Wazuh-Modulesd : Content-Updater Issue

51 views
Skip to first unread message

Adrien Di Cristofaro

unread,
Nov 12, 2025, 6:23:42 AMNov 12
to Wazuh | Mailing List
Hello,

I'm facing an issue with my Wazuh installation.

This is my infrastructure :

VLAN 1 :

Worker - 1 (master)
Indexer - 1 (master)
Dashboard

VLAN 2 :

Worker - 2 (Slave)

VLAN 3 :

Worker - 3 (Slave)


I've got this message in the logs of Worker 2 & 3 :

Nov 12, 2025 @ 08:48:39.000 wazuh-modulesd:content-updater WARNING Offset processing failed. Triggered a snapshot download. Nov 12, 2025 @ 08:53:10.000 wazuh-modulesd:content-updater WARNING Couldn't run full content download: Error -1 from server: Timeout was reached. Nov 12, 2025 @ 08:57:40.000 wazuh-modulesd:content-updater ERROR Action for 'vulnerability_feed_manager' failed: Error -1 from server: Timeout was reached.


Master is fine and connected to cti.wazuh.com and downloading updates correctly.

Any clue what's wrong ?

I can provide logs if needed.

Br,

Adrien


Adrien Di Cristofaro

unread,
Nov 12, 2025, 6:28:55 AMNov 12
to Wazuh | Mailing List
Does all managers need to have access to cti.wazuh.com ?

Can't I configure them to ask for update to the Master ?

I've just checked my firewall logs, and it seems manager 2 & 3 try to ask cti.wazuh.com for update. That's not what i want.

pdnb

unread,
Nov 12, 2025, 7:05:42 AMNov 12
to Wazuh | Mailing List
you probably looking for https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/configuring-scans.html#offline-vulnerability-detection-configuration

Carlos Ezequiel Bordon

unread,
Nov 12, 2025, 7:58:27 AMNov 12
to Wazuh | Mailing List

This option is currently unavailable. If you wish to maintain this firewall configuration, you can configure it to perform offline updates. Here's the guide: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/configuring-scans.html#offline-vulnerability-detection-configuration

Using this guide, you can set up a process to download and automate this update daily.

Adrien Di Cristofaro

unread,
Nov 12, 2025, 7:58:29 AMNov 12
to Wazuh | Mailing List
The master is connected to wazuh.com // cti.wazuh.com // packages.wazuh.com, so it should be fine.
I don't want to do an offline vulnerability detection.

Br,

Adrien

Adrien Di Cristofaro

unread,
Nov 12, 2025, 8:08:14 AMNov 12
to Wazuh | Mailing List
Ok thanks Carlos,

I'll check if i can find a workaround.

I'll let you know.

Br,

Adrien

Reply all
Reply to author
Forward
0 new messages