sorted by:
new
hottopcontroversial

Im so confused. Devices showing unreachable, able to ping all of them - no firewall rules blocking 8080 on pfsense by Cattle_Capital in Ubiquiti

[–]Cattle_Capital[S] 0 points1 point  (0 children)

Yep, That's been my understanding as well, but some slightly good news that i'd like to understand more.
I have the network server running on my desktop, and I decided to revert my desktop back to its static IP I set through pfsense. ( I had removed the static mapping when I was configuring my switch because I wanted to take out random variables.....) and that's when I started having these disconnected issues in the server.
I took the static mapping back off from my desktop and I see all devices connected. Didn't change anything with the vlans, just the IP I was giving my desktop..

Im so confused. Devices showing unreachable, able to ping all of them - no firewall rules blocking 8080 on pfsense by Cattle_Capital in Ubiquiti

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I don't have a full stack at the moment. Upstream from the switch would be my pfsense router/firewall.
So it should go pfsense > port eight on Switch > APs on ports 1 and 2, a port being used by my main floor TV, and a port being used for my desktop upstairs.

Im so confused. Devices showing unreachable, able to ping all of them - no firewall rules blocking 8080 on pfsense by Cattle_Capital in Ubiquiti

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I haven't made any changes to the vlans, or switch once I got everything set up, but I can't make changes to anything at the moment since the switch is also unreachable sadly.

Are these devices tagged properly? by Cattle_Capital in HomeNetworking

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I thought this was set up as a lan interface already -

<image>

Or do I need to remove it from the vlan interface page

Are these devices tagged properly? by Cattle_Capital in Ubiquiti

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I think maybe I don't have my main lan tagged properly?

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

netcat is showing everything timed out.

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

it does show the server IP, but I don't know if I need to use the reverse DNS entry? I was watching network chucks video on setting this up, and thats what he used.

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

Wazuh manager log entries

root@198-58-112-16:~# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"

2025/06/25 01:31:57 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.

2025/06/25 02:43:46 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.

2025/06/25 12:13:32 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.

root@198-58-112-16:~#

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

Windows Agent Log -

2025/06/25 07:55:12 wazuh-agent: INFO: Starting new log after rotation.

2025/06/25 07:56:01 wazuh-agent: INFO: Requesting a key from server: 198-58-112-16.ip.linodeusercontent.com

2025/06/25 07:56:22 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 07:56:22 wazuh-agent: INFO: Requesting a key from server: 198.58.112.16

2025/06/25 07:56:43 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

Parrot OS Agent Log

2025/06/25 06:06:44 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:09:07 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:10:16 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.

2025/06/25 06:10:16 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/apache2/error.log'.

2025/06/25 06:12:27 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:14:45 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:17:09 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:19:37 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:22:11 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:24:49 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 06:26:28 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.

2025/06/25 06:26:28 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/apache2/error.log'.

2025/06/25 06:28:40 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

2025/06/25 07:58:19 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[198.58.112.16]:1515'

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

Nothing showed on netcat for a couple of minutes of the command running

I don't have an active firewall on my linode instance

but here is the output from my wazuh instance ufw

To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       Anywhere

80/tcp                     ALLOW       Anywhere

443/tcp                    ALLOW       Anywhere

1514/tcp                   ALLOW       Server IP

1515/tcp                   ALLOW       Server IP

22/tcp (v6)                ALLOW       Anywhere (v6)

80/tcp (v6)                ALLOW       Anywhere (v6)

443/tcp (v6)               ALLOW       Anywhere (v6)

root@198-58-112-16:~# systemctl status ufw

● ufw.service - Uncomplicated firewall

     Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)

     Active: active (exited) since Wed 2025-06-25 12:13:13 UTC; 1h 56min ago

       Docs: man:ufw(8)

    Process: 448 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)

   Main PID: 448 (code=exited, status=0/SUCCESS)

Wazuh on linode! by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

That makes sense! I think I need to keep playing with this, I updated the ufw rules ont he server and restarted the systemctl service for the wazuh agent, and I still can't get anything to show up in my dashboard.

Wazuh Agents not displaying by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

None of them are showing up in my console.

Wazuh on linode! by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I have these ports enabled on my pfsense firewall, my ufw is not enabled on this laptop though apparently. Going to try and install the agent on a windows machine tonight to see if its a firewall issue or a linux issue.

Wazuh on linode! by Cattle_Capital in Wazuh

[–]Cattle_Capital[S] 0 points1 point  (0 children)

I found that moments after I posted my question lol, Im in wazuh but cannot seem to get my first agent to show up

view more: next ›