Closed jesusgn90 closed 5 years ago
Suggestion:
Add a new field for the agents. version_status
, this new field would be three different values: outdated
, latest
, higher_than_manager
. This way its an agent property and it can be filtered.
Regards, Jesús
Hello @jesusgn90,
This API call uses the <>
operator to filter. We can change it to <
in order to get the real outdated agents instead of the outdated and over-updated ones:
# sqlite3 /var/ossec/var/db/global.db
SQLite version 3.22.0 2018-01-22 18:45:57
Enter ".help" for usage hints.
sqlite> select version from agent where version <> "Wazuh v3.5.0";
Wazuh v3.3.1
Wazuh v3.5.1
sqlite> select version from agent where version < "Wazuh v3.5.0";
Wazuh v3.3.1
sqlite>
The question now would be: How to retrieve over-updated ones? Two options come to my mind:
GET/agents/outdated
entrypoint to another one, which returns both and allows filtering.What do you think? Marta
Yes @mgmacias95 , I think it should be a property from the agent and the only one thing your need is to add a new filter.
GET /agents?version_status=equal
GET /agents?version_status=outdated
GET /agents?version_status=overdated
The current route /agents/outdated
should be deprecated in further packages.
Since I know it's not as easy as add a new field, in the meantime we can create a new route for overdated agents and hiden them from the /agents/outdated
route. Another simple solution is to add a filter for the/agents/outdated
route. But definetively it should be an agent property and not a route.
Regards, Jesús
Solved here: https://github.com/wazuh/wazuh/pull/1381
Thanks.
Hello team, look at the next responses:
The agent is higher than the manager but it says outdated.
Regards, Jesús