The registration process
Every Wazuh Agent sends data to the Wazuh Manager via a secure way called OSSEC message protocol. This encrypts messages using a pre-shared key. Initially, when you successfully install a new Wazuh Agent, this cannot communicate with the Wazuh Manager due to a lack of that pre-shared key.
The registration process consists of a mechanism to create a trusted relationship between the Manager and an Agent. This process could be done in a Manager itself or with a registration service. This service runs on the Manager, where an Agent could request a pre-shared key using some credentials. The Manager will reply with the key and store the new Agent in a local database.
Another approach is using the RESTful API, this is just a wrapper for local registration on Wazuh Manager.
Agent keys
The manager uses the file /var/ossec/etc/client.keys to store the registration record of each agent, which includes ID, name, IP, and key. Example:
The agents also have the file /var/ossec/etc/client.keys containing only their own registration record. Example for Server1 agent:
Basic data for registering an agent
In order to register an agent, it is necessary to provide the name and the IP of the agent.
There are several ways to set the agent IP:
Any IP: Allow the agent to connect from any IP address. Example:
Server1hasanyIP.Fixed IP: Allow the agent to connect only from the specified IP. Example:
ServerProdhas the IP192.246.247.247.Range IP: Allow the agent to connect from the specified range of IPs. Example:
DBServerhas the IP range192.168.0.1/24.
Some registration methods automatically detect the IP of the agent during the registration process.
Last updated
Was this helpful?