Could not connect to API error

238 views
Skip to first unread message

Ciaran Hernandez

unread,
Jun 2, 2023, 6:29:39 PM6/2/23
to Wazuh mailing list
Hi guys,

I am experiencing a persistent API connection problem where the Wazuh API disconnects randomly every couple of days, and requires a manual wazuh-manager restart - systemctl restart wazuh-manager.

I am not receiving any security logs to my manager during the downtime, which obviously poses a concern. 

Screenshot 2023-06-01 at 3.19.54 PM.png

I am running the Wazuh manager (v4.2.6) with Opendistro for Elasticsearch (v
1.13.2 and using the Kibana plugin (v7.10.2).

I am receiving the following errors in ossec.log during the downtime:

2023/06/01 15:19:25 wazuh-analysisd: ERROR: dbsync: Cannot get response from database.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Cannot receive message: Connection reset by peer (104)

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Cannot send message: (104) 'Connection reset by peer'.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Cannot send message: (104) 'Connection reset by peer'.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: dbsync: Cannot get response from database.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: No response from wazuh-db.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Error querying Wazuh DB to get the agent's 317 labels.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Cannot send message: (32) 'Broken pipe'.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Connection with wazuh-db lost. Reconnecting.

2023/06/01 15:19:25 wazuh-analysisd: INFO: Cannot connect to 'queue/db/wdb': Connection refused (111). Waiting 1 seconds to reconnect.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Cannot send message: (32) 'Broken pipe'.

2023/06/01 15:19:25 wazuh-analysisd: ERROR: Connection with wazuh-db lost. Reconnecting.

2023/06/01 15:19:25 wazuh-analysisd: INFO: Cannot connect to 'queue/db/wdb': Connection refused (111). Waiting 1 seconds to reconnect.

I haven't made any significant configuration changes, and the problem doesn't seem to be related to increased load on the manager. 

I haven't seen any issues like this in the group before, where the API randomly disconnects and requires a manager daemon restart, which is why I popped in this query.

Any help would be appreciated!!






mayte...@wazuh.com

unread,
Jun 5, 2023, 4:30:32 AM6/5/23
to Wazuh mailing list
Hi Ciaran,

Sorry for the late response.

Maybe the error is similar to the one discussed in this issue: Investigate a crash in wazuh-db 

Do you have any registered agents with a version higher than the manager version? That is, above v4.2.6.

If so, this may be causing the issue.

Please, keep us updated.

Best regards,
Mayte Ariza
Message has been deleted

Ciaran Hernandez

unread,
Jun 12, 2023, 2:59:41 PM6/12/23
to Wazuh mailing list
Hi,

Thanks Mayte - updating the Wazuh manager has solved this issue.
Much appreciated!

Ciaran 
Reply all
Reply to author
Forward
0 new messages