I have successfully installed the Wazuh https://wazuh.com/install/ XDR and SIEM protection program on my VPS.
My goal would be to use wazuh Agentless https://documentation.wazuh.com/current ... index.html to report the status of my router (hAP ac²) via SSH.
It is theoretically possible, but unfortunately the method is not compatible with mikrotik or I just don't notice something.
I use this agentless config in /var/ossec/etc/ossec.conf with Endpoints with password authentication:
Code: Select all
<agentless>
<type>ssh_generic_diff</type>
<frequency>60</frequency>
<host>admin@mydomain.com</host>
<state>periodic_diff</state>
<arguments>/log print</arguments>
</agentless>
Code: Select all
...
2024/02/13 08:23:21 wazuh-agentlessd: INFO: Test passed for 'ssh_generic_diff'.
2024/02/13 08:23:22 wazuh-agentlessd: INFO: ssh_generic_diff: admin@mydomain.com: Started.
2024/02/13 08:23:22 wazuh-agentlessd: INFO: ssh_generic_diff: admin@mydomain.com: Starting.
2024/02/13 08:34:34 wazuh-agentlessd: INFO: ssh_generic_diff: admin@mydomain.com: Started.
2024/02/13 08:34:34 wazuh-agentlessd: INFO: ssh_generic_diff: admin@mydomain.com: Starting.
...
Of course I can log in manually via ssh console.
My question is, has anyone managed to put this together like this?
I think the problem is with the ssh_generic_diff script.
Thank you!
Regards: DrCyberg