Wazuh agent reading log files, not sending them #5221
Description
Hi,
Anyone else having issues with wazuh agent on OPNsense? I can see the log file is read, but the events are not sent to the manager. The ossec.conf is configured to read the log file.
Debug from the ossec.log:
2026/02/13 22:36:30 wazuh-agentd[46660] receiver.c:96 at receive_msg(): DEBUG: Received message: '#!-agent ack '
2026/02/13 22:36:33 wazuh-agentd[46660] state.c:78 at write_state(): DEBUG: Updating state file.
2026/02/13 22:36:37 wazuh-logcollector[52180] read_syslog.c:104 at read_syslog(): DEBUG: Reading syslog message: 'Feb 13 22:36:37 OPNsense-dev.internal audit[30281]: user githubt'...
2026/02/13 22:36:37 wazuh-logcollector[52180] read_syslog.c:104 at read_syslog(): DEBUG: Reading syslog message: 'Feb 13 22:36:37 OPNsense-dev.internal audit[30281]: user githubt'...
2026/02/13 22:36:37 wazuh-logcollector[52180] read_syslog.c:104 at read_syslog(): DEBUG: Reading syslog message: 'Feb 13 22:36:37 OPNsense-dev.internal audit[30281]: /index.php: '...
2026/02/13 22:36:37 wazuh-logcollector[52180] read_syslog.c:152 at read_syslog(): DEBUG: Read 3 lines from /var/ossec/logs/opnsense_syslog.log
2026/02/13 22:36:38 wazuh-agentd[46660] state.c:78 at write_state(): DEBUG: Updating state file.
2026/02/13 22:36:39 wazuh-logcollector[52180] logcollector.c:531 at LogCollectorStart(): DEBUG: Performing file check.
2026/02/13 22:36:39 wazuh-logcollector[52180] logcollector.c:1104 at handle_file(): DEBUG: (1963): Unable to open file '/var/log/suricata/eve.json'.
2026/02/13 22:36:40 wazuh-agentd[46660] notify.c:129 at run_notify(): DEBUG: Sending agent notification