wazuh-api
wazuh-api copied to clipboard
wazuh
Incoherent result of n_active_agents field in GET /cluster/healthcheck endpoint
Hi team,
I've just noticed about the following behavior of the GET /cluster/healthcheck endpoint. It seems that the result of the n_active_agents includes the master of the cluster (000), but not the worker node.
How to reproduce
I currently have a two nodes Manager cluster with six registered and reporting agents. The result of the endpoint that I'm receiving is the following (I'm reducing the output):
"wazuh-worker": {
"info": {
"name": "wazuh-worker",
"type": "worker",
"version": "3.9.4",
"ip": "10.0.0.254",
"n_active_agents": 3
},
"wazuh-master": {
"info": {
"name": "wazuh-master",
"type": "master",
"version": "3.9.4",
"ip": "10.0.0.249",
"n_active_agents": 4
}
}
So we can say that the manager node is counted as an agent, but only for the master node.
In my opinion, we should not include any manager to the n_active_agents field, but of course, this behavior can be discussed. Feel free to comment here your thoughts on this.
Cheers
Hi team!
This behavior seems to be easily fixed by adding q='id!=000' as part of the query here (4.0):
https://github.com/wazuh/wazuh/blob/6d3ebab6fd9c838a517ca61d24bb8bc8557b8452/framework/wazuh/core/cluster/master.py#L724
However, it seems that a similar problem is repeated in more places. For example, having the following list of agents connected:
/var/ossec/bin/cluster_control -a
ID NAME IP STATUS VERSION NODE NAME
000 wazuh-master 127.0.0.1 active Wazuh v4.0.0 master-node
001 wazuh-agent1 172.23.0.6 active Wazuh v3.13.0 worker2
002 wazuh-agent2 172.23.0.7 active Wazuh v3.13.0 worker2
003 wazuh-agent3 172.23.0.8 active Wazuh v3.13.0 worker1
004 wazuh-agent4 172.23.0.9 active Wazuh v3.13.0 master-node
005 wazuh-agent5 172.23.0.10 active Wazuh v3.13.0 worker1
006 wazuh-agent6 172.23.0.11 active Wazuh v3.13.0 worker2
007 wazuh-agent7 172.23.0.12 active Wazuh v3.13.0 master-node
008 wazuh-agent8 172.23.0.13 active Wazuh v3.13.0 master-node
009 wazuh-agent9 172.28.0.14 disconnected Wazuh v3.9.2 master-node
010 wazuh-agent10 172.28.0.15 disconnected Wazuh v3.9.2 master-node
011 wazuh-agent11 any never_connected unknown unknown
012 wazuh-agent12 any never_connected unknown unknown
Endpoints like GET /overview/agents return the following information:
{
"data": {
"nodes": [
{
"node_name": "worker1",
"count": 2
},
{
"node_name": "worker2",
"count": 3
},
{
"node_name": "master-node",
"count": 6
},
{
"node_name": "unknown",
"count": 2
}
],
"groups": [
{
"count": 4,
"name": "group3",
"mergedSum": "49f64bf1678a3b57b07bbc09fc62e6ba",
"configSum": "ab73af41699f13fdd81903b5f23d8d00"
},
{
"count": 5,
"name": "group1",
"mergedSum": "f5e0305e248bd00e05445f329bd1dd5e",
"configSum": "ab73af41699f13fdd81903b5f23d8d00"
},
{
"count": 5,
"name": "group2",
"mergedSum": "13a2d4d772bccb56646b4ca9d1dc6689",
"configSum": "ab73af41699f13fdd81903b5f23d8d00"
},
{
"count": 10,
"name": "default",
"mergedSum": "fd756ba04d9c32c8848d4608bec41251",
"configSum": "ab73af41699f13fdd81903b5f23d8d00"
}
],
"agent_os": [
{
"os": {
"name": "Ubuntu",
"platform": "ubuntu",
"version": "16.04.6 LTS"
},
"count": 3
},
{
"os": {
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.4 LTS"
},
"count": 6
},
{
"os": {
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.2 LTS"
},
"count": 2
},
{
"os": {
"name": "unknown",
"platform": "unknown",
"version": "unknown"
},
"count": 2
}
],
"agent_status": {
"active": 9,
"disconnected": 2,
"never_connected": 2,
"pending": 0,
"total": 13
},
"agent_version": [
{
"version": "Wazuh v4.0.0",
"count": 1
},
{
"version": "Wazuh v3.13.0",
"count": 8
},
{
"version": "Wazuh v3.9.2",
"count": 2
},
{
"count": 2,
"version": "unknown"
}
],
"last_registered_agent": [
{
"os": {
"arch": "x86_64",
"codename": "Xenial Xerus",
"major": "16",
"minor": "04",
"name": "Ubuntu",
"platform": "ubuntu",
"uname": "Linux |wazuh-agent1 |5.4.0-37-generic |#41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 |x86_64",
"version": "16.04.6 LTS"
},
"node_name": "worker2",
"configSum": "29e0926e5a77442212e824868a2a61df",
"id": "001",
"version": "Wazuh v3.13.0",
"registerIP": "any",
"ip": "172.23.0.6",
"lastKeepAlive": "2020-06-25T15:09:58Z",
"name": "wazuh-agent1",
"dateAdd": "1970-01-01T00:00:00Z",
"status": "active",
"mergedSum": "2629b6d310fb8a9f8ad9de7c7842791d",
"manager": "wazuh-worker2",
"group": [
"default",
"group1"
]
}
]
}
}
It shows 6 agents for the master node (counting the disconnected ones and the 000). However, the workers are not counting agent 000. I will investigate it a little bit deeper.
Kind regards, Selu.
