var/ossec/bin/agent-auth -m <Ip.of.wazuh.srvr>
+
 
 +
Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf:
 +
<nowiki>...
 +
<client>
 +
    <server>
 +
      <address>MANAGER_IP</address>
 +
    </server>
 +
    <config-profile>rhel, rhel6</config-profile>
 +
</client>
 +
...
 
</nowiki>
 
</nowiki>
   −
You also need to enter "Ip.of.wazuh.srvr" into <server-ip>...</server-ip> in this file:
+
Start the agent
/var/ossec/etc/ossec.conf
  −
 
  −
Then start the agent
   
  /etc/init.d/wazuh-agent start
 
  /etc/init.d/wazuh-agent start
  
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/34368"

Navigation menu