Wazuh UDP port listening issue - URGENT NEED HELP !!
627 views
Skip to first unread message
Muneeb Alam Khan
Jan 19, 2023, 12:47:50 AM1/19/23
to Wazuh mailing list
Dear Team,
I am trying to listen syslogs on my Wazuh 514 UDP port but getting this status of the port. can anyone help me resolve this issue ? I have also configured on ossec.conf in this way
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>UDP</protocol>
<allowed-ips>0.0.0.0/24</allowed-ips>
</remote>
<connection>syslog</connection>
<port>514</port>
<protocol>UDP</protocol>
<allowed-ips>0.0.0.0/24</allowed-ips>
</remote>
please help on urgent basis.
Julia Magán Rodríguez
Jan 19, 2023, 5:46:37 AM1/19/23
to Wazuh mailing list
Hello,
As far as I can see from the image, the status is UNCONN, which is expected since UDP is a connectionless protocol, so ss returns UNCONN status.
To check that the events are coming to wazuh, I recommend you enable logall in the ossec.conf manager and check that the events are coming to /var/ossec/logs/archives/archives.log. Note that this option must be enabled temporarily, as it is very noisy and the files can take up a lot of space.
Reply all
Reply to author
Forward
0 new messages