Closed GSVSenseAmidMadness closed 2 years ago
qjerome
commented
2 years ago Hi @GSVSenseAmidMadness,
Could you please be a bit more explicit ? What is the endpoint you are trying to reach ? Can you provide a curl command I could use to reproduce the error ?
Usually, the manager returns 404 errors when the API endpoint is wrong (check typo).
Cheers,
GSVSenseAmidMadness
commented
2 years ago Hi,
I have dumped the default configs on Win10 endpoint and Ubuntu manager and configured the endpoint to use Ubuntu as manager. (I have also tried using Win10 both as end point and manager). What I see from manage.bat is that endpoint starts correctly. Manager also starts, but displays 404 error.
Main changes/questions to default config (Endpoint):
endpoint = true (what is a WEC?, could you explain this setting?) local = false host= "192.168.2.55" endpoint-uuid = "666" endpoint-key = "666"
Main changes (Manager)
host = "192.168.2.55" uuid = "666" key = "666"
Any logs that I could check?
qjerome
commented
2 years ago Hi,
I understand now why you get 404.
Because endpoint-uuid needs to be an actual UUID (example: 49a289d1-3302-4caa-a2c2-6ea53660270e).
You reach 404 because there is some validation made on the URL by the server (i.e. manager), as the UUID provided is not in the expected format, the API endpoint is not known by the manager.
A WEC is a Windows Event Collector, a dedicated machine to collect logs from several Windows machines.
Hope it helped you to solve your issue,
Cheers,
GSVSenseAmidMadness
commented
2 years ago Hi, I have now changed all UUID's to expected format as well as all keys. I have also checked that they match on both sides, but I still get the error. Is there something that I could check to pinpoint where the issue is?
qjerome
commented
2 years ago Hi,
When you start the manager, it should print HTTP logs in stdout.
Could you please post here an extract (when the problem occurs) of that ?
Could you also please do the same with the client's side logs C:\Program Files\Whids\Logs\whids.log ?
GSVSenseAmidMadness
commented
2 years ago 
Here are the logs I could find.
qjerome
commented
2 years ago The black screenshot are not manager's logs, these seems to be random system logs !
Please start whids-man from a shell and post what is written in the console (stdout)
GSVSenseAmidMadness
commented
2 years ago 
qjerome
commented
2 years ago Ok, I think I misunderstood the problem. I thought you had a connection issue between the endpoint(s) and the manager but as far as I understand is when you try to query the Admin API. Anyhow, issue is the same, if you get 404 it is very likely a mistake in the URL of the API you are trying to reach.
Can you please provide a copy of HTTP query you are trying to do (a curl command is fine) ?
With Debian 11 and also Unbuntu 20.04.3 LTS, after unzip of 1.8.0-beta2, chmod a+x and running with default config, I only get 404 error for the whids-man admin interface. What could be the issue?