Wazuh dashboard prints IPv6 link-local addresses instead of other (most preferrable IP addresses) #5705
Comments
|
Thanks for linking this @vikman90 - just to clarify a bit, is the determination to show the agent's address as IPv6 happening in Kibana, or is this specifically the task to deal with the visual representation of that selected address? All for getting the aesthetics worked out, just want to make sure the functional aspect of agent/framework interactions is not lost in the churn given that rules and scripts can depend on that address being IPv4. |
|
@sempervictus The determination of the agent's IP must happen in each agent. The agent sends its IP address within the notify (keepalive-like) message. The manager is limited to storing it in the database (schema_global.sql). Later, Wazuh Dashboard (Kibana) runs the The agent can inventory its network interfaces and determine which one is the default or the one that connects to the manager. Best regards. |
Description
When listing agents in the wazuh-dashboard, in a lot of cases the dashboard will list the link-local IPv6 address of the node.
IPv6 link-local addresses are the most meaningless addresses of a host, since they are only valid on a local subnet, and must be used/accompanied with the corresponding interface index for the link-local address to be meaningful.
Preconditions
Wazuh agent has IPv6 support.
Steps to reproduce
Expected Result
Wazuh dashboard should probably order the host addresses, and list/show the address with the highest priority. Priorities could be, for example,:
If a system has multiple addresses, the dashboard should show one with the highest priority in the sample list above.
Actual Result
Wazuh dashboard quite often shows the IPv6 link-local address of the host.
The text was updated successfully, but these errors were encountered: