Wazuh 代理连接失败和日志中损坏的负载错误
[英]Wazuh Agent Connection Failure and corrupt payload error in log
问题描述
I have given a Wazuh manager IP and user name and password.
我已经提供了 Wazuh 管理器 IP 以及用户名和密码。 I installed the wazuh agent on my laptop but it is connected to the Manager IP.我在笔记本电脑上安装了 wazuh 代理,但它已连接到 Manager IP。 it is not returning the Authorization key and throw the errors in log file.它没有返回授权密钥并在日志文件中抛出错误。
Important Note:重要的提示:
I am using VPS and install Wazuh agent on it.我正在使用 VPS 并在其上安装 Wazuh 代理。 The errors are错误是
2020/10/29 18:01:55 agent-auth: ERROR: Unable to connect to 10.50.51.64:1515
2020/10/29 18:02:01 ossec-agent: ERROR: Corrupt payload (exceeding size) received.
2020/10/29 18:02:01 ossec-agent: WARNING: Polling server '10.50.51.64' failed. Skipping enrollment.
2020/10/29 18:03:01 ossec-agent: ERROR: Corrupt payload (exceeding size) received.
2020/10/29 18:03:01 ossec-agent: WARNING: Polling server '10.50.51.64' failed. Skipping enrollment
1 个解决方案
解决方案1
0 2020-11-05 15:48:54
I would like to help you with this problem but I'm not able to reproduce it.我想帮助您解决这个问题,但我无法重现它。
From your logs, I see you're running an 4.0 agent which has (by default) the auto-enrollment capability enabled.从您的日志中,我看到您正在运行一个 4.0 代理,该代理(默认情况下)启用了自动注册功能。 The warning:警告:
2020/10/29 18:03:01 ossec-agent: WARNING: Polling server '10.50.51.64' failed. Skipping enrollment
Is generated during an autoenrollment attempt when something went wrong with the manager communication.当经理通信出现问题时,在自动注册尝试期间生成。
This other message:这另一条消息:
2020/10/29 18:01:55 agent-auth: ERROR: Unable to connect to 10.50.51.64:1515
Seems to be produced by a manuall registration attempt using agent-auth.似乎是由使用 agent-auth 的手动注册尝试产生的。 You actually don't need to manually register the agent if autoenrollment is enabled, as it would register automatically but this isn't generating the error, it just indicates that authd didn't work as well.如果启用了自动注册,您实际上不需要手动注册代理,因为它会自动注册,但这不会产生错误,它只是表明 authd 无法正常工作。
Finally, this message:最后,这条消息:
2020/10/29 18:02:01 ossec-agent: ERROR: Corrupt payload (exceeding size) received.
Indicates that the agent is receiving an aswer from the manager but it is corrupted, probably by a networking problem.表示代理正在接收来自管理器的应答,但它已损坏,可能是由于网络问题。
For your message and your logs, I would say that the agent is actually registered but it cannot receive the generated key (an thus, it won't be able to communicate with the manager).对于您的消息和日志,我会说代理实际上已注册,但无法接收生成的密钥(因此,它将无法与管理器通信)。
Is it possible that some configuration in your networks is interfering with the manager response which should send the key to the agent?您的网络中的某些配置是否可能干扰了应该将密钥发送给代理的管理器响应? Have you tried to clean everything an register again?您是否尝试再次清理寄存器中的所有内容? Also, that ip 10.50.51.64 is fully accesible from the agent?另外,ip 10.50.51.64是完全可以从代理访问的吗?
If you tell us about your environment (OS involved, networking, virtualization if exists, etc...) We may be able to give you something more accurate.如果您告诉我们您的环境(所涉及的操作系统、网络、虚拟化(如果存在)等),我们或许可以为您提供更准确的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.