Replies: 1 comment 1 reply
-
Hi @piedai, where you able to find a solution? I am also trying to do the same thing. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi Everyone!
I’m working on setting up the Wazuh agent as a DaemonSet in my Kubernetes cluster to monitor the worker nodes. The main issue I’ve encountered is that the Wazuh agent inside the pods collects and forwards information about the pods running on the worker nodes, rather than the actual worker nodes themselves (e.g., host system logs, file integrity checks, etc.).
I’ve noticed that some hostPath volumes are mounted into the pod at /host/ to provide access to the node's filesystem. However, the Wazuh agent’s configuration (e.g., /var/ossec/etc/ossec.conf) does not seem to be set up to scan or check this /host/ directory for node-level data. Instead, it works with the pod's filesystem or predefined paths like /var, /etc, etc., within the container.
The Problems
The agent is designed to monitor files and logs at paths like /var or /etc, but these paths correspond to the container's filesystem, not the host node's.
Mounting the host’s root filesystem under /host/ makes it accessible, but the agent doesn’t automatically look there for logs or data.
I need the Wazuh agent to collect data from the worker node’s system rather than just monitoring the container's environment.
My Questions
I’d greatly appreciate any insights or advice on how to resolve this. Thanks in advance for your help!
Beta Was this translation helpful? Give feedback.
All reactions