search

wazuh / wazuh-dashboard-plugins

Plugins for Wazuh Dashboard
https://wazuh.com/
GNU General Public License v2.0
427 stars 176 forks source link

ERROR3099 - After reboot of the server #6810

Closed benni347 closed 2 months ago

benni347 commented 2 months ago
Wazuh Rev Browser
4.8.0 1 Firefox

Description I updated one of my servers where the wazuh dashboard, wazuh indexer, wazuh manager ran. after rebooting it since it included a kernel update I could no longer access wazuh.

Expected Result

  1. I could still connect to the wazuh dashboard without a problem.

Actual Result

  1. I get the ERROR3099.

Additional context /var/log/wazuh-indexer/wazuh-cluster.log:

[2024-07-03T10:03:12,658][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms15824m, -Xmx15824m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-5556094357872037470, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=8296333312, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-07-03T10:03:14,485][WARN ][o.o.s.OpenSearchSecurityPlugin] [node-1] File /etc/wazuh-indexer/opensearch-security/roles.yml has insecure file permissions (should be 0600)
[2024-07-03T10:03:14,486][WARN ][o.o.s.OpenSearchSecurityPlugin] [node-1] File /etc/wazuh-indexer/opensearch-security/roles_mapping.yml has insecure file permissions (should be 0600)
[2024-07-03T10:03:14,486][WARN ][o.o.s.OpenSearchSecurityPlugin] [node-1] File /etc/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-07-03T10:03:18,932][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-07-03T10:03:18,973][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-07-03T10:03:18,974][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-07-03T10:03:20,067][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-07-03T10:03:20,425][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,482][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,483][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,487][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,488][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,488][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,489][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,489][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,489][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,489][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,490][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,490][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,490][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,490][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,490][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,491][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,491][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,491][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,492][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,492][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,493][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,493][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,493][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:20,494][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-07-03T10:03:21,247][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-07-03T10:03:22,464][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-07-03T10:03:22,733][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/XxPay9qERr6ww1DiCLvYMw] already exists
[2024-07-03T10:03:22,738][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2024-07-03T10:03:23,082][ERROR][o.o.b.Bootstrap          ] [node-1] Exception
[2024-07-03T10:03:23,090][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
    at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-2.10.0.jar:2.10.0]
[2024-07-03T10:03:23,462][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-07-03T10:03:23,487][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-07-03T10:03:23,491][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-07-03T10:03:23,496][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)

systemctl status wazuh-indexer.service wazuh-dashboard.service wazuh-manager.service

M-bM-^WM-^O wazuh-indexer.service - Wazuh-indexer$
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; preset: enabled)$
     Active: active (running) since Wed 2024-07-03 10:03:22 CEST; 16min ago$
       Docs: https://documentation.wazuh.com$
   Main PID: 68403 (java)$
      Tasks: 133 (limit: 37896)$
     Memory: 16.5G$
        CPU: 2min 4.736s$
     CGroup: /system.slice/wazuh-indexer.service$
             M-bM-^TM-^TM-bM-^TM-^@68403 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms15824m -Xmx15824m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-5556094357872037470 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/wazuh-indexer -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log "-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m" -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy -XX:MaxDirectMemorySize=8296333312 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp "/usr/share/wazuh-indexer/lib/*" org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet$
$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]:         at java.base/java.lang.Thread.run(Thread.java:833)$
Jul 03 10:03:23 nuc systemd-entrypoint[68403]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log$
$
M-bM-^WM-^O wazuh-dashboard.service - wazuh-dashboard$
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: enabled)$
     Active: active (running) since Wed 2024-07-03 09:54:07 CEST; 25min ago$
   Main PID: 41929 (node)$
      Tasks: 11 (limit: 37896)$
     Memory: 191.0M$
        CPU: 16.050s$
     CGroup: /system.slice/wazuh-dashboard.service$
             M-bM-^TM-^TM-bM-^TM-^@41929 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist$
$
Jul 03 10:15:18 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:15:18Z","tags":[],"pid":41929,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}$
Jul 03 10:15:18 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:15:18Z","tags":[],"pid":41929,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /app/login 200 16ms - 9.0B"}$
Jul 03 10:16:18 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:16:18Z","tags":[],"pid":41929,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}$
Jul 03 10:16:18 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:16:18Z","tags":[],"pid":41929,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":200,"responseTime":14,"contentLength":9},"message":"GET /app/login 200 14ms - 9.0B"}$
Jul 03 10:17:18 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:17:18Z","tags":[],"pid":41929,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}$
Jul 03 10:17:19 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:17:19Z","tags":[],"pid":41929,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /app/login 200 13ms - 9.0B"}$
Jul 03 10:18:19 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:18:19Z","tags":[],"pid":41929,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}$
Jul 03 10:18:19 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:18:19Z","tags":[],"pid":41929,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /app/login 200 15ms - 9.0B"}$
Jul 03 10:19:19 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:19:19Z","tags":[],"pid":41929,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}$
Jul 03 10:19:19 nuc opensearch-dashboards[41929]: {"type":"response","@timestamp":"2024-07-03T08:19:19Z","tags":[],"pid":41929,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"wazuh.foobar.vip","user-agent":"Uptime-Kuma/1.23.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","x-forwarded-for":"161.97.172.126","x-forwarded-host":"wazuh.foobar.vip","x-forwarded-proto":"https","accept-encoding":"gzip"},"remoteAddress":"192.168.112.2","userAgent":"Uptime-Kuma/1.23.11"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /app/login 200 18ms - 9.0B"}$
$
M-bM-^WM-^O wazuh-manager.service - Wazuh manager$
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; preset: enabled)$
     Active: active (running) since Wed 2024-07-03 09:56:20 CEST; 23min ago$
    Process: 47562 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)$
      Tasks: 204 (limit: 37896)$
     Memory: 1.3G$
        CPU: 6min 43.910s$
     CGroup: /system.slice/wazuh-manager.service$
             M-bM-^TM-^\M-bM-^TM-^@47679 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py$
             M-bM-^TM-^\M-bM-^TM-^@47680 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py$
             M-bM-^TM-^\M-bM-^TM-^@47689 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py$
             M-bM-^TM-^\M-bM-^TM-^@47695 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py$
             M-bM-^TM-^\M-bM-^TM-^@47781 /var/ossec/bin/wazuh-authd$
             M-bM-^TM-^\M-bM-^TM-^@47837 /var/ossec/bin/wazuh-db$
             M-bM-^TM-^\M-bM-^TM-^@47894 /var/ossec/bin/wazuh-execd$
             M-bM-^TM-^\M-bM-^TM-^@47905 /var/ossec/bin/wazuh-analysisd$
             M-bM-^TM-^\M-bM-^TM-^@47914 /var/ossec/bin/wazuh-syscheckd$
             M-bM-^TM-^\M-bM-^TM-^@47966 /var/ossec/bin/wazuh-remoted$
             M-bM-^TM-^\M-bM-^TM-^@48007 /var/ossec/bin/wazuh-logcollector$
             M-bM-^TM-^\M-bM-^TM-^@48066 /var/ossec/bin/wazuh-monitord$
             M-bM-^TM-^\M-bM-^TM-^@48075 /var/ossec/bin/wazuh-modulesd$
             M-bM-^TM-^\M-bM-^TM-^@48087 /bin/sh wodles/docker/DockerListener$
             M-bM-^TM-^TM-bM-^TM-^@48101 /var/ossec/framework/python/bin/python3 /var/ossec/wodles/docker/DockerListener.py$
$
Jul 03 09:56:14 nuc env[47562]: Started wazuh-analysisd...$
Jul 03 09:56:15 nuc env[47562]: Started wazuh-syscheckd...$
Jul 03 09:56:16 nuc env[47562]: Started wazuh-remoted...$
Jul 03 09:56:17 nuc env[47562]: Started wazuh-logcollector...$
Jul 03 09:56:17 nuc env[47562]: Started wazuh-monitord...$
Jul 03 09:56:17 nuc env[48073]: 2024/07/03 09:56:17 wazuh-modulesd:router: INFO: Loaded router module.$
Jul 03 09:56:17 nuc env[48073]: 2024/07/03 09:56:17 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.$
Jul 03 09:56:18 nuc env[47562]: Started wazuh-modulesd...$
Jul 03 09:56:20 nuc env[47562]: Completed.$
Jul 03 09:56:20 nuc systemd[1]: Started wazuh-manager.service - Wazuh manager.$

Check Wazuh API connection

INFO: No current API selected
INFO: Getting API hosts...
INFO: API hosts found: 1
INFO: Checking API host id [default]...
INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Wazuh not ready yet
INFO: Removed [navigate] cookie
ERROR: No API available to connect

Check alerts index pattern

INFO: Index pattern id in cookie: yes [wazuh-alerts-*]
INFO: Getting list of valid index patterns...
INFO: Valid index patterns found: 1
INFO: Found default index pattern with title [wazuh-alerts-*]: yes
INFO: Checking the app default pattern exists: id [wazuh-alerts-*]...
INFO: Default pattern with id [wazuh-alerts-*] exists: yes
ACTION: Default pattern id [wazuh-alerts-*] set as default index pattern
INFO: Checking the index pattern id [wazuh-alerts-*] exists...
INFO: Index pattern id exists [wazuh-alerts-*]: yes
INFO: Index pattern id in cookie: yes [wazuh-alerts-*]
INFO: Checking if the index pattern id [wazuh-alerts-*] exists...
INFO: Index pattern id [wazuh-alerts-*] found: yes title [wazuh-alerts-*]
INFO: Checking if exists a template compatible with the index pattern title [wazuh-alerts-*]
INFO: Template found for the selected index-pattern title [wazuh-alerts-*]: yes
INFO: Index pattern id in cookie: [wazuh-alerts-*]
INFO: Getting index pattern data [wazuh-alerts-*]...
INFO: Index pattern data found: [yes]
INFO: Refreshing index pattern fields: title [wazuh-alerts-*], id [wazuh-alerts-*]...
ACTION: Refreshed index pattern fields: title [wazuh-alerts-*], id [wazuh-alerts-*]
INFO: Getting settings...
INFO: Check Wazuh dashboard setting [timeline:max_buckets]: 200000
INFO: App setting [timeline:max_buckets]: 200000
INFO: Settings mismatch [timeline:max_buckets]: no
INFO: Getting settings...
INFO: Check Wazuh dashboard setting [metaFields]: ["_source","_index"]
INFO: App setting [metaFields]: ["_source","_index"]
INFO: Settings mismatch [metaFields]: no
INFO: Getting settings...
INFO: Check Wazuh dashboard setting [timepicker:timeDefaults]: {"from":"now-24h","to":"now"}
INFO: App setting [timepicker:timeDefaults]: "{\"from\":\"now-24h\",\"to\":\"now\"}"
INFO: Settings mismatch [timepicker:timeDefaults]: no

curl -k -X GET "https://<api_url>:55000/" -H "Authorization: Bearer $(curl -u <api_user>:<api_password> -k -X POST 'https://<api_url>:55000/security/user/authenticate?raw=true')"

{"data": {"title": "Wazuh API REST", "api_version": "4.8.0", "revision": 40812, "license_name": "GPL 2.0", "license_url": "https://github.com/wazuh/wazuh/blob/v4.8.0/LICENSE", "hostname": "nuc", "timestamp": "2024-07-03T08:42:04Z"}, "error": 0}
benni347 commented 2 months ago

The host somehow changed in /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml