1. Logpoint Service Desk
  2. Community
  3. SIEM - Searching & Analytics

Logpoint Agent X and devices Hostnames

Avatar
Follow
0

Hello

with the new Agent X, we were testing adding Devices with Agent X to logpoint, due to DHCP they will not always have the same IP address. We attempted to add this device via Hostname to logpoint, but even though the Agent X panel claims that it is active and collecting logs, When searching for said logs, I get no result for the Hostname.

Is it Possible to use Hostnames to add Devices to logpoint in use with agent X?
Or is it not possible.

Share This Post:

2 comments

Date Votes
0
Avatar
Manita Dahal

Hello Mike,

From the logpoint's version 7.2.0 and older, this new feature of being able to add devices with their hostname is implemented. Also, Agentx supports adding devices with their hostname, if DNS server is properly configured within the Logpoint itself.

You can follow the below steps in this case:

  1. If the status of the client device is active, you can check if there is issue of timezone in the Logpoint and the end device due to which logs are not seen in real time. Check if logs are collected in future/past time.
  2. Also, the issue can be seen when the configuration from the logpoint side is not properly pushed to the end device. For this you can login to the end device, locate agentx.conf file inside Program Files (x86) →  Logpoint/ossec-agent → shared and see if the template configuration is pushed or not.

    You can push the configuration again by trying to resubmitting the configurations to agentx collector once again from the logpoint side.
    Go to Settings→ Configurations → locate the device and resubmit the configurations to agentx collector.

If the issue still persists, you can create a zendesk ticket, so that support can look into the issue.

0
Avatar
Mike Furrer

Hello Mike,

From the logpoint's version 7.2.0 and older, this new feature of being able to add devices with their hostname is implemented. Also, Agentx supports adding devices with their hostname, if DNS server is properly configured within the Logpoint itself.

You can follow the below steps in this case:

  1. If the status of the client device is active, you can check if there is issue of timezone in the Logpoint and the end device due to which logs are not seen in real time. Check if logs are collected in future/past time.
  2. Also, the issue can be seen when the configuration from the logpoint side is not properly pushed to the end device. For this you can login to the end device, locate agentx.conf file inside Program Files (x86) →  Logpoint/ossec-agent → shared and see if the template configuration is pushed or not.

    You can push the configuration again by trying to resubmitting the configurations to agentx collector once again from the logpoint side.
    Go to Settings→ Configurations → locate the device and resubmit the configurations to agentx collector.

If the issue still persists, you can create a zendesk ticket, so that support can look into the issue.

After opening a Ticket we found out it was a bug that read the hostname directly as a IP address.
It is resolved thank you

Please sign in to leave a comment.