Update Report

Testing

Task that downloads the Filebeat module:

TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ***
changed: [192.168.57.203] => {"changed": true, "checksum_dest": null, "checksum_src": "641859f28e6e7162ba9cafff5028ca31aca2feb0", "dest": "/tmp/wazuh-filebeat-0.3.tar.gz", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "37822214880237ca51ff95de163cdbed", "mode": "0644", "msg": "OK (1781 bytes)", "owner": "root", "size": 1781, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151154.5006778-43693-24617927617182/tmp2_yac_wk", "state": "file", "status_code": 200, "uid": 0, "url": "https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.3.tar.gz"}

:green_circle: AIO installation with Ansible

```console $ ansible-playbook wazuh-single.yml -v Using /home/davidcr01/Wazuh/ansible/playbooks/ansible.cfg as config file PLAY [localhost] *************************************************************** TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************** ok: [localhost] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo_vars.yml"], "changed": false} TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************** ok: [localhost] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "filebeat_module_package_url": "https://packages-dev.wazuh.com/pre-release/filebeat", "wazuh_repo": {"apt": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/pre-release/yum/"}, "wazuh_winagent_config_url": "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-indexer/tasks/../../vars/repo.yml"], "changed": false} TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************** skipping: [localhost] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : include_vars] ***************************** skipping: [localhost] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] ***** ok: [localhost] => {"changed": false, "stat": {"atime": 1700148534.5019865, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "binary", "ctime": 1700148538.102013, "dev": 2051, "device_type": 0, "executable": true, "exists": true, "gid": 1000, "gr_name": "davidcr01", "inode": 10235588, "isblk": false, "ischr": false, "isdir": true, "isfifo": false, "isgid": false, "islnk": false, "isreg": false, "issock": false, "isuid": false, "mimetype": "inode/directory", "mode": "0755", "mtime": 1700148538.102013, "nlink": 3, "path": "/home/davidcr01/Wazuh/ansible/playbooks/indexer/certificates", "pw_name": "davidcr01", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 4096, "uid": 1000, "version": "3417130634", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true}} TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] *** skipping: [localhost] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] *** skipping: [localhost] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] *** skipping: [localhost] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] *** skipping: [localhost] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] *** skipping: [localhost] => {"changed": false, "false_condition": "not certificates_folder.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] ******************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] *************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ****************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] *** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ******************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Update cache] ***************************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ******* skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] *********** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] ************* skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] ******************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] ***** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ******* skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : include_tasks] **************************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] ***** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Index files to remove] ******************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] *********************** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] *** skipping: [localhost] => {"changed": false, "false_condition": "perform_installation", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] *** changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2023-11-16 16:09:31 UTC", "ActiveEnterTimestampMonotonic": "370674127", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network-online.target sysinit.target system.slice tmp.mount systemd-tmpfiles-setup.service basic.target systemd-journald.socket -.mount", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2023-11-16 16:09:14 UTC", "AssertTimestampMonotonic": "354085670", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "39657257000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanClean": "runtime", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2023-11-16 16:09:14 UTC", "ConditionTimestampMonotonic": "354085668", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-indexer.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Wazuh-indexer", "DevicePolicy": "auto", "Documentation": "https://documentation.wazuh.com", "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "Environment": "OPENSEARCH_HOME=/usr/share/wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer PID_DIR=/run/wazuh-indexer OPENSEARCH_SD_NOTIFY=true", "EnvironmentFiles": "/etc/sysconfig/wazuh-indexer (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "3870", "ExecMainStartTimestamp": "Thu 2023-11-16 16:09:14 UTC", "ExecMainStartTimestampMonotonic": "354100721", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; ignore_errors=no ; start_time=[Thu 2023-11-16 16:09:14 UTC] ; stop_time=[n/a] ; pid=3870 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; flags= ; start_time=[Thu 2023-11-16 16:09:14 UTC] ; stop_time=[n/a] ; pid=3870 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/wazuh-indexer.service", "FreezerState": "running", "GID": "122", "Group": "wazuh-indexer", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-indexer.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2023-11-16 16:09:15 UTC", "InactiveExitTimestampMonotonic": "354101481", "InvocationID": "3c3870b8282b4d3e85e2fc159e46af2e", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "65535", "LimitNOFILESoft": "65535", "LimitNPROC": "4096", "LimitNPROCSoft": "4096", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "3870", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "1366786048", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-indexer.service", "NeedDaemonReload": "yes", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice -.mount", "RequiresMountsFor": "/var/tmp /run/wazuh-indexer /usr/share/wazuh-indexer", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectory": "wazuh-indexer", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2023-11-16 16:09:31 UTC", "StateChangeTimestampMonotonic": "370674127", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SuccessExitStatus": "143", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "45", "TasksMax": "4572", "TimeoutAbortUSec": "infinity", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "3min", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "infinity", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UID": "114", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "User": "wazuh-indexer", "UtmpMode": "init", "Wants": "tmp.mount network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}} TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] *************** ok: [192.168.57.203] => {"attempts": 1, "changed": false, "content": "1700150989 16:09:49 wazuh green 1 1 true 2 2 0 0 0 0 - 100.0%\n", "content_length": "62", "content_type": "text/plain; charset=UTF-8", "cookies": {}, "cookies_string": "", "elapsed": 0, "msg": "OK (62 bytes)", "redirected": false, "status": 200, "url": "https://192.168.57.203:9200/_cat/health/"} TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip']", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\"", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] ************* ok: [192.168.57.203] => {"changed": false, "name": null, "status": {}} TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] ************* ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1700150696, "cache_updated": false, "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ********************* ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo_vars.yml"], "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ********************* ok: [192.168.57.203] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "filebeat_module_package_url": "https://packages-dev.wazuh.com/pre-release/filebeat", "wazuh_repo": {"apt": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/pre-release/yum/"}, "wazuh_winagent_config_url": "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/../../vars/repo.yml"], "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ********************* skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] ********************* skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] *** ok: [192.168.57.203] => {"ansible_facts": {"wazuh_manager_config": {"agents_disconnection_alert_time": "100s", "agents_disconnection_time": "20s", "alerts_log": "yes", "api": {"access_block_time": 300, "access_max_login_attempts": 5, "access_max_request_per_minute": 300, "behind_proxy_server": false, "bind_addr": "0.0.0.0", "cache": true, "cache_time": 0.75, "cors": false, "cors_allow_credentials": false, "cors_allow_headers": "*", "cors_expose_headers": "*", "cors_source_route": "*", "drop_privileges": true, "experimental_features": false, "https": true, "https_ca": "api/configuration/ssl/ca.crt", "https_cert": "api/configuration/ssl/server.crt", "https_key": "api/configuration/ssl/server.key", "https_use_ca": false, "logging_level": "info", "logging_path": "logs/api.log", "port": 55000, "remote_commands_localfile": true, "remote_commands_localfile_exceptions": [], "remote_commands_wodle": true, "remote_commands_wodle_exceptions": []}, "authd": {"ciphers": "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH", "enable": true, "force": {"after_registration_time": "1h", "disconnected_time": "1h", "enabled": "yes", "key_mismatch": "yes"}, "port": 1515, "purge": "yes", "ssl_agent_ca": null, "ssl_auto_negotiate": "no", "ssl_manager_cert": "sslmanager.cert", "ssl_manager_key": "sslmanager.key", "ssl_verify_host": "no", "use_password": "no", "use_source_ip": "no"}, "cis_cat": {"ciscat_path": "wodles/ciscat", "disable": "yes", "install_java": "yes", "interval": "1d", "java_path": "/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin", "scan_on_start": "yes", "timeout": 1800}, "cluster": {"bind_addr": "0.0.0.0", "disable": "yes", "hidden": "no", "key": "ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa", "name": "wazuh", "node_name": "manager_01", "node_type": "master", "nodes": ["manager"], "port": "1516"}, "commands": [{"executable": "disable-account", "name": "disable-account", "timeout_allowed": "yes"}, {"executable": "restart-wazuh", "name": "restart-wazuh"}, {"executable": "firewall-drop", "expect": "srcip", "name": "firewall-drop", "timeout_allowed": "yes"}, {"executable": "host-deny", "name": "host-deny", "timeout_allowed": "yes"}, {"executable": "route-null", "name": "route-null", "timeout_allowed": "yes"}, {"executable": "route-null.exe", "name": "win_route-null", "timeout_allowed": "yes"}, {"executable": "netsh.exe", "name": "netsh", "timeout_allowed": "yes"}], "connection": [{"port": "1514", "protocol": "tcp", "queue_size": 131072, "type": "secure"}], "email_level": 12, "email_log_source": "alerts.log", "email_notification": "no", "extra_emails": [{"do_not_delay": false, "do_not_group": false, "enable": false, "event_location": null, "format": "full", "group": null, "level": 7, "mail_to": "recipient@example.wazuh.com", "rule_id": null}], "globals": ["127.0.0.1", "^localhost.localdomain$", "127.0.0.53"], "integrations": [{"alert_format": "json", "alert_level": 10, "hook_url": "", "name": null, "rule_id": null}, {"alert_level": 12, "api_key": "", "name": null}], "json_output": "yes", "labels": {"enable": false, "list": [{"key": "Env", "value": "Production"}]}, "localfiles": {"centos": [{"format": "syslog", "location": "/var/log/messages"}, {"format": "syslog", "location": "/var/log/secure"}, {"format": "syslog", "location": "/var/log/maillog"}, {"format": "audit", "location": "/var/log/audit/audit.log"}], "common": [{"command": "df -P", "format": "command", "frequency": "360"}, {"alias": "netstat listening ports", "command": "netstat -tulpn | sed 's/\$[[:alnum:]]\\+\$\\ \\+[[:digit:]]\\+\\ \\+[[:digit:]]\\+\\ \\+\$.*\$:\$[[:digit:]]*\$\\ \\+\$[0-9\\.\\:\\*]\\+\$.\\+\\ \$[[:digit:]]*\\/[[:alnum:]\\-]*\$.*/\\1 \\2 == \\3 == \\4 \\5/' | sort -k 4 -g | sed 's/ == \$.*\$ ==/:\\1/' | sed 1,2d", "format": "full_command", "frequency": "360"}, {"command": "last -n 20", "format": "full_command", "frequency": "360"}, {"format": "syslog", "location": "/var/ossec/logs/active-responses.log"}], "debian": [{"format": "syslog", "location": "/var/log/auth.log"}, {"format": "syslog", "location": "/var/log/syslog"}, {"format": "syslog", "location": "/var/log/dpkg.log"}, {"format": "syslog", "location": "/var/log/kern.log"}]}, "log_format": "plain", "log_level": 3, "logall": "no", "logall_json": "no", "mail_from": "wazuh@example.wazuh.com", "mail_maxperhour": 12, "mail_queue_size": 131072, "mail_smtp_server": "smtp.example.wazuh.com", "mail_to": ["admin@example.net"], "monitor_aws": {"disabled": "yes", "interval": "10m", "run_on_start": "yes", "s3": [{"access_key": null, "bucket_type": null, "name": null, "only_logs_after": null, "path": null, "secret_key": null}], "skip_on_error": "yes"}, "openscap": {"disable": "yes", "interval": "1d", "scan_on_start": "yes", "timeout": 1800}, "osquery": {"ad_labels": "yes", "config_path": "/etc/osquery/osquery.conf", "disable": "yes", "log_path": "/var/log/osquery/osqueryd.results.log", "run_daemon": "yes"}, "repo": {"apt": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/pre-release/yum/"}, "reports": [{"category": "syscheck", "email_to": "recipient@example.wazuh.com", "enable": false, "group": null, "level": null, "location": null, "rule": null, "showlogs": null, "srcip": null, "title": "Daily report: File changes", "user": null}], "rootcheck": {"frequency": 43200}, "rule_exclude": ["0215-policy_rules.xml"], "ruleset": {"cdb_lists": ["audit-keys", "security-eventchannel", "amazon/aws-eventnames"], "decoders_path": "custom_ruleset/decoders/", "rules_path": "custom_ruleset/rules/"}, "sca": {"day": "", "enabled": "yes", "interval": "12h", "scan_on_start": "yes", "skip_nfs": "yes", "time": "", "wday": ""}, "syscheck": {"auto_ignore": "no", "auto_ignore_frequency": {"frequency": "frequency=\"10\"", "timeframe": "timeframe=\"3600\"", "value": "no"}, "directories": [{"checks": "", "dirs": "/etc,/usr/bin,/usr/sbin"}, {"checks": "", "dirs": "/bin,/sbin,/boot"}], "disable": "no", "frequency": 43200, "ignore": ["/etc/mtab", "/etc/hosts.deny", "/etc/mail/statistics", "/etc/random-seed", "/etc/random.seed", "/etc/adjtime", "/etc/httpd/logs", "/etc/utmpx", "/etc/wtmpx", "/etc/cups/certs", "/etc/dumpdates", "/etc/svc/volatile"], "ignore_linux_type": [".log$|.swp$"], "max_eps": 100, "no_diff": ["/etc/ssl/private.key"], "process_priority": 10, "scan_on_start": "yes", "skip_dev": "yes", "skip_nfs": "yes", "skip_proc": "yes", "skip_sys": "yes", "sync_enabled": "yes", "sync_interval": "5m", "sync_max_eps": 10, "sync_max_interval": "1h"}, "syscollector": {"disable": "no", "hardware": "yes", "interval": "1h", "network": "yes", "os": "yes", "packages": "yes", "ports_no": "yes", "processes": "yes", "scan_on_start": "yes"}, "syslog_outputs": [{"format": null, "port": null, "server": null}], "vulnerability_detector": {"enabled": "no", "interval": "5m", "min_full_scan_interval": "6h", "providers": [{"enabled": "no", "name": "\"canonical\"", "os": ["trusty", "xenial", "bionic", "focal", "jammy"], "update_interval": "1h"}, {"enabled": "no", "name": "\"debian\"", "os": ["buster", "bullseye", "bookworm"], "update_interval": "1h"}, {"enabled": "no", "name": "\"redhat\"", "os": ["5", "6", "7", "8", "9"], "update_interval": "1h"}, {"enabled": "no", "name": "\"almalinux\"", "os": ["8", "9"], "update_interval": "1h"}, {"enabled": "no", "name": "\"alas\"", "os": ["amazon-linux", "amazon-linux-2", "amazon-linux-2023"], "update_interval": "1h"}, {"enabled": "no", "name": "\"suse\"", "os": ["11-server", "11-desktop", "12-server", "12-desktop", "15-server", "15-desktop"], "update_interval": "1h"}, {"enabled": "no", "name": "\"arch\"", "update_interval": "1h"}, {"enabled": "no", "name": "\"msu\"", "update_interval": "1h"}, {"enabled": "no", "name": "\"nvd\"", "update_interval": "1h"}], "run_on_start": "yes"}}}, "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ******************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "(ansible_os_family == \"RedHat\" and ansible_distribution_major_version|int > 5) or (ansible_os_family == \"RedHat\" and ansible_distribution == \"Amazon\")", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ******************** included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 192.168.57.203 TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *** changed: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1700150696, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n acl apt-transport-https\n0 upgraded, 2 newly installed, 0 to remove and 154 not upgraded.\nNeed to get 40.0 kB of archives.\nAfter this operation, 375 kB of additional disk space will be used.\nGet:1 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 acl amd64 2.3.1-1 [38.5 kB]\nGet:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.11 [1510 B]\nFetched 40.0 kB in 1s (49.2 kB/s)\nSelecting previously unselected package acl.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 76939 files and directories currently installed.)\r\nPreparing to unpack .../archives/acl_2.3.1-1_amd64.deb ...\r\nUnpacking acl (2.3.1-1) ...\r\nSelecting previously unselected package apt-transport-https.\r\nPreparing to unpack .../apt-transport-https_2.4.11_all.deb ...\r\nUnpacking apt-transport-https (2.4.11) ...\r\nSetting up apt-transport-https (2.4.11) ...\r\nSetting up acl (2.3.1-1) ...\r\nProcessing triggers for man-db (2.10.2-1) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " acl apt-transport-https", "0 upgraded, 2 newly installed, 0 to remove and 154 not upgraded.", "Need to get 40.0 kB of archives.", "After this operation, 375 kB of additional disk space will be used.", "Get:1 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 acl amd64 2.3.1-1 [38.5 kB]", "Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.11 [1510 B]", "Fetched 40.0 kB in 1s (49.2 kB/s)", "Selecting previously unselected package acl.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 76939 files and directories currently installed.)", "Preparing to unpack .../archives/acl_2.3.1-1_amd64.deb ...", "Unpacking acl (2.3.1-1) ...", "Selecting previously unselected package apt-transport-https.", "Preparing to unpack .../apt-transport-https_2.4.11_all.deb ...", "Unpacking apt-transport-https (2.4.11) ...", "Setting up apt-transport-https (2.4.11) ...", "Setting up acl (2.3.1-1) ...", "Processing triggers for man-db (2.10.2-1) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_distribution_major_version | int == 14", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key] *** ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "short_id": "29111145"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] *** ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "sources_added": [], "sources_removed": [], "state": "present"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] *** ok: [192.168.57.203] => {"ansible_facts": {"cis_distribution_filename": "cis_debian_linux_rcl.txt"}, "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "(ansible_distribution == \"Ubuntu\" and ansible_distribution_major_version | int == 14)", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.cis_cat.disable == 'no'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.openscap.disable == 'no'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies to build from sources] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_sources_installation.enabled", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] *** changed: [192.168.57.203] => {"cache_update_time": 1700150696, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nSuggested packages:\n expect\nThe following NEW packages will be installed:\n wazuh-manager\n0 upgraded, 1 newly installed, 0 to remove and 154 not upgraded.\nNeed to get 171 MB of archives.\nAfter this operation, 629 MB of additional disk space will be used.\nGet:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.6.0-1 [171 MB]\nFetched 171 MB in 44s (3911 kB/s)\nSelecting previously unselected package wazuh-manager.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 76953 files and directories currently installed.)\r\nPreparing to unpack .../wazuh-manager_4.6.0-1_amd64.deb ...\r\nUnpacking wazuh-manager (4.6.0-1) ...\r\nSetting up wazuh-manager (4.6.0-1) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "Suggested packages:", " expect", "The following NEW packages will be installed:", " wazuh-manager", "0 upgraded, 1 newly installed, 0 to remove and 154 not upgraded.", "Need to get 171 MB of archives.", "After this operation, 629 MB of additional disk space will be used.", "Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.6.0-1 [171 MB]", "Fetched 171 MB in 44s (3911 kB/s)", "Selecting previously unselected package wazuh-manager.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 76953 files and directories currently installed.)", "Preparing to unpack .../wazuh-manager_4.6.0-1_amd64.deb ...", "Unpacking wazuh-manager (4.6.0-1) ...", "Setting up wazuh-manager (4.6.0-1) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ******************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_sources_installation.enabled", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ******************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_custom_packages_installation_manager_enabled", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ******************* changed: [192.168.57.203] => {"cache_update_time": 1700150696, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n tcl-expect\nSuggested packages:\n tk8.6\nThe following NEW packages will be installed:\n expect tcl-expect\n0 upgraded, 2 newly installed, 0 to remove and 155 not upgraded.\nNeed to get 242 kB of archives.\nAfter this operation, 549 kB of additional disk space will be used.\nGet:1 https://mirrors.edge.kernel.org/ubuntu jammy/universe amd64 tcl-expect amd64 5.45.4-2build1 [105 kB]\nGet:2 https://mirrors.edge.kernel.org/ubuntu jammy/universe amd64 expect amd64 5.45.4-2build1 [137 kB]\nFetched 242 kB in 1s (416 kB/s)\nSelecting previously unselected package tcl-expect:amd64.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 98240 files and directories currently installed.)\r\nPreparing to unpack .../tcl-expect_5.45.4-2build1_amd64.deb ...\r\nUnpacking tcl-expect:amd64 (5.45.4-2build1) ...\r\nSelecting previously unselected package expect.\r\nPreparing to unpack .../expect_5.45.4-2build1_amd64.deb ...\r\nUnpacking expect (5.45.4-2build1) ...\r\nSetting up tcl-expect:amd64 (5.45.4-2build1) ...\r\nSetting up expect (5.45.4-2build1) ...\r\nProcessing triggers for man-db (2.10.2-1) ...\r\nProcessing triggers for libc-bin (2.35-0ubuntu3.1) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " tcl-expect", "Suggested packages:", " tk8.6", "The following NEW packages will be installed:", " expect tcl-expect", "0 upgraded, 2 newly installed, 0 to remove and 155 not upgraded.", "Need to get 242 kB of archives.", "After this operation, 549 kB of additional disk space will be used.", "Get:1 https://mirrors.edge.kernel.org/ubuntu jammy/universe amd64 tcl-expect amd64 5.45.4-2build1 [105 kB]", "Get:2 https://mirrors.edge.kernel.org/ubuntu jammy/universe amd64 expect amd64 5.45.4-2build1 [137 kB]", "Fetched 242 kB in 1s (416 kB/s)", "Selecting previously unselected package tcl-expect:amd64.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 98240 files and directories currently installed.)", "Preparing to unpack .../tcl-expect_5.45.4-2build1_amd64.deb ...", "Unpacking tcl-expect:amd64 (5.45.4-2build1) ...", "Selecting previously unselected package expect.", "Preparing to unpack .../expect_5.45.4-2build1_amd64.deb ...", "Unpacking expect (5.45.4-2build1) ...", "Setting up tcl-expect:amd64 (5.45.4-2build1) ...", "Setting up expect (5.45.4-2build1) ...", "Processing triggers for man-db (2.10.2-1) ...", "Processing triggers for libc-bin (2.35-0ubuntu3.1) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] ***** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] *** skipping: [192.168.57.203] => (item=) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "", "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => (item=sslmanager.cert) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.cert", "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => (item=sslmanager.key) => {"ansible_loop_var": "item", "changed": false, "false_condition": "wazuh_manager_config.authd.ssl_agent_ca is not none", "item": "sslmanager.key", "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"} TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] *** ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}} TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] *** ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}} TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "old_authd_service.stat.exists", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] *** skipping: [192.168.57.203] => (item=/etc/init.d/ossec-authd) => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/etc/init.d/ossec-authd", "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => (item=/lib/systemd/system/ossec-authd.service) => {"ansible_loop_var": "item", "changed": false, "false_condition": "old_authd_service.stat.exists", "item": "/lib/systemd/system/ossec-authd.service", "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"} TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] *** changed: [192.168.57.203] => {"changed": true, "checksum": "e2ed6d5f4bc85b2a6338ffa3b67af9c56a6a2b9b", "dest": "/var/ossec/etc/rules/local_rules.xml", "gid": 123, "group": "wazuh", "md5sum": "1b8bd14835b49b9d399db692d86e243c", "mode": "0640", "owner": "wazuh", "size": 496, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151099.6461406-43335-243051223076313/source", "state": "file", "uid": 115} TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] ********* changed: [192.168.57.203] => {"changed": true, "checksum": "948b7acf2a4e9434837fd8a9ae4282d764159a34", "dest": "/var/ossec/etc/rules/sample_custom_rules.xml", "gid": 123, "group": "wazuh", "md5sum": "d0484a12c7a6bdb1ca1a7e7c890cccc2", "mode": "0640", "owner": "wazuh", "size": 457, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151100.2957985-43363-195277885494797/source", "state": "file", "uid": 115} TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] *** changed: [192.168.57.203] => {"changed": true, "checksum": "22b3dffce338aa3b465f90b0a442f1892ab416dd", "dest": "/var/ossec/etc/decoders/local_decoder.xml", "gid": 123, "group": "wazuh", "md5sum": "13848075a6d3a8d32a675bb10b4ddc6d", "mode": "0640", "owner": "wazuh", "size": 775, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151100.9177065-43391-128849989243529/source", "state": "file", "uid": 115} TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] ****** changed: [192.168.57.203] => {"changed": true, "checksum": "ef2930e35e0d314628a611effb545e0571e49b5d", "dest": "/var/ossec/etc/decoders/sample_custom_decoders.xml", "gid": 123, "group": "wazuh", "md5sum": "ca839098b00c8095ed956d0b6ff40e43", "mode": "0640", "owner": "wazuh", "size": 775, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151101.5632555-43419-189474576190417/source", "state": "file", "uid": 115} TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "shared_agent_config is defined", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] *** changed: [192.168.57.203] => {"changed": true, "checksum": "e2c8d0d38358dcd7c92e57b8f2cb0e7dfcf112e3", "dest": "/var/ossec/etc/local_internal_options.conf", "gid": 123, "group": "wazuh", "md5sum": "f460d5ec8ff02ba64b925188630fdf31", "mode": "0640", "owner": "root", "size": 473, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151102.2334347-43449-151240125522072/source", "state": "file", "uid": 0} TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] *** ok: [192.168.57.203] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml"], "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] ***** ok: [192.168.57.203] => {"ansible_facts": {}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml"], "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] *** skipping: [192.168.57.203] => (item={'server': None, 'port': None, 'format': None}) => {"ansible_loop_var": "item", "changed": false, "false_condition": "item.server is not none", "item": {"format": null, "port": null, "server": null}, "skip_reason": "Conditional result was False"} skipping: [192.168.57.203] => {"changed": false, "msg": "All items skipped"} TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] *** ok: [192.168.57.203] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]} TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] ************* skipping: [192.168.57.203] => {"changed": false, "false_condition": "syslog_output is defined and syslog_output", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] *** ok: [192.168.57.203] => {"changed": false, "cmd": "set -o pipefail\n\"grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo\"\n", "delta": null, "end": null, "msg": "Did not run command since '/var/ossec/bin/.process_list' does not exist", "rc": 0, "start": null, "stderr": "", "stderr_lines": [], "stdout": "skipped, since /var/ossec/bin/.process_list does not exist", "stdout_lines": ["skipped, since /var/ossec/bin/.process_list does not exist"]} TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] ********** skipping: [192.168.57.203] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_manager_config.json_output == 'no'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] ************* changed: [192.168.57.203] => {"changed": true, "checksum": "0f19f528e94fe10363c55307c3820b98b5935b2c", "dest": "/var/ossec/etc/ossec.conf", "gid": 123, "group": "wazuh", "md5sum": "ab722a96dca14a4ac3e71f43b631d8da", "mode": "0644", "owner": "root", "size": 10070, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151103.7647557-43521-185111668370470/source", "state": "file", "uid": 0} TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] ************* skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] ********** skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] **************** skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ******* skipping: [192.168.57.203] => {"changed": false, "false_condition": "wazuh_api_users is defined", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] ********* skipping: [192.168.57.203] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] **************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "agentless_creds is defined", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] *** changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestamp": "n/a", "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target network-online.target sysinit.target system.slice systemd-journald.socket basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestamp": "n/a", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestamp": "n/a", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Wazuh manager", "DevicePolicy": "auto", "DynamicUser": "no", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestamp": "n/a", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStopEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/wazuh-manager.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-manager.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "n/a", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "65536", "LimitNOFILESoft": "65536", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-manager.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "yes", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "n/a", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "UtmpMode": "init", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ************** skipping: [192.168.57.203] => {"changed": false, "skipped_reason": "No items in the list"} TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ************** included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 192.168.57.203 TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] *** ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "sources_added": [], "sources_removed": ["/etc/apt/sources.list.d/wazuh-indexer.list"], "state": "absent"} TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\" or ansible_os_family == \"Amazon\"", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ********************** ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/../../vars/repo_vars.yml"], "changed": false} TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ********************** ok: [192.168.57.203] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "filebeat_module_package_url": "https://packages-dev.wazuh.com/pre-release/filebeat", "wazuh_repo": {"apt": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/pre-release/yum/"}, "wazuh_winagent_config_url": "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/../../vars/repo.yml"], "changed": false} TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] ********************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ********************* skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ********************* included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 192.168.57.203 TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *** ok: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1700151131, "cache_updated": false, "changed": false} TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Elasticsearch apt key.] *** ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "short_id": "29111145"} TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] *** ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "sources_added": ["/etc/apt/sources.list.d/packages_dev_wazuh_com_pre_release_apt.list"], "sources_removed": [], "state": "present"} TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] ********* skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] ********* changed: [192.168.57.203] => {"attempts": 1, "cache_update_time": 1700151139, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n filebeat\n0 upgraded, 1 newly installed, 0 to remove and 155 not upgraded.\nNeed to get 22.1 MB of archives.\nAfter this operation, 73.6 MB of additional disk space will be used.\nGet:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB]\nFetched 22.1 MB in 7s (3105 kB/s)\nSelecting previously unselected package filebeat.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 98322 files and directories currently installed.)\r\nPreparing to unpack .../filebeat_7.10.2_amd64.deb ...\r\nUnpacking filebeat (7.10.2) ...\r\nSetting up filebeat (7.10.2) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " filebeat", "0 upgraded, 1 newly installed, 0 to remove and 155 not upgraded.", "Need to get 22.1 MB of archives.", "After this operation, 73.6 MB of additional disk space will be used.", "Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB]", "Fetched 22.1 MB in 7s (3105 kB/s)", "Selecting previously unselected package filebeat.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 98322 files and directories currently installed.)", "Preparing to unpack .../filebeat_7.10.2_amd64.deb ...", "Unpacking filebeat (7.10.2) ...", "Setting up filebeat (7.10.2) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] *** ok: [192.168.57.203] => {"changed": false, "stat": {"exists": false}} TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] *** changed: [192.168.57.203] => {"changed": true, "checksum_dest": null, "checksum_src": "641859f28e6e7162ba9cafff5028ca31aca2feb0", "dest": "/tmp/wazuh-filebeat-0.3.tar.gz", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "37822214880237ca51ff95de163cdbed", "mode": "0644", "msg": "OK (1781 bytes)", "owner": "root", "size": 1781, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151154.5006778-43693-24617927617182/tmp2_yac_wk", "state": "file", "status_code": 200, "uid": 0, "url": "https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.3.tar.gz"} TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] **** changed: [192.168.57.203] => {"changed": true, "dest": "/usr/share/filebeat/module", "extract_results": {"cmd": ["/usr/bin/tar", "--extract", "-C", "/usr/share/filebeat/module", "-z", "-f", "/tmp//wazuh-filebeat-0.3.tar.gz"], "err": "", "out": "", "rc": 0}, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0755", "owner": "root", "size": 4096, "src": "/tmp//wazuh-filebeat-0.3.tar.gz", "state": "directory", "uid": 0} TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] *** changed: [192.168.57.203] => {"changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "{'changed': False, 'stat': {'exists': False}, 'failed': False}", "size": 4096, "state": "directory", "uid": 0} TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] *** ok: [192.168.57.203] => {"changed": false, "stat": {"atime": 1700151155.7697241, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "binary", "checksum": "641859f28e6e7162ba9cafff5028ca31aca2feb0", "ctime": 1700151154.8612702, "dev": 64768, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 3706450, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "application/gzip", "mode": "0644", "mtime": 1700151154.8612702, "nlink": 1, "path": "/tmp//wazuh-filebeat-0.3.tar.gz", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 1781, "uid": 0, "version": "4212843266", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] *** changed: [192.168.57.203] => {"changed": true, "path": "/tmp//wazuh-filebeat-0.3.tar.gz", "state": "absent"} TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] ****** changed: [192.168.57.203] => {"changed": true, "checksum": "bdad832c11c9f09abee0469042500199046fe943", "dest": "/etc/filebeat/filebeat.yml", "gid": 0, "group": "root", "md5sum": "1204799c3a84586a13ac0e2676c356cc", "mode": "0400", "owner": "root", "size": 879, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151157.8694205-43782-99968769904028/source", "state": "file", "uid": 0} TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] *** changed: [192.168.57.203] => {"changed": true, "checksum_dest": null, "checksum_src": "b0e78eb5887dfcb9175b646ade0a333c647f591e", "dest": "/etc/filebeat/wazuh-template.json", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "f2f88b09e17eb01aa39947fbaf4d9fb3", "mode": "0400", "msg": "OK (62776 bytes)", "owner": "root", "size": 62776, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151158.5204637-43810-247729931658585/tmpsi9js4qc", "state": "file", "status_code": 200, "uid": 0, "url": "https://raw.githubusercontent.com/wazuh/wazuh/v4.6.0/extensions/elasticsearch/7.x/wazuh-template.json"} TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ********************* included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 192.168.57.203 TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] *** changed: [192.168.57.203] => {"changed": true, "gid": 0, "group": "root", "mode": "0764", "owner": "root", "path": "/etc/pki/filebeat", "size": 4096, "state": "directory", "uid": 0} TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] *** changed: [192.168.57.203] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "421ede37431634bddf876a2a6fa3b3eacb649dc5", "dest": "/etc/pki/filebeat/node-1-key.pem", "gid": 0, "group": "root", "item": "node-1-key.pem", "md5sum": "23b809b6077ec3273a2506c7af8c6cd9", "mode": "0620", "owner": "root", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151159.7962086-43844-29926612395999/source", "state": "file", "uid": 0} changed: [192.168.57.203] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "f8a90689a3da05f293208eea50f41452a1ccb2cc", "dest": "/etc/pki/filebeat/node-1.pem", "gid": 0, "group": "root", "item": "node-1.pem", "md5sum": "6336cf96973ee5a337fbc56f8e27267a", "mode": "0620", "owner": "root", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151160.6859863-43844-194701270923299/source", "state": "file", "uid": 0} changed: [192.168.57.203] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "9f035b726eb4d13e75f7dba9388f216641ce330a", "dest": "/etc/pki/filebeat/root-ca.pem", "gid": 0, "group": "root", "item": "root-ca.pem", "md5sum": "d6834d847ca9ebf28da2c2c78efd7d46", "mode": "0620", "owner": "root", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151161.55978-43844-70575160365893/source", "state": "file", "uid": 0} TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] *** changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "filebeat", "state": "started", "status": {"ActiveEnterTimestamp": "n/a", "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network-online.target basic.target system.slice systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestamp": "n/a", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestamp": "n/a", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Filebeat sends log files to Logstash or directly to Elasticsearch.", "DevicePolicy": "auto", "Documentation": "https://www.elastic.co/products/beats/filebeat", "DynamicUser": "no", "Environment": "BEAT_LOG_OPTS= \"BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml\" \"BEAT_PATH_OPTS=--path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat\"", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestamp": "n/a", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/filebeat.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "filebeat.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "n/a", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "filebeat.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "always", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "n/a", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "UtmpMode": "init", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ********************* skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == \"RedHat\"", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] ********************* included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 192.168.57.203 TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] *** ok: [192.168.57.203] => {"changed": false, "repo": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "sources_added": [], "sources_removed": ["/etc/apt/sources.list.d/packages_dev_wazuh_com_pre_release_apt.list"], "state": "absent"} TASK [../roles/wazuh/wazuh-dashboard : include_vars] *************************** ok: [192.168.57.203] => {"ansible_facts": {"packages_repository": "production"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo_vars.yml"], "changed": false} TASK [../roles/wazuh/wazuh-dashboard : include_vars] *************************** ok: [192.168.57.203] => {"ansible_facts": {"certs_gen_tool_url": "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh", "certs_gen_tool_version": 4.6, "filebeat_module_package_url": "https://packages-dev.wazuh.com/pre-release/filebeat", "wazuh_repo": {"apt": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "gpg": "https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH", "key_id": "0DCFCA5547B19D2A6099506096B3EE5F29111145", "yum": "https://packages-dev.wazuh.com/pre-release/yum/"}, "wazuh_winagent_config_url": "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_package_name": "wazuh-agent-{{ wazuh_agent_version }}-1.msi", "wazuh_winagent_sha512_url": "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/../../vars/repo.yml"], "changed": false} TASK [../roles/wazuh/wazuh-dashboard : include_vars] *************************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'pre-release'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-dashboard : include_vars] *************************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "packages_repository == 'staging'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard dependencies] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] **************** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} TASK [../roles/wazuh/wazuh-dashboard : include_vars] *************************** ok: [192.168.57.203] => {"ansible_facts": {"dashboard_version": "4.6.0"}, "ansible_included_var_files": ["/home/davidcr01/Wazuh/ansible/roles/wazuh/wazuh-dashboard/vars/debian.yml"], "changed": false} TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] ********* ok: [192.168.57.203] => {"before": ["96B3EE5F29111145", "417F3D5A664FAB32", "D94AA3F0EFE21092", "871920D1991BC93C"], "changed": false, "fp": "96B3EE5F29111145", "id": "96B3EE5F29111145", "key_id": "96B3EE5F29111145", "short_id": "29111145"} TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] *** changed: [192.168.57.203] => {"changed": true, "repo": "deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main", "sources_added": ["/etc/apt/sources.list.d/packages_dev_wazuh_com_pre_release_apt.list"], "sources_removed": [], "state": "present"} TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard dependencies] *** changed: [192.168.57.203] => {"cache_update_time": 1700151174, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n fontconfig-config libnspr4-dev\nThe following NEW packages will be installed:\n fontconfig-config fonts-liberation libfontconfig1 libnspr4-dev libnss3-dev\n0 upgraded, 5 newly installed, 0 to remove and 155 not upgraded.\nNeed to get 1442 kB of archives.\nAfter this operation, 5322 kB of additional disk space will be used.\nGet:1 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 fonts-liberation all 1:1.07.4-11 [822 kB]\nGet:2 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB]\nGet:3 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB]\nGet:4 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 libnspr4-dev amd64 2:4.32-3build1 [218 kB]\nGet:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 libnss3-dev amd64 2:3.68.2-0ubuntu1.2 [242 kB]\nFetched 1442 kB in 2s (773 kB/s)\nSelecting previously unselected package fonts-liberation.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 98641 files and directories currently installed.)\r\nPreparing to unpack .../fonts-liberation_1%3a1.07.4-11_all.deb ...\r\nUnpacking fonts-liberation (1:1.07.4-11) ...\r\nSelecting previously unselected package fontconfig-config.\r\nPreparing to unpack .../fontconfig-config_2.13.1-4.2ubuntu5_all.deb ...\r\nUnpacking fontconfig-config (2.13.1-4.2ubuntu5) ...\r\nSelecting previously unselected package libfontconfig1:amd64.\r\nPreparing to unpack .../libfontconfig1_2.13.1-4.2ubuntu5_amd64.deb ...\r\nUnpacking libfontconfig1:amd64 (2.13.1-4.2ubuntu5) ...\r\nSelecting previously unselected package libnspr4-dev.\r\nPreparing to unpack .../libnspr4-dev_2%3a4.32-3build1_amd64.deb ...\r\nUnpacking libnspr4-dev (2:4.32-3build1) ...\r\nSelecting previously unselected package libnss3-dev:amd64.\r\nPreparing to unpack .../libnss3-dev_2%3a3.68.2-0ubuntu1.2_amd64.deb ...\r\nUnpacking libnss3-dev:amd64 (2:3.68.2-0ubuntu1.2) ...\r\nSetting up libnspr4-dev (2:4.32-3build1) ...\r\nSetting up libnss3-dev:amd64 (2:3.68.2-0ubuntu1.2) ...\r\nSetting up fonts-liberation (1:1.07.4-11) ...\r\nSetting up fontconfig-config (2.13.1-4.2ubuntu5) ...\r\nSetting up libfontconfig1:amd64 (2.13.1-4.2ubuntu5) ...\r\nProcessing triggers for man-db (2.10.2-1) ...\r\nProcessing triggers for libc-bin (2.35-0ubuntu3.1) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " fontconfig-config libnspr4-dev", "The following NEW packages will be installed:", " fontconfig-config fonts-liberation libfontconfig1 libnspr4-dev libnss3-dev", "0 upgraded, 5 newly installed, 0 to remove and 155 not upgraded.", "Need to get 1442 kB of archives.", "After this operation, 5322 kB of additional disk space will be used.", "Get:1 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 fonts-liberation all 1:1.07.4-11 [822 kB]", "Get:2 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB]", "Get:3 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB]", "Get:4 https://mirrors.edge.kernel.org/ubuntu jammy/main amd64 libnspr4-dev amd64 2:4.32-3build1 [218 kB]", "Get:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 libnss3-dev amd64 2:3.68.2-0ubuntu1.2 [242 kB]", "Fetched 1442 kB in 2s (773 kB/s)", "Selecting previously unselected package fonts-liberation.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 98641 files and directories currently installed.)", "Preparing to unpack .../fonts-liberation_1%3a1.07.4-11_all.deb ...", "Unpacking fonts-liberation (1:1.07.4-11) ...", "Selecting previously unselected package fontconfig-config.", "Preparing to unpack .../fontconfig-config_2.13.1-4.2ubuntu5_all.deb ...", "Unpacking fontconfig-config (2.13.1-4.2ubuntu5) ...", "Selecting previously unselected package libfontconfig1:amd64.", "Preparing to unpack .../libfontconfig1_2.13.1-4.2ubuntu5_amd64.deb ...", "Unpacking libfontconfig1:amd64 (2.13.1-4.2ubuntu5) ...", "Selecting previously unselected package libnspr4-dev.", "Preparing to unpack .../libnspr4-dev_2%3a4.32-3build1_amd64.deb ...", "Unpacking libnspr4-dev (2:4.32-3build1) ...", "Selecting previously unselected package libnss3-dev:amd64.", "Preparing to unpack .../libnss3-dev_2%3a3.68.2-0ubuntu1.2_amd64.deb ...", "Unpacking libnss3-dev:amd64 (2:3.68.2-0ubuntu1.2) ...", "Setting up libnspr4-dev (2:4.32-3build1) ...", "Setting up libnss3-dev:amd64 (2:3.68.2-0ubuntu1.2) ...", "Setting up fonts-liberation (1:1.07.4-11) ...", "Setting up fontconfig-config (2.13.1-4.2ubuntu5) ...", "Setting up libfontconfig1:amd64 (2.13.1-4.2ubuntu5) ...", "Processing triggers for man-db (2.10.2-1) ...", "Processing triggers for libc-bin (2.35-0ubuntu3.1) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] **************** changed: [192.168.57.203] => {"cache_update_time": 1700151183, "cache_updated": true, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n wazuh-dashboard\n0 upgraded, 1 newly installed, 0 to remove and 155 not upgraded.\nNeed to get 179 MB of archives.\nAfter this operation, 965 MB of additional disk space will be used.\nGet:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.6.0-1 [179 MB]\nFetched 179 MB in 1min 1s (2915 kB/s)\nSelecting previously unselected package wazuh-dashboard.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 98938 files and directories currently installed.)\r\nPreparing to unpack .../wazuh-dashboard_4.6.0-1_amd64.deb ...\r\nCreating wazuh-dashboard group... OK\r\nCreating wazuh-dashboard user... OK\r\nUnpacking wazuh-dashboard (4.6.0-1) ...\r\nSetting up wazuh-dashboard (4.6.0-1) ...\r\nNEEDRESTART-VER: 3.5\nNEEDRESTART-KCUR: 5.15.0-69-generic\nNEEDRESTART-KEXP: 5.15.0-69-generic\nNEEDRESTART-KSTA: 1\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " wazuh-dashboard", "0 upgraded, 1 newly installed, 0 to remove and 155 not upgraded.", "Need to get 179 MB of archives.", "After this operation, 965 MB of additional disk space will be used.", "Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.6.0-1 [179 MB]", "Fetched 179 MB in 1min 1s (2915 kB/s)", "Selecting previously unselected package wazuh-dashboard.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 98938 files and directories currently installed.)", "Preparing to unpack .../wazuh-dashboard_4.6.0-1_amd64.deb ...", "Creating wazuh-dashboard group... OK", "Creating wazuh-dashboard user... OK", "Unpacking wazuh-dashboard (4.6.0-1) ...", "Setting up wazuh-dashboard (4.6.0-1) ...", "NEEDRESTART-VER: 3.5", "NEEDRESTART-KCUR: 5.15.0-69-generic", "NEEDRESTART-KEXP: 5.15.0-69-generic", "NEEDRESTART-KSTA: 1"]} TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] **** changed: [192.168.57.203] => {"changed": true, "path": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "state": "absent"} TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] *** changed: [192.168.57.203] => {"changed": true, "gid": 124, "group": "wazuh-dashboard", "mode": "0764", "owner": "wazuh-dashboard", "path": "/etc/wazuh-dashboard/certs/", "size": 4096, "state": "directory", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] *** changed: [192.168.57.203] => (item=root-ca.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "9f035b726eb4d13e75f7dba9388f216641ce330a", "dest": "/etc/wazuh-dashboard/certs/root-ca.pem", "gid": 124, "group": "wazuh-dashboard", "item": "root-ca.pem", "md5sum": "d6834d847ca9ebf28da2c2c78efd7d46", "mode": "0400", "owner": "wazuh-dashboard", "size": 1204, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151304.3455787-44118-110681617906278/source", "state": "file", "uid": 116} changed: [192.168.57.203] => (item=node-1-key.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "421ede37431634bddf876a2a6fa3b3eacb649dc5", "dest": "/etc/wazuh-dashboard/certs/node-1-key.pem", "gid": 124, "group": "wazuh-dashboard", "item": "node-1-key.pem", "md5sum": "23b809b6077ec3273a2506c7af8c6cd9", "mode": "0400", "owner": "wazuh-dashboard", "size": 1704, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151305.1837945-44118-70315422781883/source", "state": "file", "uid": 116} changed: [192.168.57.203] => (item=node-1.pem) => {"ansible_loop_var": "item", "changed": true, "checksum": "f8a90689a3da05f293208eea50f41452a1ccb2cc", "dest": "/etc/wazuh-dashboard/certs/node-1.pem", "gid": 124, "group": "wazuh-dashboard", "item": "node-1.pem", "md5sum": "6336cf96973ee5a337fbc56f8e27267a", "mode": "0400", "owner": "wazuh-dashboard", "size": 1277, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151305.773788-44118-164792862677864/source", "state": "file", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] **************** changed: [192.168.57.203] => {"changed": true, "checksum": "70baf0af4f303e0e67bb1d1cceb918703cf81448", "dest": "/etc/wazuh-dashboard//opensearch_dashboards.yml", "gid": 124, "group": "wazuh-dashboard", "md5sum": "3f006cc884a63733db39a836fda6ea2f", "mode": "0640", "owner": "wazuh-dashboard", "size": 586, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151306.3948228-44196-167275650779619/source", "state": "file", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] *** ok: [192.168.57.203] => {"changed": false, "gid": 124, "group": "wazuh-dashboard", "mode": "0750", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard", "size": 4096, "state": "directory", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] ************ ok: [192.168.57.203] => {"changed": false, "elapsed": 0, "match_groupdict": {}, "match_groups": [], "path": null, "port": 9200, "search_regex": null, "state": "started"} TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] ************ ok: [192.168.57.203] => {"ansible_facts": {"indexer_api_protocol": "https"}, "changed": false} TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] *** ok: [192.168.57.203] => {"changed": false, "content_length": "365", "content_type": "application/json; charset=UTF-8", "elapsed": 0, "json": {"error": {"index": ".wazuh", "index_uuid": "_na_", "reason": "no such index [.wazuh]", "resource.id": ".wazuh", "resource.type": "index_or_alias", "root_cause": [{"index": ".wazuh", "index_uuid": "_na_", "reason": "no such index [.wazuh]", "resource.id": ".wazuh", "resource.type": "index_or_alias", "type": "index_not_found_exception"}], "type": "index_not_found_exception"}, "status": 404}, "msg": "HTTP Error 404: Not Found", "redirected": false, "status": 404, "url": "https://192.168.57.203:9200/.wazuh"} TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] *** ok: [192.168.57.203] => {"changed": false, "gid": 124, "group": "wazuh-dashboard", "mode": "0751", "owner": "wazuh-dashboard", "path": "/usr/share/wazuh-dashboard/data/wazuh/config/", "size": 4096, "state": "directory", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ******* ok: [192.168.57.203] => {"changed": false, "checksum": "a46a9ffc45c1fe928c5fa3fd01c07d2b21db54dd", "dest": "/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml", "gid": 124, "group": "wazuh-dashboard", "md5sum": "517e5743655a814cc32e5f5a2f50fe9c", "mode": "0751", "owner": "wazuh-dashboard", "size": 4319, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1700151315.7541225-44292-130573352013285/source", "state": "file", "uid": 116} TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] *** changed: [192.168.57.203] => {"changed": true, "cmd": "echo 'changeme' | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password", "delta": "0:00:00.531240", "end": "2023-11-16 16:15:16.356200", "msg": "", "rc": 0, "start": "2023-11-16 16:15:15.824960", "stderr": "", "stderr_lines": [], "stdout": "v16.20.0", "stdout_lines": ["v16.20.0"]} TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] *** changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "wazuh-dashboard", "state": "started", "status": {"ActiveEnterTimestamp": "n/a", "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "-.mount basic.target sysinit.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestamp": "n/a", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestamp": "n/a", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "wazuh-dashboard", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/wazuh-dashboard (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestamp": "n/a", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/etc/systemd/system/wazuh-dashboard.service", "FreezerState": "running", "GID": "[not set]", "Group": "wazuh-dashboard", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-dashboard.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "n/a", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-dashboard.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice -.mount", "RequiresMountsFor": "/usr/share/wazuh-dashboard", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "n/a", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "User": "wazuh-dashboard", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity", "WorkingDirectory": "/usr/share/wazuh-dashboard"}} TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] *** skipping: [192.168.57.203] => {"changed": false, "false_condition": "ansible_os_family == 'RedHat'", "skip_reason": "Conditional result was False"} RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] ********* changed: [192.168.57.203] => {"changed": true, "name": "wazuh-indexer", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2023-11-16 16:09:31 UTC", "ActiveEnterTimestampMonotonic": "370674127", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket -.mount systemd-tmpfiles-setup.service system.slice tmp.mount basic.target network-online.target sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2023-11-16 16:09:14 UTC", "AssertTimestampMonotonic": "354085670", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "59718773000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanClean": "runtime", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2023-11-16 16:09:14 UTC", "ConditionTimestampMonotonic": "354085668", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-indexer.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Wazuh-indexer", "DevicePolicy": "auto", "Documentation": "https://documentation.wazuh.com", "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "Environment": "OPENSEARCH_HOME=/usr/share/wazuh-indexer OPENSEARCH_PATH_CONF=/etc/wazuh-indexer PID_DIR=/run/wazuh-indexer OPENSEARCH_SD_NOTIFY=true", "EnvironmentFiles": "/etc/sysconfig/wazuh-indexer (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "3870", "ExecMainStartTimestamp": "Thu 2023-11-16 16:09:14 UTC", "ExecMainStartTimestampMonotonic": "354100721", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/wazuh-indexer/bin/systemd-entrypoint ; argv[]=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/wazuh-indexer.service", "FreezerState": "running", "GID": "122", "Group": "wazuh-indexer", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-indexer.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2023-11-16 16:09:15 UTC", "InactiveExitTimestampMonotonic": "354101481", "InvocationID": "3c3870b8282b4d3e85e2fc159e46af2e", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "65535", "LimitNOFILESoft": "65535", "LimitNPROC": "4096", "LimitNPROCSoft": "4096", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "3870", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "1417973760", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-indexer.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice -.mount", "RequiresMountsFor": "/usr/share/wazuh-indexer /var/tmp /run/wazuh-indexer", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectory": "wazuh-indexer", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2023-11-16 16:09:31 UTC", "StateChangeTimestampMonotonic": "370674127", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SuccessExitStatus": "143", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "55", "TasksMax": "4572", "TimeoutAbortUSec": "infinity", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "infinity", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UID": "114", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "User": "wazuh-indexer", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "tmp.mount network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-indexer"}} RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *** changed: [192.168.57.203] => {"changed": true, "enabled": true, "name": "wazuh-manager", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2023-11-16 16:12:07 UTC", "ActiveEnterTimestampMonotonic": "526158903", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network-online.target sysinit.target basic.target system.slice network.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2023-11-16 16:11:44 UTC", "AssertTimestampMonotonic": "503713889", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "48944988000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2023-11-16 16:11:44 UTC", "ConditionTimestampMonotonic": "503713888", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-manager.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Wazuh manager", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestamp": "n/a", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control reload ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control start ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStopEx": "{ path=/usr/bin/env ; argv[]=/usr/bin/env /var/ossec/bin/wazuh-control stop ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/wazuh-manager.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-manager.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2023-11-16 16:11:44 UTC", "InactiveExitTimestampMonotonic": "503721037", "InvocationID": "e90e45d285304c8d82230e1f48409c6f", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "65536", "LimitNOFILESoft": "65536", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "294469632", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-manager.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "yes", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2023-11-16 16:12:07 UTC", "StateChangeTimestampMonotonic": "526158903", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "120", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] ******* changed: [192.168.57.203] => {"changed": true, "name": "filebeat", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2023-11-16 16:12:43 UTC", "ActiveEnterTimestampMonotonic": "562388575", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network-online.target sysinit.target basic.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2023-11-16 16:12:43 UTC", "AssertTimestampMonotonic": "562365958", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "173442000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2023-11-16 16:12:43 UTC", "ConditionTimestampMonotonic": "562365956", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/filebeat.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Filebeat sends log files to Logstash or directly to Elasticsearch.", "DevicePolicy": "auto", "Documentation": "https://www.elastic.co/products/beats/filebeat", "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "Environment": "BEAT_LOG_OPTS= \"BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml\" \"BEAT_PATH_OPTS=--path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat\"", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "51130", "ExecMainStartTimestamp": "Thu 2023-11-16 16:12:43 UTC", "ExecMainStartTimestampMonotonic": "562388001", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/filebeat/bin/filebeat ; argv[]=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/lib/systemd/system/filebeat.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "filebeat.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2023-11-16 16:12:43 UTC", "InactiveExitTimestampMonotonic": "562388575", "InvocationID": "fe0b74c0c7314860a0bf7493914a90f1", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "51130", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "10616832", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "filebeat.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "always", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2023-11-16 16:12:43 UTC", "StateChangeTimestampMonotonic": "562388575", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "8", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-online.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] ***** changed: [192.168.57.203] => {"changed": true, "name": "wazuh-dashboard", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2023-11-16 16:15:17 UTC", "ActiveEnterTimestampMonotonic": "716580756", "ActiveExitTimestamp": "n/a", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target system.slice -.mount systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2023-11-16 16:15:17 UTC", "AssertTimestampMonotonic": "716566113", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "8091211000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2023-11-16 16:15:17 UTC", "ConditionTimestampMonotonic": "716566112", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/wazuh-dashboard.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "wazuh-dashboard", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "EnvironmentFiles": "/etc/sysconfig/wazuh-dashboard (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestamp": "n/a", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "53617", "ExecMainStartTimestamp": "Thu 2023-11-16 16:15:17 UTC", "ExecMainStartTimestampMonotonic": "716580281", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; ignore_errors=no ; start_time=[Thu 2023-11-16 16:15:17 UTC] ; stop_time=[n/a] ; pid=53617 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/share/wazuh-dashboard/bin/opensearch-dashboards ; argv[]=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml ; flags= ; start_time=[Thu 2023-11-16 16:15:17 UTC] ; stop_time=[n/a] ; pid=53617 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/etc/systemd/system/wazuh-dashboard.service", "FreezerState": "running", "GID": "124", "Group": "wazuh-dashboard", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "wazuh-dashboard.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "n/a", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2023-11-16 16:15:17 UTC", "InactiveExitTimestampMonotonic": "716580756", "InvocationID": "7dae743fd27d48a6ac93a881f5da884d", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15240", "LimitNPROCSoft": "15240", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15240", "LimitSIGPENDINGSoft": "15240", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "53617", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "198922240", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "wazuh-dashboard.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice -.mount", "RequiresMountsFor": "/usr/share/wazuh-dashboard", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2023-11-16 16:15:17 UTC", "StateChangeTimestampMonotonic": "716580756", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "11", "TasksMax": "4572", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "116", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "User": "wazuh-dashboard", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestamp": "n/a", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0", "WorkingDirectory": "/usr/share/wazuh-dashboard"}} PLAY RECAP ********************************************************************* 192.168.57.203 : ok=99 changed=53 unreachable=0 failed=0 skipped=57 rescued=0 ignored=0 localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=31 rescued=0 ignored=0 ```

:green_circle: Validation of Filebeat module

```console root@ubuntu22:/home/vagrant# cat /usr/share/filebeat/module/wazuh/alerts/ingest/pipeline.json { "description": "Wazuh alerts pipeline", "processors": [ { "json" : { "field" : "message", "add_to_root": true } }, { "set": { "field": "data.aws.region", "value": "{{data.aws.awsRegion}}", "override": false, "ignore_failure": true } }, { "set": { "field": "data.aws.accountId", "value": "{{data.aws.aws_account_id}}", "override": false, "ignore_failure": true } }, { "geoip": { "field": "data.srcip", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.win.eventdata.ipAddress", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.sourceIPAddress", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.client_ip", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.service.action.networkConnectionAction.remoteIpDetails.ipAddressV4", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.gcp.jsonPayload.sourceIP", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.office365.ClientIP", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "date": { "field": "timestamp", "target_field": "@timestamp", "formats": ["ISO8601"], "ignore_failure": false } }, { "date_index_name": { "field": "timestamp", "date_rounding": "d", "index_name_prefix": "{{fields.index_prefix}}", "index_name_format": "yyyy.MM.dd", "ignore_failure": false } }, { "remove": { "field": "message", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "ecs", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "beat", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "input_type", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "tags", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "count", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "@version", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "log", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "offset", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "type", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "host", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "fields", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "event", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "fileset", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "service", "ignore_missing": true, "ignore_failure": true } } ], "on_failure" : [{ "drop" : { } }] } ```

The demo environment has been deployed successfully: https://ci.wazuh.info/job/Procedure_deploy_demo/258/console

:green_circle: Validation of Filebeat module

```console [wazuh-user@wazuh-manager-master-0 ~]$ cat /usr/share/filebeat/module/wazuh/alerts/ingest/pipeline.json { "description": "Wazuh alerts pipeline", "processors": [ { "json" : { "field" : "message", "add_to_root": true } }, { "set": { "field": "data.aws.region", "value": "{{data.aws.awsRegion}}", "override": false, "ignore_failure": true } }, { "set": { "field": "data.aws.accountId", "value": "{{data.aws.aws_account_id}}", "override": false, "ignore_failure": true } }, { "geoip": { "field": "data.srcip", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.win.eventdata.ipAddress", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.sourceIPAddress", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.client_ip", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.aws.service.action.networkConnectionAction.remoteIpDetails.ipAddressV4", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.gcp.jsonPayload.sourceIP", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "geoip": { "field": "data.office365.ClientIP", "target_field": "GeoLocation", "properties": ["city_name", "country_name", "region_name", "location"], "ignore_missing": true, "ignore_failure": true } }, { "date": { "field": "timestamp", "target_field": "@timestamp", "formats": ["ISO8601"], "ignore_failure": false } }, { "date_index_name": { "field": "timestamp", "date_rounding": "d", "index_name_prefix": "{{fields.index_prefix}}", "index_name_format": "yyyy.MM.dd", "ignore_failure": false } }, { "remove": { "field": "message", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "ecs", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "beat", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "input_type", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "tags", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "count", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "@version", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "log", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "offset", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "type", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "host", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "fields", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "event", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "fileset", "ignore_missing": true, "ignore_failure": true } }, { "remove": { "field": "service", "ignore_missing": true, "ignore_failure": true } } ], "on_failure" : [{ "drop" : { } }] } ```

wazuh / wazuh-ansible

Update Filebeat module download URL #1130

Update Report

Workaround

Testing

Update Report

Testing