wazuh-dashboard-plugins
wazuh-dashboard-plugins copied to clipboard
wazuh
Change log collector socket configuration response property
| Wazuh | Rev | Browser |
|---|---|---|
| 4.9.0 | 00 | - |
Description
A change has been made in the endpoint: https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_config
This change involves a property name change in the response of the API:
- Previous response:
{
"data": {
"target": [
{
"name": "custom_socket",
"location": "/var/run/custom.sock",
"mode": "tcp",
"prefix": "custom_syslog: "
},
{
"name": "test_socket",
"location": "/var/run/test.sock",
"mode": "udp"
}
]
},
"error": 0
}
- New response:
{
"data": {
"socket": [
{
"name": "custom_socket",
"location": "/var/run/custom.sock",
"mode": "tcp",
"prefix": "custom_syslog: "
},
{
"name": "test_socket",
"location": "/var/run/test.sock",
"mode": "udp"
}
]
},
"error": 0
}
As we can see, the name of the property target has been changed to socket, therefore we need to modify the component that parses the response to read the new value.
Task
- [ ] Update the imposter response
- [ ] Change the component to read the new property
Additional context
Origin issue:
- https://github.com/wazuh/wazuh/issues/17662
The log-collection socket file is: https://github.com/wazuh/wazuh-dashboard-plugins/blob/4.9.0/plugins/main/public/controllers/management/components/management/configuration/log-collection/log-collection-sockets.js#L56-L70
Update 07/03
Research
Files where the endpoint is called from plugins/main/. (Ignoring the imposter)
- [ ] plugins/main/public/components/agents/fim/inventory.tsx
- [ ] plugins/main/public/controllers/agent/components/register-agent.js
- [ ] plugins/main/public/controllers/management/components/management/configuration/utils/wz-fetch.js
- [ ] plugins/main/public/react-services/query-config.js
- [ ] plugins/main/public/services/query-config.js
- [ ] plugins/main/server/controllers/wazuh-reporting.ts
Imposter files:
- [ ] docker/imposter/agents/configuration/logcollector-socket.json
Changes
Imposter response:
To Do
- [ ] Test with a real manager
Update 08/03
I'm trying to test it with a real manager, but the API response in the agent logs collector sockets target is not changed to socket.
wazuh-manager-config:
wazuh-manager-master:
build:
context: /home/usuario/wazuh-app-environments/images/wazuh_manager_filebeat_sources_cmake
args:
WAZUH_VERSION: 'fix/17662-fix-socket-conf-not--displayed'
FILEBEAT_VERSION: '7.10.2'
FILEBEAT_WAZUH_TEMPLATE_URL: https://raw.githubusercontent.com/wazuh/wazuh/fix/17662-fix-socket-conf-not--displayed/extensions/elasticsearch/7.x/wazuh-template.json
FILEBEAT_WAZUH_MODULE_URL: https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz
image: wazuh-manager:4.9.0-7.10.2
hostname: wazuh-manager-4.9.0-7102
volumes:
- '/home/usuario/wazuh-app-environments/config/filebeat/filebeat.odfe.yml:/etc/filebeat/filebeat.yml'
ports:
- '514:514'
- '1514:1514'
- '1515:1515'
- '1516:1516'
- '55000:55000'
depends_on:
- os1
environment:
NODE_IP: wazuh-manager-master
NODE_NAME: manager-node
NODE_TYPE: master
networks:
- os-dev
Agent log collector API response:
But, when I reproduce the API response into the manager log collection, the response is correctly formed:
Update 10/05
Now, the dashboard renders the response of the agent correctly when it is a 4.9.0 version, but the API response has been lost, I'm researching why this happened and how to repair it.
Evidence
Workflow
v4.9.0
v4.8.0
v4.7.0