First of all, make sure that there are entries in the agent configuration (ossec.conf):
Linux
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<os>yes</os>
<packages>yes</packages>
</wodle>
Windows
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<os>yes</os>
<packages>yes</packages>
<hotfixes>yes</hotfixes>
</wodle>
It's also a good idea to enable debug mode for log analysis (etc/internal_options.conf - wazuh_modules.debug=1).
In addition, we can check some information in the local database on the wazuh-manager side. For example, when the last scan was performed. We can check the ID of our agent using a binary:
[root@energylogserver711 bin]# ./agent_control -l
Next, we can check the records in the local database, appropriate for our agent number:
[root@energylogserver711 db]# sqlite3 074.db
sqlite> PRAGMA table_info(vuln_metadata);
0|LAST_SCAN|INTEGER|0||0
1|WAZUH_VERSION|TEXT|0||0
2|HOTFIX_SCAN_ID|TEXT|0||0
sqlite> select * from vuln_metadata;
1654592177|3133|1567172978