Closed jesusgn90 closed 5 years ago
jesusgn90
commented
6 years ago Suggestion:
Add a new field for the agents. version_status, this new field would be three different values: outdated, latest, higher_than_manager. This way its an agent property and it can be filtered.
Regards, Jesús
mgmacias95
commented
6 years ago Hello @jesusgn90,
This API call uses the <> operator to filter. We can change it to < in order to get the real outdated agents instead of the outdated and over-updated ones:
# sqlite3 /var/ossec/var/db/global.db
SQLite version 3.22.0 2018-01-22 18:45:57
Enter ".help" for usage hints.
sqlite> select version from agent where version <> "Wazuh v3.5.0";
Wazuh v3.3.1
Wazuh v3.5.1
sqlite> select version from agent where version < "Wazuh v3.5.0";
Wazuh v3.3.1
sqlite>The question now would be: How to retrieve over-updated ones? Two options come to my mind:
GET/agents/outdated entrypoint to another one, which returns both and allows filtering.What do you think? Marta
jesusgn90
commented
6 years ago Yes @mgmacias95 , I think it should be a property from the agent and the only one thing your need is to add a new filter.
GET /agents?version_status=equal
GET /agents?version_status=outdated
GET /agents?version_status=overdatedThe current route /agents/outdated should be deprecated in further packages.
Since I know it's not as easy as add a new field, in the meantime we can create a new route for overdated agents and hiden them from the /agents/outdatedroute. Another simple solution is to add a filter for the/agents/outdated route. But definetively it should be an agent property and not a route.
Regards, Jesús
jesuslinares
commented
5 years ago Solved here: https://github.com/wazuh/wazuh/pull/1381
Thanks.
Hello team, look at the next responses:
The agent is higher than the manager but it says outdated.
Regards, Jesús