Windows server agent disconnected with multiple errors in his log
77 views
Skip to first unread message
Daniel D'Angeli
Jun 10, 2022, 3:39:51 AM6/10/22
to Wazuh mailing list
Hi,
tonight an agent disconnected with multiple errors on his log. We didnt modify his configuration or took any action on the Wazuh Server. Both server and agent are 4.2.5.
Log:
2022/06/09 21:44:30 wazuh-agent: ERROR: (6707): Failed to calculate database checksum.
2022/06/09 21:59:30 wazuh-agent: ERROR: (6707): Failed to calculate database checksum.
2022/06/09 22:04:30 wazuh-agent: ERROR: (6707): Failed to calculate database checksum.
2022/06/09 22:05:07 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Security' channel.
2022/06/09 22:05:07 wazuh-agent: INFO: 'Security' channel has been reconnected succesfully.
2022/06/09 22:05:24 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (14)
2022/06/09 22:05:24 wazuh-agent: ERROR: Could not get message for (Security)
2022/06/09 22:05:24 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Security' channel.
2022/06/09 22:05:24 wazuh-agent: INFO: 'Security' channel has been reconnected succesfully.
2022/06/09 22:05:41 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Application' channel.
2022/06/09 22:05:41 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (14)
2022/06/09 22:05:41 wazuh-agent: INFO: 'Application' channel has been reconnected succesfully.
2022/06/09 22:05:41 wazuh-agent: ERROR: Could not get message for (Security)
2022/06/09 22:05:42 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (15030)
2022/06/09 22:05:42 wazuh-agent: ERROR: Could not get message for (Security)
2022/06/09 21:59:30 wazuh-agent: ERROR: (6707): Failed to calculate database checksum.
2022/06/09 22:04:30 wazuh-agent: ERROR: (6707): Failed to calculate database checksum.
2022/06/09 22:05:07 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Security' channel.
2022/06/09 22:05:07 wazuh-agent: INFO: 'Security' channel has been reconnected succesfully.
2022/06/09 22:05:24 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (14)
2022/06/09 22:05:24 wazuh-agent: ERROR: Could not get message for (Security)
2022/06/09 22:05:24 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Security' channel.
2022/06/09 22:05:24 wazuh-agent: INFO: 'Security' channel has been reconnected succesfully.
2022/06/09 22:05:41 wazuh-agent: WARNING: The eventlog service is down. Unable to collect logs from 'Application' channel.
2022/06/09 22:05:41 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (14)
2022/06/09 22:05:41 wazuh-agent: INFO: 'Application' channel has been reconnected succesfully.
2022/06/09 22:05:41 wazuh-agent: ERROR: Could not get message for (Security)
2022/06/09 22:05:42 wazuh-agent: ERROR: Could not EvtFormatMessage() with flags (1) which returned (15030)
2022/06/09 22:05:42 wazuh-agent: ERROR: Could not get message for (Security)
Any tips on why?
Regards,
Daniel D.
Julio Gasco
Jun 10, 2022, 10:16:28 AM6/10/22
to Wazuh mailing list
Hi Daniel,
Thanks for using our community!
Have you checked the disk space / memory on the agent ? This errors could trigger due to a lack of resources.
I would also need you to do this:
- Restart wazuh agent
- share with me an extract from the logs since the restart, to see if any other error is showing up.
Which Windows version are you running ?
I will try to replicate this error.
Any additional information you can share with us would be great
Regards!!
Daniel D'Angeli
Jun 13, 2022, 2:16:29 AM6/13/22
to Wazuh mailing list
Hi,
yes it was a page file space issue. We adjusted the disk size and now it is working.
Regards,
Daniel D.
Reply all
Reply to author
Forward
0 new messages