error 1208
382 views
Skip to first unread message
BrzI Channel
Nov 20, 2023, 6:44:06 PM11/20/23
to Wazuh | Mailing List
Hi folks,
I have a brand new installation on Ubuntu 22.04 LTS. All components on the same server - as per installation instructions..
Keep getting this on my client machine
2023/11/20 15:38:22 wazuh-agent: INFO: Requesting a key from server: 142.123.13.99
2023/11/20 15:38:44 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[142.123.13.99]:1515'
2023/11/20 15:38:44 wazuh-agent: INFO: Requesting a key from server: 142.123.13.99
2023/11/20 15:38:44 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[142.123.13.99]:1515'
2023/11/20 15:38:44 wazuh-agent: INFO: Requesting a key from server: 142.123.13.99
I have expressly allowed access to UDP ports 1514 and 1515 on the server...
Any ideas on how to get round this issue ?
Thanks
Gabriel Emanuel Valenzuela
Nov 20, 2023, 7:01:50 PM11/20/23
to Wazuh | Mailing List
Hi Brzi! How are you?
It looks like your Wazuh agent on the client machine is having trouble connecting to the enrollment service on your Wazuh manager server. Let's try to troubleshoot this issue.
Here are some steps you can take:
Check Connectivity:
It looks like your Wazuh agent on the client machine is having trouble connecting to the enrollment service on your Wazuh manager server. Let's try to troubleshoot this issue.
Here are some steps you can take:
Check Connectivity:
- Ensure that there are no network issues between your Wazuh agent and manager. Confirm that there is no firewall blocking the connection. You can use the ping command for example.
- Verify IP Address and Port: Double-check that the IP address (142.123.13.99 in your case) and port (1515) specified in your agent configuration match the actual IP and port of your Wazuh manager.
- Check Wazuh Manager Service Status: Confirm that the Wazuh manager service is running on your server. You can check the status using a command like: sudo systemctl status wazuh-manager
- Firewall Configuration: Make sure that the firewall on your Wazuh manager server allows incoming connections on UDP ports 1514 and 1515. You mentioned that you've allowed these ports, but double-check to ensure there are no typos or issues in your firewall configuration.
- Check for Errors in Manager Logs: Examine the Wazuh manager logs for any errors or warnings. The logs are typically located in /var/ossec/logs/ossec.log. Send me a copy of this file and we can analyze it together.
Have a nice week!
BrzI Channel
Nov 21, 2023, 5:35:14 PM11/21/23
to Wazuh | Mailing List
I made it simple..I disabled the firewall and all is good...clients are connecting perfectly.
So...it looks like allowing UDP 1514 and UDP 1515 is not quite sufficient. Can anybody suggest what might be missing ?
Thanks
Gabriel Emanuel Valenzuela
Nov 21, 2023, 7:25:05 PM11/21/23
to Wazuh | Mailing List
If disabling the firewall resolves the connectivity issue, it suggests that there might be additional ports or protocols required for Wazuh to function properly. In addition to UDP ports 1514 and 1515, Wazuh uses other ports and protocols for various components and functionalities. Here are some additional considerations:
Here you have a list of ports used by Wazuh. Remember some ports use the UDP protocol and others TCP protocol.
Also you can check that the Wazuh manager and agents can communicate bidirectionally. Sometimes, firewalls may be configured to allow outgoing traffic but block incoming traffic.
Message has been deleted
BrzI Channel
Nov 22, 2023, 1:35:57 AM11/22/23
to Wazuh | Mailing List
What seems to have done the trick - so far.
1514 TCP and UDP
1515 TCP and UDP
But based on the list you mentioned it looks like TCP on 1514 and 1515 is all that is required. Will try that out.
Thanks
Reply all
Reply to author
Forward
0 new messages