Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
We are implementing graylog open in our AWS environment. For fixed servers, I generated a Key from OSSEC and applied the keyt on Wazuh Agent running on the windows servers. We also have AWS servers running in autoscaling mode, which are the image of the master server (already functioning well). These servers are unable to send logs to the ossec, and unable to register themselves.
2022/10/05 10:59:09 ossec-remoted: WARNING: (1213): Message from ‘192.168.6.247’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2022/10/05 10:59:09 ossec-remoted: WARNING: (1213): Message from ‘192.168.5.219’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2022/10/05 10:59:11 ossec-remoted: WARNING: (1213): Message from ‘192.168.4.9’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2022/10/05 10:59:14 ossec-remoted: WARNING: (1213): Message from ‘192.168.5.219’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2022/10/05 10:59:16 ossec-remoted: WARNING: (1213): Message from ‘192.168.6.247’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2022/10/05 10:59:17 ossec-remoted: WARNING: (1213): Message from ‘192.168.4.9’ not allowed. Cannot find the ID of the agent. Source agent ID is unknown.
2. Describe your environment:
-
OS Information: Graylog on Ubuntu, clients on Windows 2016 (AWS)
-
Package Version:4.0.2
-
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
None
4. How can the community help?
Not sure how to let these random servers get registered on the ossec and send logs.
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]