You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m working on setting up the Wazuh agent as a DaemonSet in my Kubernetes cluster to monitor the worker nodes. The main issue I’ve encountered is that the Wazuh agent inside the pods collects and forwards information about the pods running on the worker nodes, rather than the actual worker nodes themselves (e.g., host system logs, file integrity checks, etc.).
I’ve noticed that some hostPath volumes are mounted into the pod at /host/ to provide access to the node's filesystem. However, the Wazuh agent’s configuration (e.g., /var/ossec/etc/ossec.conf) does not seem to be set up to scan or check this /host/ directory for node-level data. Instead, it works with the pod's filesystem or predefined paths like /var, /etc, etc., within the container.
The Problems
The agent is designed to monitor files and logs at paths like /var or /etc, but these paths correspond to the container's filesystem, not the host node's.
Mounting the host’s root filesystem under /host/ makes it accessible, but the agent doesn’t automatically look there for logs or data.
I need the Wazuh agent to collect data from the worker node’s system rather than just monitoring the container's environment.
My Questions
How can I configure the Wazuh agent to monitor paths like /host/etc, /host/var, or other host-level directories effectively?
Has anyone else faced a similar issue where the agent collects pod-level data but not node-level data?
Are there any specific configurations or examples for adapting Wazuh to work in this setup?
I’d greatly appreciate any insights or advice on how to resolve this. Thanks in advance for your help!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Everyone!
I’m working on setting up the Wazuh agent as a DaemonSet in my Kubernetes cluster to monitor the worker nodes. The main issue I’ve encountered is that the Wazuh agent inside the pods collects and forwards information about the pods running on the worker nodes, rather than the actual worker nodes themselves (e.g., host system logs, file integrity checks, etc.).
I’ve noticed that some hostPath volumes are mounted into the pod at /host/ to provide access to the node's filesystem. However, the Wazuh agent’s configuration (e.g., /var/ossec/etc/ossec.conf) does not seem to be set up to scan or check this /host/ directory for node-level data. Instead, it works with the pod's filesystem or predefined paths like /var, /etc, etc., within the container.
The Problems
The agent is designed to monitor files and logs at paths like /var or /etc, but these paths correspond to the container's filesystem, not the host node's.
Mounting the host’s root filesystem under /host/ makes it accessible, but the agent doesn’t automatically look there for logs or data.
I need the Wazuh agent to collect data from the worker node’s system rather than just monitoring the container's environment.
My Questions
I’d greatly appreciate any insights or advice on how to resolve this. Thanks in advance for your help!
Beta Was this translation helpful? Give feedback.
All reactions