vikman90
commented
2 weeks ago Hi @aleksibovellan,
Thank you for raising these concerns. I would like to address the points mentioned:
Regarding the first two points, they pertain to the native support of the agent on OPNsense (which is based on FreeBSD). While the agent can be compiled and installed on FreeBSD, we currently do not offer support for this operating system, including its derivatives like OPNsense. As such, we do not have vulnerability lists or Security Compliance Advisory policies for it.
Concerning the error mentioned, it occurs because the agent is capturing more logs than it can handle. To mitigate this issue, you could consider disabling the leaky bucket mechanism (<client_buffer>) so that the agent sends logs as quickly as possible, managed by the TCP connection's flow control. The leaky bucket mechanism is especially useful when the agent connects over UDP. Increasing the EPS (Events Per Second) limit might not respect the actual limitation due to a known bug, so it is not recommended.
Given these points, I will be closing this issue.
Thank you for your understanding.
Best regards,
| Latest OPNsense's Wazuh-Agent plugin version 1.0_2 (shown as 4.7.4 in Wazuh Server) | Wazuh-Agent | OPNsense plugin "os-wazuh-agent" | Manual install and updates from OPNsense web gui | OPNsense OS 24.1.8 (shown as "BSD 13.2" in Wazuh Server) |
For Virtual Windows Machines, the latest 4.8.0 Wazuh-Agent's "Vulnerability Detection" feature returns only a few alerts about WireShark being out of date, but nothing more. In comparison, normal Windows machines do list a LOT of vulnerabilities and risky packages.