I can’t figure out how to get an active agent. Even after following the directions, I am stuck. Can anyone help?
The Wazuh server is not 127.0.0.1 You need the IP address of the Wazuh server, not the Windows server. You may access the Wazuh SIEM web interface from 127.0.0.1 when you are on the Wazuh server, but that is not its network ip address. Use “ip a” as instructed in the lab guide.
thank you. i found the right IP address.
1 Like
It’s going to be the ens5 or eth0 address using 10.x.x.x. But you got it 
Be sure to follow the instructions where you connect the Windows agent to the Wazuh server. Be sure you see 1 active agent when you connect to Wazuh.
Yes I did see 1 active agent, then when I checked Available fields, I couldn’t fine data.win
Did you stop and start the Wazuh service on the Windows server after changing the hosts file and pinging “wazuh” ?
Notice your ping is not working. That’s an issue. Can you show the output from the ip a command on Wazuh?
So in this screen shot, 10.111.16.6 is the IP not 10.111.16.255. I’m guessing you used .255 in your prior screen shot by mistake, as you cannot ping Wazuh in that screen shot.
Bottom line, be sure you can ping Wazuh before moving on.
Yes I think I did. Got it worked out now
1 Like