Change log collector socket configuration response property

[asteriscos]

Wazuh	Rev	Browser
4.9.0	00	-

Description

A change has been made in the endpoint: https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_config

This change involves a property name change in the response of the API:

• Previous response:

{
  "data": {
    "target": [
      {
        "name": "custom_socket",
        "location": "/var/run/custom.sock",
        "mode": "tcp",
        "prefix": "custom_syslog: "
      },
      {
        "name": "test_socket",
        "location": "/var/run/test.sock",
        "mode": "udp"
      }
    ]
  },
  "error": 0
}

• New response:

  {
  "data": {
  "socket": [
  {
    "name": "custom_socket",
    "location": "/var/run/custom.sock",
    "mode": "tcp",
    "prefix": "custom_syslog: "
  },
  {
    "name": "test_socket",
    "location": "/var/run/test.sock",
    "mode": "udp"
  }
  ]
  },
  "error": 0
  }

As we can see, the name of the property target has been changed to socket, therefore we need to modify the component that parses the response to read the new value.

Task

• [ ] Update the imposter response
• [ ] Change the component to read the new property

Additional context

Origin issue:

• https://github.com/wazuh/wazuh/issues/17662

The log-collection socket file is: https://github.com/wazuh/wazuh-dashboard-plugins/blob/4.9.0/plugins/main/public/controllers/management/components/management/configuration/log-collection/log-collection-sockets.js#L56-L70

[JuanGarriuz]

Update 07/03

Research

Files where the endpoint is called from plugins/main/. (Ignoring the imposter)

• [ ] plugins/main/public/components/agents/fim/inventory.tsx
• [ ] plugins/main/public/controllers/agent/components/register-agent.js
• [ ] plugins/main/public/controllers/management/components/management/configuration/utils/wz-fetch.js
• [ ] plugins/main/public/react-services/query-config.js
• [ ] plugins/main/public/services/query-config.js
• [ ] plugins/main/server/controllers/wazuh-reporting.ts

Imposter files:

• [ ] docker/imposter/agents/configuration/logcollector-socket.json

Changes

Imposter response:

To Do

• [ ] Test with a real manager

[JuanGarriuz]

Update 08/03

I'm trying to test it with a real manager, but the API response in the agent logs collector sockets target is not changed to socket.

wazuh-manager-config:

wazuh-manager-master:
    build:
      context: /home/usuario/wazuh-app-environments/images/wazuh_manager_filebeat_sources_cmake
      args:
        WAZUH_VERSION: 'fix/17662-fix-socket-conf-not--displayed'
        FILEBEAT_VERSION: '7.10.2'
        FILEBEAT_WAZUH_TEMPLATE_URL: https://raw.githubusercontent.com/wazuh/wazuh/fix/17662-fix-socket-conf-not--displayed/extensions/elasticsearch/7.x/wazuh-template.json
        FILEBEAT_WAZUH_MODULE_URL: https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz
    image: wazuh-manager:4.9.0-7.10.2
    hostname: wazuh-manager-4.9.0-7102
    volumes:
      - '/home/usuario/wazuh-app-environments/config/filebeat/filebeat.odfe.yml:/etc/filebeat/filebeat.yml'
    ports:
      - '514:514'
      - '1514:1514'
      - '1515:1515'
      - '1516:1516'
      - '55000:55000'
    depends_on:
      - os1
    environment:
      NODE_IP: wazuh-manager-master
      NODE_NAME: manager-node
      NODE_TYPE: master
    networks:
      - os-dev

Agent log collector API response:

But, when I reproduce the API response into the manager log collection, the response is correctly formed:

[JuanGarriuz]

Update 10/05

Now, the dashboard renders the response of the agent correctly when it is a 4.9.0 version, but the API response has been lost, I'm researching why this happened and how to repair it.

Evidence

 

Workflow

v4.9.0

 

v4.8.0

 

v4.7.0