Wazuh agents no connection anymore
336 views
Skip to first unread message
Matskoow
Aug 31, 2024, 11:04:02 AM8/31/24
to Wazuh | Mailing List
Hi all,
I'm using wazuh manager "WAZUH_VERSION":"v4.7.5" and wazuh agent 4.7.5-1
My test wazuh setup with agents was perfectly working yesterday. But all of a sudden my agents aren't connecting anymore.
I checked the agent /var/ossec/logs/ossec.log
2024/08/31 14:55:21 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/08/31 14:55:21 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
It says no route to host, but they are perfectly capable of pinging each other (routes are perfectly fine). I also checked to make sure my wazuh server is listening on 1514, which he is:
[root@centos8 bin]# sudo netstat -tuln | grep 1514
tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN
[root@centos8 bin]# sudo ss -tuln | grep 1514
tcp LISTEN 0 128 0.0.0.0:1514 0.0.0.0:*
What else could be the issue?
I checked the agent /var/ossec/logs/ossec.log
2024/08/31 14:55:21 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/08/31 14:55:21 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
It says no route to host, but they are perfectly capable of pinging each other (routes are perfectly fine). I also checked to make sure my wazuh server is listening on 1514, which he is:
[root@centos8 bin]# sudo netstat -tuln | grep 1514
tcp 0 0 0.0.0.0:1514 0.0.0.0:* LISTEN
[root@centos8 bin]# sudo ss -tuln | grep 1514
tcp LISTEN 0 128 0.0.0.0:1514 0.0.0.0:*
What else could be the issue?
Olusegun Adenrele Oyebo
Sep 1, 2024, 10:54:01 AM9/1/24
to Wazuh | Mailing List
Hello Matskoow,
"No route to host" could indicates that the system can't find a valid network route for the specific protocol. Sometimes this could be due to incorrect routing tables or misconfigured network interfaces that might be blocking TCP traffic even though ICMP is working fine.
Have you checked to see if you can telnet from the affected endpoint where the agent is installed to the Wazuh server? You can use the format telnet <manager_ip> 1514. If you're trying to run it from a Linux endpoint and telnet is not installed on it, you can try curl -v telnet://<manager_ip>:1514
Will be expecting your feedback.
Best regards.
Matskoow
Sep 1, 2024, 11:52:35 AM9/1/24
to Wazuh | Mailing List
Hi,
Telnetting and curling also give:
[walt@web ~]$ telnet 192.168.1.30:1514
telnet: 192.168.1.30:1514: Name or service not known
192.168.1.30:1514: Unknown host
[walt@web ~]$ curl -v telnet://192.168.1.30:1514
* Trying 192.168.1.30:1514...
* connect to 192.168.1.30 port 1514 failed: No route to host
* Failed to connect to 192.168.1.30 port 1514: No route to host
* Closing connection 0
curl: (7) Failed to connect to 192.168.1.30 port 1514: No route to host
telnet: 192.168.1.30:1514: Name or service not known
192.168.1.30:1514: Unknown host
[walt@web ~]$ curl -v telnet://192.168.1.30:1514
* Trying 192.168.1.30:1514...
* connect to 192.168.1.30 port 1514 failed: No route to host
* Failed to connect to 192.168.1.30 port 1514: No route to host
* Closing connection 0
curl: (7) Failed to connect to 192.168.1.30 port 1514: No route to host
Op zondag 1 september 2024 om 16:54:01 UTC+2 schreef Olusegun Adenrele Oyebo:
Matskoow
Sep 1, 2024, 11:55:01 AM9/1/24
to Wazuh | Mailing List
This is the outut of the
/var/ossec/logs/ossec.log
2024/09/01 14:15:31 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:15:41 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:15:44 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:15:54 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:15:57 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:07 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:16:10 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:20 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:16:24 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:24 wazuh-agentd: INFO: Requesting a key from server: 192.168.1.30
2024/09/01 14:16:27 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[192.168.1.30]:1515'
2024/09/01 14:16:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.1.30'. Ensure that the manager version is 'v4.7.5' or higher.
2024/09/01 14:15:31 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:15:41 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:15:44 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:15:54 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:15:57 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:07 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:16:10 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:20 wazuh-agentd: INFO: Trying to connect to server ([192.168.1.30]:1514/tcp).
2024/09/01 14:16:24 wazuh-agentd: ERROR: (1216): Unable to connect to '[192.168.1.30]:1514/tcp': 'No route to host'.
2024/09/01 14:16:24 wazuh-agentd: INFO: Requesting a key from server: 192.168.1.30
2024/09/01 14:16:27 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[192.168.1.30]:1515'
2024/09/01 14:16:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.1.30'. Ensure that the manager version is 'v4.7.5' or higher.
Op zondag 1 september 2024 om 17:52:35 UTC+2 schreef Matskoow:
Olusegun Adenrele Oyebo
Sep 2, 2024, 12:07:06 PM9/2/24
to Wazuh | Mailing List
Hello Matskoow,
As you can see, the affected enpoint is not able to reach the Wazuh manager on TCP port 1514 based on the telnet you did. Same goes for TCP port 1515 which is the agent enrollment port based on the error entry wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[192.168.1.30]:1515'.
Based on this, you'll need to review the permissions on the host where your Wazuh manager is deployed and also network permissions and ensure that the ports are reachable from the affected endpoint(s).
I hope this helps. We remain attentive to your queries.
Best regards.
Reply all
Reply to author
Forward
0 new messages