Closed JoshBuch closed 4 years ago
Hi @JoshBuch ,
Could you please specify the Wazuh version and the version of your Elasticsearch? We need some more information to give you further assistance, so please enable the debug log level in both Wazuh API and Wazuh UI for Kibana, I'll explain to you how to do that:
Enable Debug mode in Wazuh UI:
/usr/share/kibana/plugins/wazuh/wazuh.yml
) and replace this line:
#logs.level: info
with:
logs.level: debug
info
back again)Enable Debug mode in Wazuh API:
Edit config.js file. (/var/ossec/api/configuration/config.js
) and replace this line:
config.logs = "info";
with
config.logs = "debug";
Now restart Wazuh manager and Wazuh API:
systemctl restart wazuh-manager
systemctl restart wazuh-api
We now have enabled the debug mode in both Wazuh UI and Wazuh API, so let's now try accessing the Wazuh UI and go the GDPR section, then check the logs.
Wazuh UI logs:
tail -n 50 /usr/share/kibana/optimize/wazuh-logs/wazuhapp.log
Wazuh API logs:
tail -n 50 /var/ossec/logs/api.log
Please paste the output in a file and attach it to your reply, so we can give you further assistance.
Best Regards, Pablo Torres
The wazuh version I'm using is 3.11.1 and the version of elasticsearch being used in 7.5.0 Wazuh_UI_Logs.txt Wazuh_API.txt
Hi @JoshBuch ,
Thanks for your reply. I can't see any error log in that last Wazuh_API
file, let's get some more logs.
Please now, access to the GDPR dashboard, and once you get the "Server did not respond /api/gdpr/all"
send me again the result of this command in a new file attached to your reply.
tail -n 500 /var/ossec/logs/api.log
Sorry for any inconvenience
Best Regards, Pablo Torres
Hi @pablotr9 I tried the above mentioned steps, but there is no mention of gdpr in the api.log file.
Hi @JoshBuch ,
Ok, let's do so more checks to find out why are you getting that error.
Please run this request and paste the output to your reply:
curl -u user:password http://WAZUH-IP:55000/rules/gdpr
Let's also check the endpoint that fails /api/gdpr/all
:
curl KIBANA-IP:5601/api/gdpr/all
Regards, Pablo Torres
Hi @pablotr9 sorry for the late reply. The output of the first command is: {"error":0,"data":{"items":["II_5.1.f","IV_30.1.g","IV_32.2","IV_35.7.d"],"totalItems":4}} and that of the second command is: {"II_5.1.f":"Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, verifying its modifications, accesses, locations and guarantee the safety of them.File sharing protection and file sharing technologies that meet the requirements of data protection.","III_14.2.c":" Restrict the processing of personal data temporarily.","III_17":" Permanently erase personal information of a subject.","IV_24.2":"Be able to demonstrate compliance with the GDPR by complying with data protection policies.","IV_28":" Ensure data protection during processing, through technical and organizational measures.","IV_30.1.g":"It is necessary to keep all processing activities documented, to carry out an inventory of data from beginning to end and an audit, in order to know all the places where personal and sensitive data are located, processed, stored or transmitted.","IV_32.1.c":"Data Loss Prevention (DLP) capabilities to examine data flows and identify personal data that is not subject to adequate safeguards or authorizations. DLP tools can block or quarantine such data flows. Classify current data appropriately to determine specific categories of data that will be subject to the GDPR.","IV_32.2":"Account management tools that closely monitor actions taken by standard administrators and users who use standard or privileged account credentials are required to control access to data. ","IV_33":" Notify the supervisory authority of a violation of the data in 72 hours and in certain cases, the injured parties.","IV_35.1":"Perform a data protection impact evaluation for high risk processes. Implement appropriate technical measures to safeguard the rights and freedoms of data subjects, informed by an assessment of the risks to these rights and freedoms.","IV_35.7.d":"Capabilities for identification, blocking and forensic investigation of data breaches by malicious actors, through compromised credentials, unauthorized network access, persistent threats and verification of the correct operation of all components.Network perimeter and endpoint security tools to prevent unauthorized access to the network, prevent the entry of unwanted data types and malicious threats. Anti-malware and anti-ransomware to prevent malware and ransomware threats from entering your devices.A behavioral analysis that uses machine intelligence to identify people who do anomalous things on the network, in order to give early visibility and alert employees who start to become corrupt."}
Regards, Josh
Hi @JoshBuch ,
Both requests look OK. It doesn't seem that there's something wrong with GDPR as both API requests are showing the right output. The error might be in another component, we will need some more information.
Server did not respond ..
doesn't give us much information, it can be caused by multiple reasons. console
tab in the browser DevTools and check if you have any error in there as shown in my example screenshot (if so, please attach it to your reply)
Network
tab. Click on the Network tab and then navigate again to the GDPR dashboard (please make sure that you get the error, otherwise it won't give us any information). You will see in that tab tons of requests, if any of these requests fail it will be highlighted in red. If you see any of the requests failing, please click on it and check the response
subtab to get more information. Check this example screenshot:
cat /var/ossec/logs/api.log | grep -i error
Thank you. I look forward to hearing from you.
Kind Regards, Pablo Torres
Hi @pablotr9 , regarding the above steps:
I get the error everytime when I access the GDPR dashboard, however for the other compliance dashboards (HIPAA, PCI DSS, NIST), the data loads up normally.
As for the above mentioned second step, there is no output in the console tab in devtools.
I am attaching a screenshot for this step for your reference.
I am also attaching the log file for your reference. Wazuh_API.txt
Regards, Josh
Hi @JoshBuch ,
Thanks again for your reply, indeed that's a really weird behavior, everything seems to be working correctly, there are no error logs neither in the browser nor in Wazuh API.
You are using Wazuh 3.11.1 with Elasticsearch and Kibana 7.5.0? We don't have any package of Wazuh 3.11.1 compatible with Kibana 7.5.0, here you can find a list of version compatibility of Wazuh UI with Kibana (for Wazuh 3.11.1 you should use Kibana 7.5.1). So what we will do now is reinstalling the Wazuh UI for Kibana to check if that is the cause of this problem.
systemctl stop kibana
/usr/share/kibana/bin/kibana-plugin remove wazuh
rm -rf /usr/share/kibana/optimize/bundles
chown -R kibana:kibana /usr/share/kibana/optimize
chown -R kibana:kibana /usr/share/kibana/plugins
sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.11.2_7.5.2.zip
(notice that this command will install Wazuh plugin v3.11.2-7.5.2, change it if you are using a different version, you can find the full list of packages here)Please let me know if you have any trouble reinstalling the Wazuh UI,
Best Regards, Pablo Torres
Hi @pablotr9 , sorry actually I made a mistake in giving you the elasticsearch version. The elasticsearch and kibana version I am using is 7.5.1
Ok, could you try reinstalling the Wazuh UI as explained in step 3? maybe some files were corrupted during the installation. As I said I highly recommend you upgrading to the latest version as some important bugs were fixed in that version, it won't really take you too long to upgrade it.
Okay cool, I will try that in some time. Thank you for your quick and constant reponses.
Regards, Josh
Hi @JoshBuch
I'm closing this issue for inactivity. If you keep having this problem or have any other or any doubt, please do not hesitate to open a new issue.
Regards,
I've experienced this issue while using the Wazuh OVA - https://packages.wazuh.com/vm/wazuh3.11.4_7.6.0.ova
Steps to reproduce:
PCI DSS, HIPAA and NIST 800-53 are working.
Hi @katherinelim !
Could you please enable the debug log level in your Wazuh API? so we can get more information about what is happening You can enable the Debug mode in Wazuh API:
/var/ossec/api/configuration/config.js
) and replace this line:
config.logs = "info";
with
config.logs = "debug";
Now restart Wazuh manager and Wazuh API:
systemctl restart wazuh-manager
systemctl restart wazuh-api
Now try to access any of the PCI DSS/HIPAA/NIST 800-53/GDPR Dashboards and then please attach the output of the Wazuh API logs to your reply,
tail -n 200 /var/ossec/logs/api.log
EDIT Meanwhile, I will install the OVA package you sent me to check that everything is ok in it, thanks for reporting it.
I just installed the OVA package you shared with us and followed the steps to reproduce it, (run OVA, install agents on other hosts, open GDPR...) and everything is working fine.
Apart from the Wazuh API logs, could you please give us some more information about the agents you installed (version) and the operating system they were installed on? Thanks!
Best Regards,
Hi @pablotr9
Attached is the API log after reloading the Wazuh screen in the browser and then clicking GDPR and seeing "Server did not respond (/api/gdpr/all)"
The agents installed are version v3.11.4 and the Ubuntu OS version is 18.04.4 LTS.
I also used tail -f /var/ossec/logs/api.log
while at debug log level and clicking on GDPR did not produce any logs.
Hi @pablotr9
I managed to solve the issue.
While moving the mouse pointer over the GDPR dashboard area, I noticed there was some host output.
There was a browser plugin that might affect the drawing of the page. I switched off uBlock Origin (adblock plugin) and the GDPR dashboard displayed successfully.
You can close this issue. Thank you for the help!
Hi @katherinelim!
Glad to see it's successfully working! good to know that some browser plugins can cause some errors displaying Regulatory Compliance
dashboards thanks for the info!
If you have any other question, please feel free to open a new issue or you can also join our Slack channel or our Google mailing list here
Kind Regards,
Dear team, recently I had setup the Wazuh SIEM system. The system is up and running and working fine but there is one problem. In the regulatory compliance section all the APIs PCI-DSS, HIPAA, NIST are working except the GDPR one. When clicked on, it shows "Server did not respond /api/gdpr/all" or sometimes it does not display anything and just shows "fetching data". Please help regarding the above issue.