Fix `4.8.0-beta4` AL2023 vulnerabilities

[teddytpc1]

Description

Some vulnerabilities related to the AL 2023 base image used for the 4.8.0-beta4 Docker images were found. Here is the list:	Vulnerability	Package
ALAS-2024-558	curl-minimal
ALAS-2024-558	libcurl-minimal
ALAS-2024-554	ncurses-base
ALAS-2024-554	ncurses-libs

We need to fix those vulnerabilities.

Solution

After a vulnerability scan of the latest AL 2023 Docker image, it was found that the image is clean

grype amazonlinux:2023.3.20240304.0 -o table
 ✔ Vulnerability DB                [no update available]  
 ✔ Pulled image                    
 ✔ Loaded image                                                                                                                                                                     amazonlinux:2023.3.20240304.0
 ✔ Parsed image                                                                                                                           sha256:d54cb79e59a5ee295645ab52de716a0f0948d6a21ff061a332913443a4cfe414
 ✔ Cataloged contents                                                                                                                            9de4745a7c79f081fa8919b8a816d06b2b48c237b161050470adbdc7ed3a79f1
   ├── ✔ Packages                        [108 packages]  
   ├── ✔ File digests                    [5,059 files]  
   ├── ✔ File metadata                   [5,059 locations]  
   └── ✔ Executables                     [273 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found
A newer version of grype is available for download: 0.74.7 (installed version is 0.74.6)

Tasks

• [x] Change the Docker base image from amazonlinux:2023.3.20240219.0 to amazonlinux:2023.3.20240304.0.
• [x] Validate the images build without issues.
• [x] Validate the environment deploys without issues.

[vcerenu]

Docker Images Build:

$ build-docker-images/build-images.sh 
Building wazuh.manager
Step 1/25 : FROM amazonlinux:2023.3.20240304.0
2023.3.20240304.0: Pulling from library/amazonlinux
89b8a8416043: Pull complete
Digest: sha256:6ef0881ab074946ab8d1d68a56f3cae2c6f16b5885737601ff8a9325f806780e
Status: Downloaded newer image for amazonlinux:2023.3.20240304.0
 ---> d54cb79e59a5
Step 2/25 : RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 ---> Running in 831609aeb532
 ---> Removed intermediate container 831609aeb532
 ---> 3721140e4a4d
Step 3/25 : ARG WAZUH_VERSION
 ---> Running in 1ff73191e13d
 ---> Removed intermediate container 1ff73191e13d
 ---> fd8a225d71e8
Step 4/25 : ARG WAZUH_TAG_REVISION
 ---> Running in 4bfa17f96b03
 ---> Removed intermediate container 4bfa17f96b03
 ---> 1d71658865bb
Step 5/25 : ARG FILEBEAT_TEMPLATE_BRANCH
 ---> Running in 415eea16f897
 ---> Removed intermediate container 415eea16f897
 ---> 8d62c2a5aa05
Step 6/25 : ARG FILEBEAT_CHANNEL=filebeat-oss
 ---> Running in 43007874a903
 ---> Removed intermediate container 43007874a903
 ---> 707103f12e97
Step 7/25 : ARG FILEBEAT_VERSION=7.10.2
 ---> Running in abda9241e155
 ---> Removed intermediate container abda9241e155
 ---> bd4c2314c809
Step 8/25 : ARG WAZUH_FILEBEAT_MODULE
 ---> Running in 748c00c9ffd4
 ---> Removed intermediate container 748c00c9ffd4
 ---> ba7177f8e2e3
Step 9/25 : ARG S6_VERSION="v2.2.0.3"
 ---> Running in 33aae06562ff
 ---> Removed intermediate container 33aae06562ff
 ---> 3a4fc04559f7
Step 10/25 : RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&    yum clean all
 ---> Running in 2252b2405152
Amazon Linux 2023 repository                    7.3 MB/s |  25 MB     00:03    
Last metadata expiration check: 0:00:07 ago on Wed Mar 13 15:01:19 2024.
Package curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 is already installed.
Package gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 is already installed.
Dependencies resolved.
================================================================================
 Package          Arch       Version                      Repository       Size
================================================================================
Installing:
 findutils        x86_64     1:4.8.0-2.amzn2023.0.2       amazonlinux     539 k
 gzip             x86_64     1.12-1.amzn2023.0.1          amazonlinux     160 k
 openssl          x86_64     1:3.0.8-1.amzn2023.0.11      amazonlinux     1.2 M
 procps-ng        x86_64     3.3.17-1.amzn2023.0.2        amazonlinux     331 k
 tar              x86_64     2:1.34-1.amzn2023.0.4        amazonlinux     879 k
 xz               x86_64     5.2.5-9.amzn2023.0.2         amazonlinux     215 k
Installing dependencies:
 systemd-libs     x86_64     252.16-1.amzn2023.0.2        amazonlinux     623 k

Transaction Summary
================================================================================
Install  7 Packages

Total download size: 3.8 M
Installed size: 10 M
Downloading Packages:
(1/7): xz-5.2.5-9.amzn2023.0.2.x86_64.rpm       976 kB/s | 215 kB     00:00    
(2/7): findutils-4.8.0-2.amzn2023.0.2.x86_64.rp 2.4 MB/s | 539 kB     00:00    
(3/7): procps-ng-3.3.17-1.amzn2023.0.2.x86_64.r 1.3 MB/s | 331 kB     00:00    
(4/7): systemd-libs-252.16-1.amzn2023.0.2.x86_6 3.9 MB/s | 623 kB     00:00    
(5/7): openssl-3.0.8-1.amzn2023.0.11.x86_64.rpm 4.3 MB/s | 1.2 MB     00:00    
(6/7): tar-1.34-1.amzn2023.0.4.x86_64.rpm       3.1 MB/s | 879 kB     00:00    
(7/7): gzip-1.12-1.amzn2023.0.1.x86_64.rpm      789 kB/s | 160 kB     00:00    
--------------------------------------------------------------------------------
Total                                           3.1 MB/s | 3.8 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : systemd-libs-252.16-1.amzn2023.0.2.x86_64              1/7 
  Installing       : procps-ng-3.3.17-1.amzn2023.0.2.x86_64                 2/7 
  Installing       : gzip-1.12-1.amzn2023.0.1.x86_64                        3/7 
  Installing       : tar-2:1.34-1.amzn2023.0.4.x86_64                       4/7 
  Installing       : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 5/7 
  Installing       : xz-5.2.5-9.amzn2023.0.2.x86_64                         6/7 
  Installing       : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                7/7 
  Running scriptlet: findutils-1:4.8.0-2.amzn2023.0.2.x86_64                7/7 
  Verifying        : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                1/7 
  Verifying        : procps-ng-3.3.17-1.amzn2023.0.2.x86_64                 2/7 
  Verifying        : xz-5.2.5-9.amzn2023.0.2.x86_64                         3/7 
  Verifying        : systemd-libs-252.16-1.amzn2023.0.2.x86_64              4/7 
  Verifying        : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 5/7 
  Verifying        : tar-2:1.34-1.amzn2023.0.4.x86_64                       6/7 
  Verifying        : gzip-1.12-1.amzn2023.0.1.x86_64                        7/7 

Installed:
  findutils-1:4.8.0-2.amzn2023.0.2.x86_64                                       
  gzip-1.12-1.amzn2023.0.1.x86_64                                               
  openssl-1:3.0.8-1.amzn2023.0.11.x86_64                                        
  procps-ng-3.3.17-1.amzn2023.0.2.x86_64                                        
  systemd-libs-252.16-1.amzn2023.0.2.x86_64                                     
  tar-2:1.34-1.amzn2023.0.4.x86_64                                              
  xz-5.2.5-9.amzn2023.0.2.x86_64                                                

Complete!
9 files removed
 ---> Removed intermediate container 2252b2405152
 ---> 7693b4370aef
Step 11/25 : COPY config/check_repository.sh /
 ---> 3b30bf862918
Step 12/25 : COPY config/filebeat_module.sh /
 ---> 228ec894a25d
Step 13/25 : COPY config/permanent_data.env config/permanent_data.sh /
 ---> 59ec38bd9443
Step 14/25 : RUN chmod 775 /check_repository.sh
 ---> Running in 64cbadb98a8e
 ---> Removed intermediate container 64cbadb98a8e
 ---> 26d112d54d3b
Step 15/25 : RUN source /check_repository.sh
 ---> Running in 5153ea4ccb9d
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH]
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
 ---> Removed intermediate container 5153ea4ccb9d
 ---> a395219f3f26
Step 16/25 : RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y &&     yum clean all &&     chmod 775 /filebeat_module.sh &&     source /filebeat_module.sh &&     rm /filebeat_module.sh &&     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz     -o /tmp/s6-overlay-amd64.tar.gz &&     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" &&     tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin &&     rm  /tmp/s6-overlay-amd64.tar.gz
 ---> Running in 01bb31c15380
Amazon Linux 2023 repository                    7.2 MB/s |  25 MB     00:03    
EL-2023.3.20240304 - Wazuh                      5.2 MB/s |  24 MB     00:04    
Last metadata expiration check: 0:00:08 ago on Wed Mar 13 15:01:42 2024.
Dependencies resolved.
================================================================================
 Package           Arch       Version                     Repository       Size
================================================================================
Installing:
 wazuh-manager     x86_64     4.8.0-1                     wazuh           291 M
Installing dependencies:
 libsemanage       x86_64     3.4-5.amzn2023.0.2          amazonlinux     121 k
 shadow-utils      x86_64     2:4.9-12.amzn2023.0.4       amazonlinux     1.1 M

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 292 M
Installed size: 883 M
Downloading Packages:
(1/3): libsemanage-3.4-5.amzn2023.0.2.x86_64.rp 779 kB/s | 121 kB     00:00    
(2/3): shadow-utils-4.9-12.amzn2023.0.4.x86_64. 3.3 MB/s | 1.1 MB     00:00    
(3/3): wazuh-manager-4.8.0-1.x86_64.rpm         9.9 MB/s | 291 MB     00:29    
--------------------------------------------------------------------------------
Total                                           9.7 MB/s | 292 MB     00:30     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : libsemanage-3.4-5.amzn2023.0.2.x86_64                  1/3 
  Installing       : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/3 
  Running scriptlet: wazuh-manager-4.8.0-1.x86_64                           3/3 
  Installing       : wazuh-manager-4.8.0-1.x86_64                           3/3 
  Running scriptlet: wazuh-manager-4.8.0-1.x86_64                           3/3 
  Verifying        : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              1/3 
  Verifying        : libsemanage-3.4-5.amzn2023.0.2.x86_64                  2/3 
  Verifying        : wazuh-manager-4.8.0-1.x86_64                           3/3 

Installed:
  libsemanage-3.4-5.amzn2023.0.2.x86_64                                         
  shadow-utils-2:4.9-12.amzn2023.0.4.x86_64                                     
  wazuh-manager-4.8.0-1.x86_64                                                  

Complete!
16 files removed
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 20.7M  100 20.7M    0     0  8618k      0  0:00:02  0:00:02 --:--:-- 8618k
Amazon Linux 2023 repository                    6.6 MB/s |  25 MB     00:03    
EL-2023.3.20240304 - Wazuh                      5.0 MB/s |  24 MB     00:04    
Last metadata expiration check: 0:00:07 ago on Wed Mar 13 15:02:54 2024.
Dependencies resolved.
================================================================================
 Package          Architecture   Version             Repository            Size
================================================================================
Installing:
 filebeat         x86_64         7.10.2-1            @commandline          21 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 21 M
Installed size: 70 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : filebeat-7.10.2-1.x86_64                               1/1 
  Running scriptlet: filebeat-7.10.2-1.x86_64                               1/1 
  Verifying        : filebeat-7.10.2-1.x86_64                               1/1 

Installed:
  filebeat-7.10.2-1.x86_64                                                      

Complete!
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
 ---> Removed intermediate container 01bb31c15380
 ---> 446cd2272666
Step 17/25 : COPY config/etc/ /etc/
 ---> aa07c1d11e2f
Step 18/25 : COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 ---> c1f6895263e0
Step 19/25 : COPY config/filebeat.yml /etc/filebeat/
 ---> 85316e3e518a
Step 20/25 : RUN chmod go-w /etc/filebeat/filebeat.yml
 ---> Running in 995b311ed402
 ---> Removed intermediate container 995b311ed402
 ---> a0c5f9a5b437
Step 21/25 : ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat

 ---> 4407d8c4a9b6
Step 22/25 : RUN chmod go-w /etc/filebeat/wazuh-template.json
 ---> Running in 9f66624f5b78
 ---> Removed intermediate container 9f66624f5b78
 ---> 4e67077fd52d
Step 23/25 : RUN mkdir -p /var/ossec/var/multigroups &&     chown root:wazuh /var/ossec/var/multigroups &&     chmod 770 /var/ossec/var/multigroups &&     mkdir -p /var/ossec/agentless &&     chown root:wazuh /var/ossec/agentless &&     chmod 770 /var/ossec/agentless &&     mkdir -p /var/ossec/active-response/bin &&     chown root:wazuh /var/ossec/active-response/bin &&     chmod 770 /var/ossec/active-response/bin &&     chmod 755 /permanent_data.sh &&     sync && /permanent_data.sh &&     sync && rm /permanent_data.sh
 ---> Running in 92caa004ba83
 ---> Removed intermediate container 92caa004ba83
 ---> ce30d319258b
Step 24/25 : EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 ---> Running in b12e556dac35
 ---> Removed intermediate container b12e556dac35
 ---> aad00e30f4a1
Step 25/25 : ENTRYPOINT [ "/init" ]
 ---> Running in 94a05df4e748
 ---> Removed intermediate container 94a05df4e748
 ---> eab9af778fbb

Successfully built eab9af778fbb
Successfully tagged wazuh/wazuh-manager:4.8.0
Building wazuh.indexer
Step 1/32 : FROM amazonlinux:2023.3.20240304.0 AS builder
 ---> d54cb79e59a5
Step 2/32 : ARG WAZUH_VERSION
 ---> Running in ec6ae5c4f1d2
 ---> Removed intermediate container ec6ae5c4f1d2
 ---> ec90b700ce29
Step 3/32 : ARG WAZUH_TAG_REVISION
 ---> Running in d9a2b0873fe3
 ---> Removed intermediate container d9a2b0873fe3
 ---> 6459c014d01a
Step 4/32 : RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
 ---> Running in 6a64e26518a4
Amazon Linux 2023 repository                    7.6 MB/s |  25 MB     00:03    
Last metadata expiration check: 0:00:06 ago on Wed Mar 13 15:03:20 2024.
Package curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 is already installed.
Dependencies resolved.
================================================================================
 Package          Arch       Version                      Repository       Size
================================================================================
Installing:
 findutils        x86_64     1:4.8.0-2.amzn2023.0.2       amazonlinux     539 k
 openssl          x86_64     1:3.0.8-1.amzn2023.0.11      amazonlinux     1.2 M
 shadow-utils     x86_64     2:4.9-12.amzn2023.0.4        amazonlinux     1.1 M
 tar              x86_64     2:1.34-1.amzn2023.0.4        amazonlinux     879 k
 xz               x86_64     5.2.5-9.amzn2023.0.2         amazonlinux     215 k
Installing dependencies:
 libsemanage      x86_64     3.4-5.amzn2023.0.2           amazonlinux     121 k

Transaction Summary
================================================================================
Install  6 Packages

Total download size: 4.0 M
Installed size: 11 M
Downloading Packages:
(1/6): libsemanage-3.4-5.amzn2023.0.2.x86_64.rp 764 kB/s | 121 kB     00:00    
(2/6): findutils-4.8.0-2.amzn2023.0.2.x86_64.rp 2.4 MB/s | 539 kB     00:00    
(3/6): xz-5.2.5-9.amzn2023.0.2.x86_64.rpm       2.7 MB/s | 215 kB     00:00    
(4/6): shadow-utils-4.9-12.amzn2023.0.4.x86_64. 3.2 MB/s | 1.1 MB     00:00    
(5/6): tar-1.34-1.amzn2023.0.4.x86_64.rpm       4.5 MB/s | 879 kB     00:00    
(6/6): openssl-3.0.8-1.amzn2023.0.11.x86_64.rpm 4.3 MB/s | 1.2 MB     00:00    
--------------------------------------------------------------------------------
Total                                           3.4 MB/s | 4.0 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : libsemanage-3.4-5.amzn2023.0.2.x86_64                  1/6 
  Installing       : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/6 
  Installing       : tar-2:1.34-1.amzn2023.0.4.x86_64                       3/6 
  Installing       : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 4/6 
  Installing       : xz-5.2.5-9.amzn2023.0.2.x86_64                         5/6 
  Installing       : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                6/6 
  Running scriptlet: findutils-1:4.8.0-2.amzn2023.0.2.x86_64                6/6 
  Verifying        : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                1/6 
  Verifying        : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/6 
  Verifying        : libsemanage-3.4-5.amzn2023.0.2.x86_64                  3/6 
  Verifying        : xz-5.2.5-9.amzn2023.0.2.x86_64                         4/6 
  Verifying        : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 5/6 
  Verifying        : tar-2:1.34-1.amzn2023.0.4.x86_64                       6/6 

Installed:
  findutils-1:4.8.0-2.amzn2023.0.2.x86_64                                       
  libsemanage-3.4-5.amzn2023.0.2.x86_64                                         
  openssl-1:3.0.8-1.amzn2023.0.11.x86_64                                        
  shadow-utils-2:4.9-12.amzn2023.0.4.x86_64                                     
  tar-2:1.34-1.amzn2023.0.4.x86_64                                              
  xz-5.2.5-9.amzn2023.0.2.x86_64                                                

Complete!
 ---> Removed intermediate container 6a64e26518a4
 ---> 5b3e9271ba77
Step 5/32 : COPY config/opensearch.yml /
 ---> 66d04da8a2d8
Step 6/32 : COPY config/config.sh .
 ---> 7f89b72b7e27
Step 7/32 : COPY config/config.yml /
 ---> 3c50ffe2020a
Step 8/32 : COPY config/action_groups.yml /
 ---> a1f94b812abf
Step 9/32 : COPY config/internal_users.yml /
 ---> c7d10c9bf9c2
Step 10/32 : COPY config/roles_mapping.yml /
 ---> 878337d9149f
Step 11/32 : COPY config/roles.yml /
 ---> 5de5ddf8a601
Step 12/32 : RUN bash config.sh
 ---> Running in 1bfe3f5fab56
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  723M  100  723M    0     0  10.0M      0  0:01:12  0:01:12 --:--:-- 9051k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 36313  100 36313    0     0   128k      0 --:--:-- --:--:-- --:--:--  128k
Cert tool exists in Packages-dev bucket
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 42851  100 42851    0     0   144k      0 --:--:-- --:--:-- --:--:--  144k
Password tool exists in Packages-dev bucket
13/03/2024 15:05:13 INFO: Generating the root certificate.
13/03/2024 15:05:13 INFO: Generating Admin certificates.
13/03/2024 15:05:14 INFO: Admin certificates created.
13/03/2024 15:05:14 INFO: Generating Wazuh indexer certificates.
13/03/2024 15:05:14 INFO: Wazuh indexer certificates created.
 ---> Removed intermediate container 1bfe3f5fab56
 ---> 750ca0e2494d

Step 13/32 : FROM amazonlinux:2023.3.20240304.0
 ---> d54cb79e59a5
Step 14/32 : ENV USER="wazuh-indexer"     GROUP="wazuh-indexer"     NAME="wazuh-indexer"     INSTALL_DIR="/usr/share/wazuh-indexer"
 ---> Running in 67fa968d44f0
 ---> Removed intermediate container 67fa968d44f0
 ---> d81bcd36b9ca
Step 15/32 : RUN yum install curl-minimal shadow-utils findutils hostname -y
 ---> Running in 8e039ed39798
Amazon Linux 2023 repository                    6.0 MB/s |  25 MB     00:04    
Last metadata expiration check: 0:00:06 ago on Wed Mar 13 15:05:30 2024.
Package curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 is already installed.
Dependencies resolved.
================================================================================
 Package          Arch       Version                      Repository       Size
================================================================================
Installing:
 findutils        x86_64     1:4.8.0-2.amzn2023.0.2       amazonlinux     539 k
 hostname         x86_64     3.23-4.amzn2023.0.3          amazonlinux      28 k
 shadow-utils     x86_64     2:4.9-12.amzn2023.0.4        amazonlinux     1.1 M
Installing dependencies:
 libsemanage      x86_64     3.4-5.amzn2023.0.2           amazonlinux     121 k

Transaction Summary
================================================================================
Install  4 Packages

Total download size: 1.8 M
Installed size: 5.7 M
Downloading Packages:
(1/4): libsemanage-3.4-5.amzn2023.0.2.x86_64.rp 703 kB/s | 121 kB     00:00    
(2/4): findutils-4.8.0-2.amzn2023.0.2.x86_64.rp 2.1 MB/s | 539 kB     00:00    
(3/4): hostname-3.23-4.amzn2023.0.3.x86_64.rpm  341 kB/s |  28 kB     00:00    
(4/4): shadow-utils-4.9-12.amzn2023.0.4.x86_64. 3.0 MB/s | 1.1 MB     00:00    
--------------------------------------------------------------------------------
Total                                           1.7 MB/s | 1.8 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : libsemanage-3.4-5.amzn2023.0.2.x86_64                  1/4 
  Installing       : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/4 
  Installing       : hostname-3.23-4.amzn2023.0.3.x86_64                    3/4 
  Running scriptlet: hostname-3.23-4.amzn2023.0.3.x86_64                    3/4 
  Installing       : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                4/4 
  Running scriptlet: findutils-1:4.8.0-2.amzn2023.0.2.x86_64                4/4 
  Verifying        : findutils-1:4.8.0-2.amzn2023.0.2.x86_64                1/4 
  Verifying        : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/4 
  Verifying        : libsemanage-3.4-5.amzn2023.0.2.x86_64                  3/4 
  Verifying        : hostname-3.23-4.amzn2023.0.3.x86_64                    4/4 

Installed:
  findutils-1:4.8.0-2.amzn2023.0.2.x86_64                                       
  hostname-3.23-4.amzn2023.0.3.x86_64                                           
  libsemanage-3.4-5.amzn2023.0.2.x86_64                                         
  shadow-utils-2:4.9-12.amzn2023.0.4.x86_64                                     

Complete!
 ---> Removed intermediate container 8e039ed39798
 ---> a96f4c943375
Step 16/32 : RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 ---> Running in 72e098add48a
 ---> Removed intermediate container 72e098add48a
 ---> 36bab89f94a6
Step 17/32 : RUN useradd --system             --uid 1000             --no-create-home             --home-dir $INSTALL_DIR             --gid $GROUP             --shell /sbin/nologin             --comment "$USER user"             $USER
 ---> Running in 31852d22e4ef
useradd warning: wazuh-indexer's uid 1000 is greater than SYS_UID_MAX 999
 ---> Removed intermediate container 31852d22e4ef
 ---> 389039e0b850
Step 18/32 : WORKDIR $INSTALL_DIR
 ---> Running in d7c2d592bdef
 ---> Removed intermediate container d7c2d592bdef
 ---> 3cd397eabda1
Step 19/32 : COPY config/entrypoint.sh /
 ---> 2207790fa072
Step 20/32 : COPY config/securityadmin.sh /
 ---> 07495da6738b
Step 21/32 : RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
 ---> Running in 0239b67783af
 ---> Removed intermediate container 0239b67783af
 ---> a8994da2d755
Step 22/32 : RUN chown 1000:1000 /*.sh
 ---> Running in 599c6538db30
 ---> Removed intermediate container 599c6538db30
 ---> 90d0111e8c09
Step 23/32 : COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 ---> 4dff394b62ab
Step 24/32 : COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 ---> a5a6f34315a8
Step 25/32 : COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 ---> af3da7e543e5
Step 26/32 : COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
 ---> ecb3d3b2317c
Step 27/32 : RUN chown -R 1000:1000 /usr/share/wazuh-indexer
 ---> Running in 18ff5d820b4c
 ---> Removed intermediate container 18ff5d820b4c
 ---> d6f6812b5931
Step 28/32 : RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer &&     mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs &&     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer &&     mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer &&     chmod 700 /usr/share/wazuh-indexer &&     chmod 600 /usr/share/wazuh-indexer/jvm.options &&     chmod 600 /usr/share/wazuh-indexer/opensearch.yml
 ---> Running in 20d700125e22
 ---> Removed intermediate container 20d700125e22
 ---> 2b6613445f29
Step 29/32 : USER wazuh-indexer
 ---> Running in da9beb60896c
 ---> Removed intermediate container da9beb60896c
 ---> 1b16fbf6c2f7
Step 30/32 : EXPOSE 9200
 ---> Running in 5470bc5ad58e
 ---> Removed intermediate container 5470bc5ad58e
 ---> 7650be99102b
Step 31/32 : ENTRYPOINT ["/entrypoint.sh"]
 ---> Running in 49a6b73a8974
 ---> Removed intermediate container 49a6b73a8974
 ---> 180db3a69618
Step 32/32 : CMD ["opensearchwrapper"]
 ---> Running in 6144c802390b
 ---> Removed intermediate container 6144c802390b
 ---> 2e19579b35e5

Successfully built 2e19579b35e5
Successfully tagged wazuh/wazuh-indexer:4.8.0
Building wazuh.dashboard
Step 1/39 : FROM amazonlinux:2023.3.20240304.0 AS builder
 ---> d54cb79e59a5
Step 2/39 : ARG WAZUH_VERSION
 ---> Running in 4d9f36beb6db
 ---> Removed intermediate container 4d9f36beb6db
 ---> ea5e6765bff6
Step 3/39 : ARG WAZUH_TAG_REVISION
 ---> Running in 0a332b64ea5c
 ---> Removed intermediate container 0a332b64ea5c
 ---> ab9215a436f1
Step 4/39 : ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 ---> Running in d3aee44304f9
 ---> Removed intermediate container d3aee44304f9
 ---> 10542a84b60b
Step 5/39 : ARG WAZUH_UI_REVISION
 ---> Running in c5ad7ff240c8
 ---> Removed intermediate container c5ad7ff240c8
 ---> 4903493e3141
Step 6/39 : RUN yum install curl-minimal libcap xz tar openssl -y
 ---> Running in 3062848ca2ca
Amazon Linux 2023 repository                    8.1 MB/s |  25 MB     00:03    
Last metadata expiration check: 0:00:06 ago on Wed Mar 13 15:05:59 2024.
Package curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 is already installed.
Package libcap-2.48-2.amzn2023.0.3.x86_64 is already installed.
Dependencies resolved.
================================================================================
 Package      Arch        Version                        Repository        Size
================================================================================
Installing:
 openssl      x86_64      1:3.0.8-1.amzn2023.0.11        amazonlinux      1.2 M
 tar          x86_64      2:1.34-1.amzn2023.0.4          amazonlinux      879 k
 xz           x86_64      5.2.5-9.amzn2023.0.2           amazonlinux      215 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 2.2 M
Installed size: 5.5 M
Downloading Packages:
(1/3): xz-5.2.5-9.amzn2023.0.2.x86_64.rpm       1.6 MB/s | 215 kB     00:00    
(2/3): tar-1.34-1.amzn2023.0.4.x86_64.rpm       2.6 MB/s | 879 kB     00:00    
(3/3): openssl-3.0.8-1.amzn2023.0.11.x86_64.rpm 3.4 MB/s | 1.2 MB     00:00    
--------------------------------------------------------------------------------
Total                                           2.3 MB/s | 2.2 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : tar-2:1.34-1.amzn2023.0.4.x86_64                       1/3 
  Installing       : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 2/3 
  Installing       : xz-5.2.5-9.amzn2023.0.2.x86_64                         3/3 
  Running scriptlet: xz-5.2.5-9.amzn2023.0.2.x86_64                         3/3 
  Verifying        : xz-5.2.5-9.amzn2023.0.2.x86_64                         1/3 
  Verifying        : openssl-1:3.0.8-1.amzn2023.0.11.x86_64                 2/3 
  Verifying        : tar-2:1.34-1.amzn2023.0.4.x86_64                       3/3 

Installed:
  openssl-1:3.0.8-1.amzn2023.0.11.x86_64    tar-2:1.34-1.amzn2023.0.4.x86_64   
  xz-5.2.5-9.amzn2023.0.2.x86_64           

Complete!
 ---> Removed intermediate container 3062848ca2ca
 ---> 3133adf83801
Step 7/39 : RUN mkdir -p $INSTALL_DIR
 ---> Running in 093c224f8aec
 ---> Removed intermediate container 093c224f8aec
 ---> 75524e77f1aa
Step 8/39 : COPY config/dl_base.sh .
 ---> 6406c101ca40
Step 9/39 : RUN bash dl_base.sh
 ---> Running in 35912cdb4441
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  153M  100  153M    0     0  10.9M      0  0:00:14  0:00:14 --:--:-- 11.6M
 ---> Removed intermediate container 35912cdb4441
 ---> a3d4709f9337
Step 10/39 : COPY config/config.sh .
 ---> e09d73975563
Step 11/39 : COPY config/config.yml /
 ---> 93e9ebbc5eac
Step 12/39 : RUN bash config.sh
 ---> Running in 51ef188ad212
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 36313  100 36313    0     0   113k      0 --:--:-- --:--:-- --:--:--  114k
Cert tool exists in Packages-dev bucket
13/03/2024 15:06:53 INFO: Generating the root certificate.
13/03/2024 15:06:53 INFO: Generating Admin certificates.
13/03/2024 15:06:53 INFO: Admin certificates created.
13/03/2024 15:06:53 INFO: Generating Wazuh dashboard certificates.
13/03/2024 15:06:54 INFO: Wazuh dashboard certificates created.
 ---> Removed intermediate container 51ef188ad212
 ---> 865774b52a6c
Step 13/39 : COPY config/install_wazuh_app.sh /
 ---> 36e3ae39f952
Step 14/39 : RUN chmod 775 /install_wazuh_app.sh
 ---> Running in 0a408128394c
 ---> Removed intermediate container 0a408128394c
 ---> 7c1d2081c02e
Step 15/39 : RUN bash /install_wazuh_app.sh
 ---> Running in 9de9765754c6
Attempting to transfer from https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-4.8.0-1.zip
Transferring 34136679 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation complete
Attempting to transfer from https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-4.8.0-1.zip
Transferring 1877165 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation complete
Attempting to transfer from https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-4.8.0-1.zip
Transferring 3208626 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation complete
 ---> Removed intermediate container 9de9765754c6
 ---> e8a319753ed6
Step 16/39 : COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
 ---> 902778d8f61f
Step 17/39 : COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 ---> 4433f52e3865
Step 18/39 : RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 ---> Running in b385022dfd0c
 ---> Removed intermediate container b385022dfd0c
 ---> 168d84600a5b
Step 19/39 : RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 ---> Running in 1f667015e821
 ---> Removed intermediate container 1f667015e821
 ---> 553529dffa04
Step 20/39 : RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 ---> Running in c5d5742dd82d
 ---> Removed intermediate container c5d5742dd82d
 ---> 865f147066f9
Step 21/39 : RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 ---> Running in c18885b623ba
 ---> Removed intermediate container c18885b623ba
 ---> 8eb5d317b202

Step 22/39 : FROM amazonlinux:2023.3.20240304.0
 ---> d54cb79e59a5
Step 23/39 : ENV USER="wazuh-dashboard"     GROUP="wazuh-dashboard"     NAME="wazuh-dashboard"     INSTALL_DIR="/usr/share/wazuh-dashboard"
 ---> Running in 2ed63b4faf2c
 ---> Removed intermediate container 2ed63b4faf2c
 ---> 64daff836cc4
Step 24/39 : ENV PATTERN=""     CHECKS_PATTERN=""     CHECKS_TEMPLATE=""     CHECKS_API=""     CHECKS_SETUP=""     EXTENSIONS_PCI=""     EXTENSIONS_GDPR=""     EXTENSIONS_HIPAA=""     EXTENSIONS_NIST=""     EXTENSIONS_TSC=""     EXTENSIONS_AUDIT=""     EXTENSIONS_OSCAP=""     EXTENSIONS_CISCAT=""     EXTENSIONS_AWS=""     EXTENSIONS_GCP=""     EXTENSIONS_GITHUB=""    EXTENSIONS_OFFICE=""    EXTENSIONS_VIRUSTOTAL=""     EXTENSIONS_OSQUERY=""     EXTENSIONS_DOCKER=""     APP_TIMEOUT=""     API_SELECTOR=""     IP_SELECTOR=""     IP_IGNORE=""     WAZUH_MONITORING_ENABLED=""     WAZUH_MONITORING_FREQUENCY=""     WAZUH_MONITORING_SHARDS=""     WAZUH_MONITORING_REPLICAS=""
 ---> Running in a10e2d5f5ac8
 ---> Removed intermediate container a10e2d5f5ac8
 ---> 38a3c5c1c433
Step 25/39 : RUN yum install shadow-utils -y
 ---> Running in e25e3270cb15
Amazon Linux 2023 repository                    3.8 MB/s |  25 MB     00:06    
Last metadata expiration check: 0:00:06 ago on Wed Mar 13 15:07:16 2024.
Dependencies resolved.
================================================================================
 Package          Arch       Version                      Repository       Size
================================================================================
Installing:
 shadow-utils     x86_64     2:4.9-12.amzn2023.0.4        amazonlinux     1.1 M
Installing dependencies:
 libsemanage      x86_64     3.4-5.amzn2023.0.2           amazonlinux     121 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 1.2 M
Installed size: 4.0 M
Downloading Packages:
(1/2): libsemanage-3.4-5.amzn2023.0.2.x86_64.rp  99 kB/s | 121 kB     00:01    
(2/2): shadow-utils-4.9-12.amzn2023.0.4.x86_64. 762 kB/s | 1.1 MB     00:01    
--------------------------------------------------------------------------------
Total                                           463 kB/s | 1.2 MB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : libsemanage-3.4-5.amzn2023.0.2.x86_64                  1/2 
  Installing       : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/2 
  Running scriptlet: shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              2/2 
  Verifying        : shadow-utils-2:4.9-12.amzn2023.0.4.x86_64              1/2 
  Verifying        : libsemanage-3.4-5.amzn2023.0.2.x86_64                  2/2 

Installed:
  libsemanage-3.4-5.amzn2023.0.2.x86_64                                         
  shadow-utils-2:4.9-12.amzn2023.0.4.x86_64                                     

Complete!
 ---> Removed intermediate container e25e3270cb15
 ---> e9066bbf1bcc
Step 26/39 : RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 ---> Running in 9953b7b7dbc6
 ---> Removed intermediate container 9953b7b7dbc6
 ---> d345e1907f3d
Step 27/39 : RUN useradd --system             --uid 1000             --no-create-home             --home-dir $INSTALL_DIR             --gid $GROUP             --shell /sbin/nologin             --comment "$USER user"             $USER
 ---> Running in 914f448b0b5a
useradd warning: wazuh-dashboard's uid 1000 is greater than SYS_UID_MAX 999
 ---> Removed intermediate container 914f448b0b5a
 ---> 67ed38db421d
Step 28/39 : COPY config/entrypoint.sh /
 ---> 6081d03ea785
Step 29/39 : COPY config/wazuh_app_config.sh /
 ---> 187ed79276cb
Step 30/39 : RUN chmod 700 /entrypoint.sh
 ---> Running in 6efec56ad592
 ---> Removed intermediate container 6efec56ad592
 ---> 14599895ac53
Step 31/39 : RUN chmod 700 /wazuh_app_config.sh
 ---> Running in 712d2a1f20f5
 ---> Removed intermediate container 712d2a1f20f5
 ---> 5807ee983f44
Step 32/39 : RUN chown 1000:1000 /*.sh
 ---> Running in a07c9626db6a
 ---> Removed intermediate container a07c9626db6a
 ---> 0ed6a09e3fb7
Step 33/39 : COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 ---> 8d4db245b57c
Step 34/39 : RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 ---> Running in dbff2b68b85d
 ---> Removed intermediate container dbff2b68b85d
 ---> 02bbad08ed41
Step 35/39 : RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 ---> Running in 3a853d3b789c
 ---> Removed intermediate container 3a853d3b789c
 ---> 305a246239b7
Step 36/39 : WORKDIR $INSTALL_DIR
 ---> Running in 65392d4b7868
 ---> Removed intermediate container 65392d4b7868
 ---> 8159cd529de3
Step 37/39 : USER wazuh-dashboard
 ---> Running in 20350050515e
 ---> Removed intermediate container 20350050515e
 ---> 68b83c308389
Step 38/39 : EXPOSE 443
 ---> Running in 0b4a3653d4ea
 ---> Removed intermediate container 0b4a3653d4ea
 ---> 62fbe97abc62
Step 39/39 : ENTRYPOINT [ "/entrypoint.sh" ]
 ---> Running in c4897ee85774
 ---> Removed intermediate container c4897ee85774
 ---> 12dc721f8554

Successfully built 12dc721f8554
Successfully tagged wazuh/wazuh-dashboard:4.8.0

[vcerenu]

Docker Compose deploy:

$ cd single-node/
$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED              STATUS              PORTS                                                                                                                                                           NAMES
d27d30a4dd36   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         About a minute ago   Up About a minute   443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp                                                                                                                single-node_wazuh.dashboard_1
97c89265ab47   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   About a minute ago   Up About a minute   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node_wazuh.indexer_1
31eb69c0a924   wazuh/wazuh-manager:4.8.0     "/init"                  About a minute ago   Up About a minute   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node_wazuh.manager_1

Wazuh manager logs:

$ docker logs single-node_wazuh.manager_1 
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
Installing /var/ossec/api/configuration
/var/ossec/data_tmp/permanent/var/ossec/etc/
Installing /var/ossec/etc
/var/ossec/data_tmp/permanent/var/ossec/logs/
Installing /var/ossec/logs
/var/ossec/data_tmp/permanent/var/ossec/queue/
Installing /var/ossec/queue
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/wodles/
Installing /var/ossec/wodles
/var/ossec/data_tmp/permanent/etc/filebeat/
Installing /etc/filebeat
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/orm.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/391/task/391/fd/5': No such file or directory
find: '/proc/391/task/391/fdinfo/5': No such file or directory
find: '/proc/391/fd/6': No such file or directory
find: '/proc/391/fdinfo/6': No such file or directory
find: '/proc/392/task/392/fd/5': No such file or directory
find: '/proc/392/task/392/fdinfo/5': No such file or directory
find: '/proc/392/fd/6': No such file or directory
find: '/proc/392/fdinfo/6': No such file or directory
find: '/proc/393/task/393/fd/5': No such file or directory
find: '/proc/393/task/393/fdinfo/5': No such file or directory
find: '/proc/393/fd/6': No such file or directory
find: '/proc/393/fdinfo/6': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Configuring password.
2024/03/13 15:08:31 wazuh-modulesd:router: INFO: Loaded router module.
2024/03/13 15:08:31 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.8.0...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/03/13 15:08:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/03/13 15:08:42 wazuh-modulesd:router: INFO: Loaded router module.
2024/03/13 15:08:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
starting Filebeat
2024/03/13 15:08:42 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting...
2024/03/13 15:08:42 sca: INFO: Starting Security Configuration Assessment scan.
2024/03/13 15:08:42 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started.
2024/03/13 15:08:42 sca: INFO: Skipping policy '/var/ossec/ruleset/sca/cis_amazon_linux_1.yml': 'Check Amazon Linux version.'
2024/03/13 15:08:42 sca: INFO: Security Configuration Assessment scan finished. Duration: 0 seconds.
2024/03/13 15:08:42 wazuh-modulesd:syscollector: INFO: Module started.
2024/03/13 15:08:42 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/03/13 15:08:43 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/03/13 15:08:43 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2024/03/13 15:08:43 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Couldn't connect to server. Retrying in 2 seconds. Maximum wait time: 60 seconds.
2024/03/13 15:08:46 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. HTTP error: HTTP response code said error (Status code: 503).. Retrying in 4 seconds. Maximum wait time: 60 seconds.
2024-03-13T15:08:46.450Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-03-13T15:08:46.454Z    INFO    instance/beat.go:653    Beat ID: 98b115ab-1769-432b-b826-0dc934f92796
2024-03-13T15:08:46.455Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-03-13T15:08:46.461Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "98b115ab-1769-432b-b826-0dc934f92796"}}}
2024-03-13T15:08:46.461Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-03-13T15:08:46.461Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-03-13T15:08:46.462Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-03-13T08:25:08Z","containerized":true,"name":"wazuh.manager","ip":["127.0.0.1/8","172.22.0.3/16"],"kernel_version":"5.15.0-92-generic","mac":["02:42:ac:16:00:03"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":3,"patch":20240304},"timezone":"UTC","timezone_offset_sec":0}}}
2024-03-13T15:08:46.462Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1170, "ppid": 1155, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-03-13T15:08:45.590Z"}}}
2024-03-13T15:08:46.463Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-03-13T15:08:46.465Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-03-13T15:08:46.468Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-03-13T15:08:46.471Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-03-13T15:08:46.471Z    INFO    instance/beat.go:455    filebeat start running.
2024-03-13T15:08:46.475Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-03-13T15:08:46.475Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
2024-03-13T15:08:46.476Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 0
2024-03-13T15:08:46.476Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-03-13T15:08:46.477Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-03-13T15:08:46.477Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-03-13T15:08:46.477Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024-03-13T15:08:46.479Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024/03/13 15:08:50 indexer-connector: INFO: IndexerConnector initialized.
2024-03-13T15:08:54.488Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-03-13T15:08:54.488Z    INFO    [publisher] pipeline/retry.go:223     done
2024-03-13T15:08:54.489Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-03-13T15:08:54.539Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-03-13T15:08:54.543Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-03-13T15:08:54.548Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-03-13T15:08:54.551Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-03-13T15:08:54.692Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-03-13T15:08:54.692Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024-03-13T15:08:54.803Z    INFO    fileset/pipelines.go:143    Elasticsearch pipeline with ID 'filebeat-7.10.2-wazuh-alerts-pipeline' loaded
2024-03-13T15:08:54.806Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/03/13 15:08:58 rootcheck: INFO: Ending rootcheck scan.
2024/03/13 15:09:07 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2024/03/13 15:09:08 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager'
2024/03/13 15:09:08 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
2024/03/13 15:09:08 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/03/13 15:09:15 wazuh-modulesd:content-updater: INFO: Data published
2024/03/13 15:09:15 wazuh-modulesd:vulnerability-scanner: INFO: Processing message
2024/03/13 15:09:15 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished
2024/03/13 15:09:15 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/245855-api_file.json
2024/03/13 15:09:27 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager'
2024/03/13 15:09:27 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started
2024/03/13 15:09:27 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished

Wazuh dashboard deploy:

$ docker logs single-node_wazuh.dashboard_1 
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-03-13T15:08:29Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-03-13T15:08:29Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-03-13T15:08:29Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-03-13T15:08:29Z","tags":["warning","config","deprecation"],"pid":55,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
{"type":"log","@timestamp":"2024-03-13T15:08:29Z","tags":["info","plugins-system"],"pid":55,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,management,indexPatternManagement,advancedSettings,console,notificationsDashboards,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-03-13T15:08:30Z","tags":["info","savedobjects-service"],"pid":55,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-03-13T15:08:30Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:30Z","tags":["error","savedobjects-service"],"pid":55,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-03-13T15:08:32Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:35Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:37Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:40Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:42Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 172.22.0.2:9200"}
{"type":"log","@timestamp":"2024-03-13T15:08:46Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["info","savedobjects-service"],"pid":55,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["info","savedobjects-service"],"pid":55,"message":"Creating index .kibana_1."}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["info","savedobjects-service"],"pid":55,"message":"Pointing alias .kibana to .kibana_1."}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["info","savedobjects-service"],"pid":55,"message":"Finished in 355ms."}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["info","plugins-system"],"pid":55,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,management,indexPatternManagement,advancedSettings,console,notificationsDashboards,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-03-13T15:08:48Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-03-13T15:08:49Z","tags":["listening","info"],"pid":55,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-03-13T15:08:49Z","tags":["info","http","server","OpenSearchDashboards"],"pid":55,"message":"http server running at https://0.0.0.0:5601"}

Wazuh indexer logs:

$ docker logs single-node_wazuh.indexer_1 
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-03-13T15:08:28,510][INFO ][o.o.n.Node               ] [wazuh.indexer] version[2.10.0], pid[1], build[rpm/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z], OS[Linux/5.15.0-92-generic/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.8/17.0.8+7]
[2024-03-13T15:08:28,513][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true]
[2024-03-13T15:08:28,514][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15974004542580842527, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-03-13T15:08:29,646][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
[2024-03-13T15:08:29,646][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-03-13T15:08:29,982][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-03-13T15:08:29,986][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-03-13T15:08:30,691][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-03-13T15:08:30,693][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-03-13T15:08:30,693][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
[2024-03-13T15:08:30,694][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-03-13T15:08:30,694][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2]
[2024-03-13T15:08:30,718][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-03-13T15:08:30,809][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-03-13T15:08:30,810][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-03-13T15:08:30,810][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-03-13T15:08:30,811][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-03-13T15:08:30,811][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,812][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,812][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,813][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,813][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,814][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,814][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,814][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,815][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,815][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,816][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,817][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,817][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,817][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,818][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,818][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,818][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,819][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,819][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,819][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,820][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,820][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,821][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,821][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,821][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,822][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,822][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,822][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,822][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,823][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,823][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,823][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,824][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,824][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,824][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,824][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,825][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,825][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,825][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,825][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,826][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,826][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,826][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,826][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-03-13T15:08:30,827][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-03-13T15:08:34,905][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-03-13T15:08:34,906][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-03-13T15:08:35,446][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-03-13T15:08:35,449][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-03-13T15:08:35,507][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-03-13T15:08:35,526][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-03-13T15:08:35,527][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-03-13T15:08:35,529][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource
[2024-03-13T15:08:35,534][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-03-13T15:08:35,534][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
[2024-03-13T15:08:35,534][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
[2024-03-13T15:08:35,535][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
[2024-03-13T15:08:35,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
[2024-03-13T15:08:35,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-03-13T15:08:35,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
[2024-03-13T15:08:35,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
[2024-03-13T15:08:35,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
[2024-03-13T15:08:35,537][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
[2024-03-13T15:08:35,537][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
[2024-03-13T15:08:35,537][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [search-pipeline-common]
[2024-03-13T15:08:35,537][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
[2024-03-13T15:08:35,537][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
[2024-03-13T15:08:35,538][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-03-13T15:08:35,538][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-03-13T15:08:35,538][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-custom-codecs]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-geospatial]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-03-13T15:08:35,539][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-03-13T15:08:35,540][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-ml]
[2024-03-13T15:08:35,540][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-neural-search]
[2024-03-13T15:08:35,540][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications]
[2024-03-13T15:08:35,540][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications-core]
[2024-03-13T15:08:35,540][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-03-13T15:08:35,541][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-03-13T15:08:35,541][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-03-13T15:08:35,541][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-03-13T15:08:35,541][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security-analytics]
[2024-03-13T15:08:35,541][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-03-13T15:08:35,578][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-03-13T15:08:35,582][INFO ][o.o.e.ExtensionsManager  ] [wazuh.indexer] ExtensionsManager initialized
[2024-03-13T15:08:35,725][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/sda5)]], net usable_space [30.2gb], net total_space [99.9gb], types [ext4]
[2024-03-13T15:08:35,725][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [1gb], compressed ordinary object pointers [true]
[2024-03-13T15:08:35,752][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [g6QhEWYGTWWQ-1Urcv76uA], cluster name [opensearch], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-03-13T15:08:39,551][INFO ][o.o.n.p.NeuralSearch     ] [wazuh.indexer] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled]
[2024-03-13T15:08:39,943][WARN ][o.o.s.c.Salt             ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-03-13T15:08:39,977][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-03-13T15:08:39,978][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-03-13T15:08:39,979][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Message routing enabled: false
[2024-03-13T15:08:40,013][INFO ][o.o.s.f.SecurityFilter   ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-03-13T15:08:40,316][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
[2024-03-13T15:08:40,682][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML memory breaker.
[2024-03-13T15:08:40,684][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML disk breaker.
[2024-03-13T15:08:40,684][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML native memory breaker.
[2024-03-13T15:08:40,805][INFO ][o.r.Reflections          ] [wazuh.indexer] Reflections took 47 ms to scan 1 urls, producing 17 keys and 43 values 
[2024-03-13T15:08:40,878][WARN ][o.o.s.p.SQLPlugin        ] [wazuh.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-03-13T15:08:41,449][INFO ][o.o.t.NettyAllocator     ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
[2024-03-13T15:08:41,566][INFO ][o.o.d.DiscoveryModule    ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-03-13T15:08:42,058][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-03-13T15:08:42,647][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-03-13T15:08:42,692][INFO ][o.o.n.Node               ] [wazuh.indexer] initialized
[2024-03-13T15:08:42,693][INFO ][o.o.n.Node               ] [wazuh.indexer] starting ...
[2024-03-13T15:08:42,742][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [windows_logtype.json] log type
[2024-03-13T15:08:42,743][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [vpcflow_logtype.json] log type
[2024-03-13T15:08:42,744][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [test_windows_logtype.json] log type
[2024-03-13T15:08:42,745][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [s3_logtype.json] log type
[2024-03-13T15:08:42,745][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_web_logtype.json] log type
[2024-03-13T15:08:42,746][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_proxy_logtype.json] log type
[2024-03-13T15:08:42,747][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_macos_logtype.json] log type
[2024-03-13T15:08:42,748][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_compliance_logtype.json] log type
[2024-03-13T15:08:42,748][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_cloud_logtype.json] log type
[2024-03-13T15:08:42,748][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_apt_logtype.json] log type
[2024-03-13T15:08:42,749][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_application_logtype.json] log type
[2024-03-13T15:08:42,749][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [okta_logtype.json] log type
[2024-03-13T15:08:42,750][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [network_logtype.json] log type
[2024-03-13T15:08:42,750][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [netflow_logtype.json] log type
[2024-03-13T15:08:42,751][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [m365_logtype.json] log type
[2024-03-13T15:08:42,751][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [linux_logtype.json] log type
[2024-03-13T15:08:42,752][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [gworkspace_logtype.json] log type
[2024-03-13T15:08:42,752][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [github_logtype.json] log type
[2024-03-13T15:08:42,752][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [dns_logtype.json] log type
[2024-03-13T15:08:42,753][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [cloudtrail_logtype.json] log type
[2024-03-13T15:08:42,755][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [azure_logtype.json] log type
[2024-03-13T15:08:42,756][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [apache_access_logtype.json] log type
[2024-03-13T15:08:42,757][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [ad_ldap_logtype.json] log type
[2024-03-13T15:08:42,908][INFO ][o.o.t.TransportService   ] [wazuh.indexer] publish_address {172.22.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2024-03-13T15:08:42,911][INFO ][o.o.t.TransportService   ] [wazuh.indexer] Remote clusters initialized successfully.
[2024-03-13T15:08:43,132][WARN ][o.o.b.BootstrapChecks    ] [wazuh.indexer] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2024-03-13T15:08:43,151][INFO ][o.o.c.c.Coordinator      ] [wazuh.indexer] setting initial configuration to VotingConfiguration{g6QhEWYGTWWQ-1Urcv76uA}
[2024-03-13T15:08:43,407][INFO ][o.o.c.s.MasterService    ] [wazuh.indexer] elected-as-cluster-manager ([1] nodes joined)[{wazuh.indexer}{g6QhEWYGTWWQ-1Urcv76uA}{nmn2_8dNTza7aurc3PBOrw}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: cluster-manager node changed {previous [], current [{wazuh.indexer}{g6QhEWYGTWWQ-1Urcv76uA}{nmn2_8dNTza7aurc3PBOrw}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-03-13T15:08:43,462][INFO ][o.o.c.c.CoordinationState] [wazuh.indexer] cluster UUID set to [W5BsNsSOT5uIGvHMTCVN5g]
[2024-03-13T15:08:43,500][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] cluster-manager node changed {previous [], current [{wazuh.indexer}{g6QhEWYGTWWQ-1Urcv76uA}{nmn2_8dNTza7aurc3PBOrw}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2024-03-13T15:08:43,515][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-03-13T15:08:43,523][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:43,545][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cache cluster manager node onClusterManager time: 1710342523545
[2024-03-13T15:08:43,556][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-03-13T15:08:43,570][INFO ][o.o.d.PeerFinder         ] [wazuh.indexer] setting findPeersInterval to [1s] as node commission status = [true] for local node [{wazuh.indexer}{g6QhEWYGTWWQ-1Urcv76uA}{nmn2_8dNTza7aurc3PBOrw}{172.22.0.2}{172.22.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]
[2024-03-13T15:08:43,575][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.22.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2024-03-13T15:08:43,576][INFO ][o.o.n.Node               ] [wazuh.indexer] started
[2024-03-13T15:08:43,579][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-03-13T15:08:43,579][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-03-13T15:08:43,581][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-03-13T15:08:43,582][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-03-13T15:08:43,585][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Wait for cluster to be available ...
[2024-03-13T15:08:43,613][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Node added: [g6QhEWYGTWWQ-1Urcv76uA]
[2024-03-13T15:08:43,615][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Add data node to AD version hash ring: g6QhEWYGTWWQ-1Urcv76uA
[2024-03-13T15:08:43,618][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] All nodes with known AD version: {g6QhEWYGTWWQ-1Urcv76uA=ADNodeInfo{version=2.10.0, isEligibleDataNode=true}}
[2024-03-13T15:08:43,619][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-03-13T15:08:43,619][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Build AD version hash ring successfully
[2024-03-13T15:08:43,620][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:43,622][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] Start migrating AD data
[2024-03-13T15:08:43,622][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-03-13T15:08:43,622][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-03-13T15:08:43,645][INFO ][o.o.g.GatewayService     ] [wazuh.indexer] recovered [0] indices into cluster_state
[2024-03-13T15:08:43,681][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/aa2YjEOQS9eadeTESttVcg]
[2024-03-13T15:08:43,870][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opensearch-observability] creating index, cause [api], templates [], shards [1]/[0]
[2024-03-13T15:08:43,917][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/aa2YjEOQS9eadeTESttVcg]
[2024-03-13T15:08:43,981][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,024][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:44,065][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opensearch-sap-log-types-config] creating index, cause [auto(sap-logtype api)], templates [], shards [1]/[1]
[2024-03-13T15:08:44,067][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opensearch-sap-log-types-config]
[2024-03-13T15:08:44,142][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:44,200][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,315][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,329][INFO ][o.o.o.i.ObservabilityIndex] [wazuh.indexer] observability:Index .opensearch-observability creation Acknowledged
[2024-03-13T15:08:44,330][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:createMappingTemplate ss4o_metrics_template API called
[2024-03-13T15:08:44,331][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opensearch-sap-log-types-config][0]]]).
[2024-03-13T15:08:44,377][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,379][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-03-13T15:08:44,382][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-03-13T15:08:44,444][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-aylq62mbr2qr6s6l0kpkdw/el2xRsYRQzS7CI7kcTF4gw]
[2024-03-13T15:08:44,503][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [ss4o_metrics_template] for index patterns [ss4o_metrics-*-*]
[2024-03-13T15:08:44,519][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs
[2024-03-13T15:08:44,558][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,574][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:Mapping Template ss4o_metrics_template creation Acknowledged
[2024-03-13T15:08:44,578][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-03-13T15:08:44,583][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:createMappingTemplate ss4o_traces_template API called
[2024-03-13T15:08:44,586][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-03-13T15:08:44,607][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-rxdmvtfvrfea6p6b0qem1a/-lioAOQmSjieUbxn1jcHrA]
[2024-03-13T15:08:44,608][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-03-13T15:08:44,608][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs from logTypes: 23
[2024-03-13T15:08:44,620][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [ss4o_traces_template] for index patterns [ss4o_traces-*-*]
[2024-03-13T15:08:44,633][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs
[2024-03-13T15:08:44,627][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [418] fieldMappingDocs
[2024-03-13T15:08:44,745][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,748][INFO ][o.o.o.i.ObservabilityIntegrationsIndex] [wazuh.indexer] observability:Mapping Template ss4o_traces_template creation Acknowledged
[2024-03-13T15:08:44,750][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:44,754][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1]
[2024-03-13T15:08:44,765][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opendistro_security]
[2024-03-13T15:08:44,816][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:44,830][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,836][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:44,844][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ] update_mapping [_doc]
[2024-03-13T15:08:44,926][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:44,955][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:45,019][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]).
[2024-03-13T15:08:45,068][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:45,077][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security created?: true
[2024-03-13T15:08:45,077][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-03-13T15:08:45,078][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:45,091][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/opensearch-security/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:45,095][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ] update_mapping [_doc]
[2024-03-13T15:08:45,167][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:45,170][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:45,174][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] create_mapping
[2024-03-13T15:08:45,176][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/mOHtYkA9RJSHWxDKOKqZeQ]
[2024-03-13T15:08:45,233][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:45,500][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'config' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:45,500][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:45,526][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:45,530][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:45,568][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:45,689][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'roles' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:45,689][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:45,749][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:45,758][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:45,865][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:45,946][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'rolesmapping' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:45,948][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:45,965][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:45,974][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:46,043][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:46,242][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'internalusers' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:46,243][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:46,252][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:46,270][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:46,306][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-03-13T15:08:46,328][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:46,360][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-03-13T15:08:46,385][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'actiongroups' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:46,386][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:46,401][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-03-13T15:08:46,401][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:46,422][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:46,429][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-03-13T15:08:46,453][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-03-13T15:08:46,481][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [418] field mapping docs successfully!
[2024-03-13T15:08:46,495][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:46,540][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [22] customLogTypes
[2024-03-13T15:08:46,572][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'tenants' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:46,581][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-03-13T15:08:46,588][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:46,596][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:46,599][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [418] field mapping docs successfully!
[2024-03-13T15:08:46,635][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [22] customLogTypes
[2024-03-13T15:08:46,687][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [418] field mapping docs successfully!
[2024-03-13T15:08:46,805][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:46,881][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'nodesdn' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:46,881][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-03-13T15:08:46,898][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:46,901][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [22] customLogType docs successfully!
[2024-03-13T15:08:46,912][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:46,913][INFO ][o.o.s.SecurityAnalyticsPlugin] [wazuh.indexer] LogType config index successfully created and builtin log types loaded
[2024-03-13T15:08:46,915][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loaded [22] customLogType docs successfully!
[2024-03-13T15:08:47,004][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] No Old Finding Indices to delete
[2024-03-13T15:08:47,022][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] No Old Alert Indices to delete
[2024-03-13T15:08:47,144][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:47,181][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'whitelist' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:47,181][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-03-13T15:08:47,190][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:47,196][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:47,222][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:47,237][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'allowlist' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:47,238][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-03-13T15:08:47,302][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/9lwVTITHQUOJIxCmiRp4cA]
[2024-03-13T15:08:47,310][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/9lwVTITHQUOJIxCmiRp4cA] update_mapping [_doc]
[2024-03-13T15:08:47,358][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:47,403][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'audit' and version 2 is updated in .opendistro_security index.
[2024-03-13T15:08:47,578][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-03-13T15:08:47,580][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-03-13T15:08:47,581][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-03-13T15:08:47,581][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-03-13T15:08:47,582][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-03-13T15:08:47,582][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-03-13T15:08:47,582][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
[2024-03-13T15:08:47,582][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-03-13T15:08:47,583][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-03-13T15:08:47,583][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-03-13T15:08:47,583][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-03-13T15:08:47,584][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-03-13T15:08:47,585][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-03-13T15:08:47,585][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-03-13T15:08:47,586][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-03-13T15:08:47,586][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-03-13T15:08:47,586][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-03-13T15:08:47,587][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-03-13T15:08:47,592][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-03-13T15:08:47,593][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-03-13T15:08:47,594][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-03-13T15:08:47,594][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-03-13T15:08:47,595][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-03-13T15:08:47,595][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-03-13T15:08:48,361][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/IVupt5W2QWeGk_BMA7YRDA]
[2024-03-13T15:08:48,397][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1]
[2024-03-13T15:08:48,399][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_1]
[2024-03-13T15:08:48,452][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/IVupt5W2QWeGk_BMA7YRDA]
[2024-03-13T15:08:48,480][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:48,530][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-03-13T15:08:48,561][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:48,633][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:48,896][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[mwaihUbISSaVQe7DoI-1fw/nHKj49-YRd6jrco5UUzn1g]
[2024-03-13T15:08:48,931][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-agent] for index patterns [wazuh-monitoring-*]
[2024-03-13T15:08:48,994][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:49,001][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[Ea0UWxRkSj6qpvwul3eQ3g/ul1EafAESfmuHyjyCwU_ig]
[2024-03-13T15:08:49,011][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-statistics] for index patterns [wazuh-statistics-*]
[2024-03-13T15:08:49,045][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,613][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[validate-template-0uc8a_zvsxc90sacieepkg/5bn-pQSxR9WGYB06uw5-rg]
[2024-03-13T15:08:50,623][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding index template [wazuh-states-vulnerabilities_template] for index patterns [wazuh-states-vulnerabilities]
[2024-03-13T15:08:50,661][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,674][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/DzHFfhLEQp-NP0sZRvl67Q]
[2024-03-13T15:08:50,683][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-states-vulnerabilities] creating index, cause [api], templates [wazuh-states-vulnerabilities_template], shards [1]/[0]
[2024-03-13T15:08:50,727][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-states-vulnerabilities/DzHFfhLEQp-NP0sZRvl67Q]
[2024-03-13T15:08:50,740][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,744][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.11w/KegX9UQ3Q3GksEvvcCASnA]
[2024-03-13T15:08:50,757][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-monitoring-2024.11w] creating index, cause [api], templates [wazuh-agent], shards [1]/[0]
[2024-03-13T15:08:50,796][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.11w/KegX9UQ3Q3GksEvvcCASnA]
[2024-03-13T15:08:50,848][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,912][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,918][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-monitoring-2024.11w][0]]]).
[2024-03-13T15:08:50,946][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:50,957][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.11w]
[2024-03-13T15:08:53,570][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/zJCN_E9cQNmDguZo5tuA0A]
[2024-03-13T15:08:53,579][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.plugins-ml-config] creating index, cause [api], templates [], shards [1]/[1]
[2024-03-13T15:08:53,581][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.plugins-ml-config]
[2024-03-13T15:08:53,619][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/zJCN_E9cQNmDguZo5tuA0A]
[2024-03-13T15:08:53,636][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:53,681][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-config][0]]]).
[2024-03-13T15:08:53,714][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:53,715][INFO ][o.o.m.i.MLIndicesHandler ] [wazuh.indexer] create index:.plugins-ml-config
[2024-03-13T15:08:53,749][INFO ][o.o.m.c.MLSyncUpCron     ] [wazuh.indexer] ML configuration initialized successfully
[2024-03-13T15:08:54,593][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[Xf54ICMRRaSPtyy7vfFl6A/vY2hwpgjSc-CT59R7_PFGA]
[2024-03-13T15:08:54,632][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-03-13T15:08:54,686][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:54,801][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:54,844][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.03.13/DtoD90w4RWOFezXcqGAQzA]
[2024-03-13T15:08:54,863][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-alerts-4.x-2024.03.13] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2024-03-13T15:08:54,927][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.03.13/DtoD90w4RWOFezXcqGAQzA]
[2024-03-13T15:08:54,973][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:55,042][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:08:55,044][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x-2024.03.13][2], [wazuh-alerts-4.x-2024.03.13][1]]]).
[2024-03-13T15:08:55,075][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-03-13T15:09:43,547][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-03-13T15:09:43,549][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
[2024-03-13T15:09:43,550][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing ISM template migration.
[2024-03-13T15:09:43,551][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Doing ISM template migration 1 time.
[2024-03-13T15:09:43,551][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Use 2024-03-13T14:08:43.545Z as migrating ISM template last_updated_time
[2024-03-13T15:09:43,558][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_swaqxbx-qog0a1pvnbustq/XkQEjH_XR4eeqT8dViauFQ]
[2024-03-13T15:09:43,565][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_swaqxbx-qog0a1pvnbustq/XkQEjH_XR4eeqT8dViauFQ]
[2024-03-13T15:09:43,585][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_tcnzvfb2t0e0vokrfmvj3w/QcGNPNolRkK-wbs6nx6kGA]
[2024-03-13T15:09:43,592][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_tcnzvfb2t0e0vokrfmvj3w/QcGNPNolRkK-wbs6nx6kGA]
[2024-03-13T15:09:43,601][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_-0s2rt9mq8iqe1yge2crnq/ZDGNDbSDSOic7HuH2Kv35A]
[2024-03-13T15:09:43,607][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[simulate_template_index_-0s2rt9mq8iqe1yge2crnq/ZDGNDbSDSOic7HuH2Kv35A]
[2024-03-13T15:09:43,615][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] ISM templates: {=[ISMTemplate(indexPatterns=[ss4o_metrics-*-*], priority=1, lastUpdatedTime=2024-03-13T14:08:43.545Z), ISMTemplate(indexPatterns=[ss4o_traces-*-*], priority=1, lastUpdatedTime=2024-03-13T14:08:43.545Z), ISMTemplate(indexPatterns=[wazuh-states-vulnerabilities], priority=1, lastUpdatedTime=2024-03-13T14:08:43.545Z)]}
[2024-03-13T15:09:43,618][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Policies to update: []
[2024-03-13T15:09:43,632][INFO ][o.o.i.i.m.ISMTemplateService] [wazuh.indexer] Failure experienced when migrating ISM Template and update ISM policies: {}
[2024-03-13T15:09:43,679][INFO ][o.o.c.s.ClusterSettings  ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-03-13T15:09:43,681][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for de

Screenshots: