wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Add agent synchronization statistics

Open dariommr opened this issue 3 years ago • 4 comments

Wazuh version Component Install type Install method Platform
4.4.0 App / API / Core - - -

Hello Team,

Summary

It could be very useful to have agent configuration synchronization statistics in percentage (and it could be in numbers also). Currently, we have to check agent by agent if they are synchronized. In large environments, it is more useful having that information in the same visualization.

Suggested changes

More precisely, I am looking for:

  1. To have the percentage of agents that have their configuration synchronized all in one visualization, in the Agents tab.
  2. Add in the agent's list, the status of synchronization of each agent.
  3. Add the ability to filter the agents by synchronization status.

Thank you in advance.

Update

Agents config synchronization percentage

We will add a widget below Agents coverage in the Agents preview page. This widget will contain the value of the percentage of agents which has its configuration synchronized with the Wazuh manager over the total active agents.

The value represents the synchronization and not the application of such configuration. It might happen that the configuration is synchronized but not applied.

The percentage will always be related to the total amount of active agents at the time of visualization and not a group or a filtered set of agents.

There might be a latency between the time a user sends a new configuration to be applied and the update of the indicator, which will depend on the load of the system and the number of agents. It might, at first, decrease its value as the agents are being recognized as being unsynchronized to later raise as the agents are being synchronized.

The new indicator value won't be available for alerting, indexing or building historical reports.

There won't be a clickable area in the widget to perform additional actions in the view, following the design of the Agents coverage widget instead of the Active widget.

The widget will use an API call to the agent's summary API method to obtain its value. Because this call is already made to load the Agents preview, no further calls need to be done besides what it is already present.

Agent list table

The table in the same Agents preview page will have a new field "Configuration state" which will show if the agent has its configuration synchronized or not, similarly to the way it is show in the agent configuration panel.

This field must behave like the other fields in the table, and should support the filter and visibility rules which are applicable to the other fields of the table.

The information of the table is obtained from the API call to list agents, which already being made in the Agents preview. This call will include a new field indicating if the configuration is synchronized or not.

Additional tasks

We will use the issue https://github.com/wazuh/wazuh/issues/9334 to follow up the API implementation.

dariommr avatar Jun 25 '21 17:06 dariommr

Linked issue #9334

matiasmoreno876 avatar Jul 19 '21 15:07 matiasmoreno876

Current state Pending core team to avoid this problem or https://github.com/wazuh/wazuh/pull/9413

CPAlejandro avatar Sep 08 '21 11:09 CPAlejandro

Depends on https://github.com/wazuh/wazuh/issues/9334

AlexRuiz7 avatar May 10 '22 12:05 AlexRuiz7

Resume work

As https://github.com/wazuh/wazuh/issues/9334 is completed, we can resume or work on this issue.

Reviewing the current work done in #3874, the remaining work for this issue to be completed is:

  • [x] Remove uppercase in Agents Synced
  • [x] Check that the controllers using the endpoint GET /agents/summary/status have been updated to handle the new response. Parent issue: https://github.com/wazuh/wazuh/issues/12363
  • [x] Check that the controllers using the endpoint GET /agents have been updated to handle the new response. Parent issue: https://github.com/wazuh/wazuh/issues/12362
  • [x] Deprecate the use of the endpoint GET /agents/{agent_id}/group/is_sync (use one of the above endpoints instead) Parent issue: https://github.com/wazuh/wazuh/issues/12365
    • https://github.com/wazuh/wazuh-kibana-app/blob/83f5bc727bf175f7909c0c20c2d986f9c99fc7f2/public/controllers/management/components/management/configuration/utils/wz-fetch.js#L480-L486
    • https://github.com/wazuh/wazuh-kibana-app/blob/83f5bc727bf175f7909c0c20c2d986f9c99fc7f2/public/controllers/agent/agents.js#L741-L753
  • [x] Recreate or update the static API info files (endpoints.json, api-requests-list.js, api-requests-list.json), which contain references to the deprecated endpoint, by running the generate-api-info script.
  • [x] Add the synchronization percentage to the Management < Status view
  • [x] Decide whether we keep Agents synced or use a more descriptive label.
  • [x] Check that agents are filterable by its synchronization status (search bar).
  • [x] (Optional) Check that the Synced column in the Agents table is sortable.

AlexRuiz7 avatar Jul 18 '22 11:07 AlexRuiz7