Message from '172.18.0.1' not allowed. Cannot find the ID of the agent
304 views
Skip to first unread message
Tech Master
Jun 30, 2022, 2:08:31 PM6/30/22
to Wazuh mailing list
I use Wazuh Docker v4.3.5 (single node) ,.
When I run "docker-compose logs -f" I see countless messages like:
wazuh.manager_1 | 2022/06/30 14:17:44 wazuh-remoted: WARNING: (1213): Message from '172.18.0.1' not allowed. Cannot find the ID of the agent.
These messages no longer come when I delete this:
<remote>
<connection> syslog </connection>
<port> 514 </port>
<protocol> udp </protocol>
<allowed-ips> 192.168.xx.yy </allowed-ips>
</remote>
192.168.xx.yy is the IP of the firewall that sends the log messages to Wazuh.
Should I also include the docker bridge 172.18.0.1 among the allowed IPs?
When I run "docker-compose logs -f" I see countless messages like:
wazuh.manager_1 | 2022/06/30 14:17:44 wazuh-remoted: WARNING: (1213): Message from '172.18.0.1' not allowed. Cannot find the ID of the agent.
These messages no longer come when I delete this:
<remote>
<connection> syslog </connection>
<port> 514 </port>
<protocol> udp </protocol>
<allowed-ips> 192.168.xx.yy </allowed-ips>
</remote>
192.168.xx.yy is the IP of the firewall that sends the log messages to Wazuh.
Should I also include the docker bridge 172.18.0.1 among the allowed IPs?
David José Iglesias Lopez
Jul 4, 2022, 3:31:40 AM7/4/22
to Wazuh mailing list
Hello Tech Master,
Yes, the syslog messages are arriving at the Wazuh Server from IP 172.18.0.1, you need to add that IP to the list of allowed to avoid getting that warning message and to be able to process the logs.
Yes, the syslog messages are arriving at the Wazuh Server from IP 172.18.0.1, you need to add that IP to the list of allowed to avoid getting that warning message and to be able to process the logs.
Reply all
Reply to author
Forward
0 new messages