📡 Fixing Disconnected Agents

When an agent shows as Disconnected, it is usually due to a service failure on the endpoint or a network/firewall block between the endpoint and the Wazuh Manager.

Restart Service on Hestia VM

Log into the Hestia VM and restart the agent. This often restores the connection after a server-side outage.

sudo systemctl restart wazuh-agent

Verify Connection Status

Check the agent logs on the Hestia VM to see if it is successfully "handshaking" with the Manager.

sudo tail -f /var/ossec/logs/ossec.log | grep -iE "error|warn|connected"

Test Connectivity to Port 1514

Wazuh agents communicate via TCP Port 1514. Run this from the Hestia VM to ensure the port is open on the SIEM server.

# Replace with your Wazuh Manager IP
nc -zv wazuh.msls.tech 1514

⚠️ Connection Issues in Oracle Cloud

Since Hestia is in Oracle Cloud, ensure your VCN Ingress Rules and the OS Firewall (ufw/iptables) on both sides allow traffic on Port 1514.

📡 Fixing Disconnected Agents

Restart Service on Hestia VM

Verify Connection Status

Test Connectivity to Port 1514

⚠️ Connection Issues in Oracle Cloud

No Comments