Incoherent result of n_active_agents field in GET /cluster/healthcheck endpoint

[manuasir]

Hi team,

I've just noticed about the following behavior of the GET /cluster/healthcheck endpoint. It seems that the result of the n_active_agents includes the master of the cluster (000), but not the worker node.

How to reproduce

I currently have a two nodes Manager cluster with six registered and reporting agents. The result of the endpoint that I'm receiving is the following (I'm reducing the output):

      "wazuh-worker": {
        "info": {
          "name": "wazuh-worker",
          "type": "worker",
          "version": "3.9.4",
          "ip": "10.0.0.254",
          "n_active_agents": 3
        },
      "wazuh-master": {
        "info": {
          "name": "wazuh-master",
          "type": "master",
          "version": "3.9.4",
          "ip": "10.0.0.249",
          "n_active_agents": 4
        }
      }

So we can say that the manager node is counted as an agent, but only for the master node. In my opinion, we should not include any manager to the n_active_agents field, but of course, this behavior can be discussed. Feel free to comment here your thoughts on this.

Cheers

[Selutario]

Hi team!

This behavior seems to be easily fixed by adding q='id!=000' as part of the query here (4.0):

https://github.com/wazuh/wazuh/blob/6d3ebab6fd9c838a517ca61d24bb8bc8557b8452/framework/wazuh/core/cluster/master.py#L724

However, it seems that a similar problem is repeated in more places. For example, having the following list of agents connected:

/var/ossec/bin/cluster_control -a
ID   NAME           IP           STATUS           VERSION        NODE NAME    
000  wazuh-master   127.0.0.1    active           Wazuh v4.0.0   master-node  
001  wazuh-agent1   172.23.0.6   active           Wazuh v3.13.0  worker2      
002  wazuh-agent2   172.23.0.7   active           Wazuh v3.13.0  worker2      
003  wazuh-agent3   172.23.0.8   active           Wazuh v3.13.0  worker1      
004  wazuh-agent4   172.23.0.9   active           Wazuh v3.13.0  master-node  
005  wazuh-agent5   172.23.0.10  active           Wazuh v3.13.0  worker1      
006  wazuh-agent6   172.23.0.11  active           Wazuh v3.13.0  worker2      
007  wazuh-agent7   172.23.0.12  active           Wazuh v3.13.0  master-node  
008  wazuh-agent8   172.23.0.13  active           Wazuh v3.13.0  master-node  
009  wazuh-agent9   172.28.0.14  disconnected     Wazuh v3.9.2   master-node  
010  wazuh-agent10  172.28.0.15  disconnected     Wazuh v3.9.2   master-node  
011  wazuh-agent11  any          never_connected  unknown        unknown      
012  wazuh-agent12  any          never_connected  unknown        unknown    

Endpoints like GET /overview/agents return the following information:

{
  "data": {
    "nodes": [
      {
        "node_name": "worker1",
        "count": 2
      },
      {
        "node_name": "worker2",
        "count": 3
      },
      {
        "node_name": "master-node",
        "count": 6
      },
      {
        "node_name": "unknown",
        "count": 2
      }
    ],
    "groups": [
      {
        "count": 4,
        "name": "group3",
        "mergedSum": "49f64bf1678a3b57b07bbc09fc62e6ba",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00"
      },
      {
        "count": 5,
        "name": "group1",
        "mergedSum": "f5e0305e248bd00e05445f329bd1dd5e",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00"
      },
      {
        "count": 5,
        "name": "group2",
        "mergedSum": "13a2d4d772bccb56646b4ca9d1dc6689",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00"
      },
      {
        "count": 10,
        "name": "default",
        "mergedSum": "fd756ba04d9c32c8848d4608bec41251",
        "configSum": "ab73af41699f13fdd81903b5f23d8d00"
      }
    ],
    "agent_os": [
      {
        "os": {
          "name": "Ubuntu",
          "platform": "ubuntu",
          "version": "16.04.6 LTS"
        },
        "count": 3
      },
      {
        "os": {
          "name": "Ubuntu",
          "platform": "ubuntu",
          "version": "18.04.4 LTS"
        },
        "count": 6
      },
      {
        "os": {
          "name": "Ubuntu",
          "platform": "ubuntu",
          "version": "18.04.2 LTS"
        },
        "count": 2
      },
      {
        "os": {
          "name": "unknown",
          "platform": "unknown",
          "version": "unknown"
        },
        "count": 2
      }
    ],
    "agent_status": {
      "active": 9,
      "disconnected": 2,
      "never_connected": 2,
      "pending": 0,
      "total": 13
    },
    "agent_version": [
      {
        "version": "Wazuh v4.0.0",
        "count": 1
      },
      {
        "version": "Wazuh v3.13.0",
        "count": 8
      },
      {
        "version": "Wazuh v3.9.2",
        "count": 2
      },
      {
        "count": 2,
        "version": "unknown"
      }
    ],
    "last_registered_agent": [
      {
        "os": {
          "arch": "x86_64",
          "codename": "Xenial Xerus",
          "major": "16",
          "minor": "04",
          "name": "Ubuntu",
          "platform": "ubuntu",
          "uname": "Linux |wazuh-agent1 |5.4.0-37-generic |#41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 |x86_64",
          "version": "16.04.6 LTS"
        },
        "node_name": "worker2",
        "configSum": "29e0926e5a77442212e824868a2a61df",
        "id": "001",
        "version": "Wazuh v3.13.0",
        "registerIP": "any",
        "ip": "172.23.0.6",
        "lastKeepAlive": "2020-06-25T15:09:58Z",
        "name": "wazuh-agent1",
        "dateAdd": "1970-01-01T00:00:00Z",
        "status": "active",
        "mergedSum": "2629b6d310fb8a9f8ad9de7c7842791d",
        "manager": "wazuh-worker2",
        "group": [
          "default",
          "group1"
        ]
      }
    ]
  }
}

It shows 6 agents for the master node (counting the disconnected ones and the 000). However, the workers are not counting agent 000. I will investigate it a little bit deeper.

Kind regards, Selu.