Server and Agent
38 views
Skip to first unread message
Yogi Valentino
Feb 9, 2026, 7:51:51 AM (3 days ago) Feb 9
to Wazuh | Mailing List
Hi,
i got this error from my Wazuh-agent, i am using a wazuh-servern on ubuntu
2026/02/09 18:00:41 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:01:02 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:01:02 wazuh-agent: INFO: Requesting a key from server: 192.168.0.0
2026/02/09 18:01:23 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[192.168.0.0]:1515'
2026/02/09 18:01:33 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.0.0'. Ensure that the manager version is 'v4.14.1' or higher.
2026/02/09 18:01:33 wazuh-agent: WARNING: Unable to connect to any server.
2026/02/09 18:01:33 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:01:54 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:02:04 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:02:25 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:02:35 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:02:56 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:03:06 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:03:27 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
i got this error from my Wazuh-agent, i am using a wazuh-servern on ubuntu
2026/02/09 18:00:41 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:01:02 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:01:02 wazuh-agent: INFO: Requesting a key from server: 192.168.0.0
2026/02/09 18:01:23 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[192.168.0.0]:1515'
2026/02/09 18:01:33 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.0.0'. Ensure that the manager version is 'v4.14.1' or higher.
2026/02/09 18:01:33 wazuh-agent: WARNING: Unable to connect to any server.
2026/02/09 18:01:33 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:01:54 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:02:04 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:02:25 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:02:35 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:02:56 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
2026/02/09 18:03:06 wazuh-agent: INFO: Trying to connect to server ([192.168.0.0]:1514/tcp).
2026/02/09 18:03:27 wazuh-agent: ERROR: (1216): Unable to connect to '[192.168.0.0]:1514/tcp': 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.
hasitha.u...@wazuh.com
Feb 10, 2026, 2:03:46 AM (2 days ago) Feb 10
to Wazuh | Mailing List
Hi Yogi,
Please allow me some time; I’m currently looking into this and will get back to you with an update as soon as possible.
Please allow me some time; I’m currently looking into this and will get back to you with an update as soon as possible.
hasitha.u...@wazuh.com
Feb 10, 2026, 2:30:14 AM (2 days ago) Feb 10
to Wazuh | Mailing List
Hi Yogi,
<server>
<address>192.168.50.10</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
Save the file and restart the agent:
Linux: sudo systemctl restart wazuh-agent
Check the agent logs again (/var/ossec/logs/ossec.log on Linux agent) for a successful connection.
If the issue persists, please verify that the Wazuh manager server is up and running by checking the service status with this command:
Run this on the manager node: systemctl status wazuh-manager
If the Wazuh manager service is running properly on the server, then check the connectivity from the agent side to confirm it can reach the manager.
On Linux (with netcat installed), open a terminal and run the following command. Replace <WAZUH_MANAGER_IP_ADDRESS> with your Wazuh manager IP address or FQDN (Fully Qualified Domain Name).
nc -zv <WAZUH_MANAGER_IP_ADDRESS> 1514 1515 55000
You can check further by referring to the Wazuh agent troubleshooting guide.
Let's verify these first and share the update so we can further check the issue.
The logs from your Wazuh agent indicate a repeated failure to establish a TCP connection to the server at IP address 192.168.0.0 on port 1514 (for agent communication) and port 1515 (for enrollment). The specific errors (1216 and 1208) point to network timeouts or unreachable services, where the agent can't reach the server at all.
Follow these in order on the agent and server machines.
1. Confirm and Correct the Server IP in Agent Config- On the agent machine, edit the configuration file:
- Linux: /var/ossec/etc/ossec.conf
- Look for the <client> section and update the <server> block to use the correct server IP (replace 192.168.0.x with your actual server IP, e.g., 192.168.0.1):
Check the IP address of the Ubuntu agent instance using the ifconfig command and configure the IP accordingly in the agent ossec.conf file.
<server>
<address>192.168.50.10</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
Save the file and restart the agent:
Linux: sudo systemctl restart wazuh-agent
Check the agent logs again (/var/ossec/logs/ossec.log on Linux agent) for a successful connection.
If the issue persists, please verify that the Wazuh manager server is up and running by checking the service status with this command:
Run this on the manager node: systemctl status wazuh-manager
If the Wazuh manager service is running properly on the server, then check the connectivity from the agent side to confirm it can reach the manager.
On Linux (with netcat installed), open a terminal and run the following command. Replace <WAZUH_MANAGER_IP_ADDRESS> with your Wazuh manager IP address or FQDN (Fully Qualified Domain Name).
nc -zv <WAZUH_MANAGER_IP_ADDRESS> 1514 1515 55000
You can check further by referring to the Wazuh agent troubleshooting guide.
Let's verify these first and share the update so we can further check the issue.
Yogi Valentino
Feb 10, 2026, 3:59:34 AM (2 days ago) Feb 10
to hasitha.u...@wazuh.com, Wazuh | Mailing List
So the agent need to reach server for communication? Actually I use a network that only server can ping the agent but the agent can't ping server.
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/oc5MHaVldOk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/0632bcbe-bb33-4b85-b659-3b6c675471dbn%40googlegroups.com.
Farouk Musa
Feb 10, 2026, 4:11:06 AM (2 days ago) Feb 10
to Wazuh | Mailing List
Yes correct. The agent collects telemetry and sends to the server. It also carries out other functions like the security configuration assessment, active response, etc. So both the agent and the server will need to communicate with each other over the network.
Yogi Valentino
Feb 10, 2026, 8:10:37 AM (2 days ago) Feb 10
to Farouk Musa, Wazuh | Mailing List
Hello Farouk
I see- so that's how it works, but isn't it a bit tricky if both Wazuh Server and Agent are in the same network. So the Agent can also gain access to the server and we don't want that, right?
Do you have any ideas?
To view this discussion visit https://groups.google.com/d/msgid/wazuh/2de7e797-f7bb-4c13-8a9c-c87383213021n%40googlegroups.com.
Farouk Musa
Feb 10, 2026, 9:05:00 AM (2 days ago) Feb 10
to Wazuh | Mailing List
The agent communicates to the server on specific port. The telemetry is done via 1514 and the 1515 for the enrollment, you can see it here . So the agent only communicates on those ports and does "gain access to the server" in the sense of something like remote control. For users with peculiar security concerns, you can permit only the ports that are specifically required.
Reply all
Reply to author
Forward
0 new messages