wazuh-remoted CRITICAL (1206): Unable to Bind port '514' due to [(99)-(Cannot assign requested address)]
212 views
Skip to first unread message
Daniel D'Angeli
Dec 12, 2024, 6:52:20 AM12/12/24
to Wazuh | Mailing List
I have the following error in the wazuh logs.
My Wazuh instance is multi node and running in docker and all i am trying to do is enable the syslog server via tcp.
This is the syslog configuration:
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>tcp</protocol>
<allowed-ips>FW_IP</allowed-ips>
<local_ip>VM_IP</local_ip>
</remote>
<connection>syslog</connection>
<port>514</port>
<protocol>tcp</protocol>
<allowed-ips>FW_IP</allowed-ips>
<local_ip>VM_IP</local_ip>
</remote>
Am i doing something wrong?
Md. Nazmur Sakib
Dec 12, 2024, 7:24:03 AM12/12/24
to Wazuh | Mailing List
Hi Daniel,
The local ip should be the docker's IP,not the Host IP
Make sure to add the configuration inside <ossec_config> block of ossec.conf of the manager
I have added a sample configuration for your reference.
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>tcp</protocol>
<allowed-ips>192.168.100.1/32</allowed-ips>
<local_ip>192.168.65.145</local_ip>
</remote>
Please do not update the <remote> configuration block that is already there by default for agent connection.
Ref: https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/syslog.html
Let me know if this solves your issue.
Reply all
Reply to author
Forward
0 new messages