search

wazuh / wazuh-docker

Wazuh - Docker containers
https://wazuh.com
Other
709 stars 400 forks source link

Operation not permitted in NodeJS binaries #1618

Closed asteriscos closed 6 hours ago

asteriscos commented 2 days ago

Description

In a Kubernetes deployment with the setting allowPrivilegeEscalation: false the node binary file throws an Operation not permitted error.

Configuration:

securityContext:
  allowPrivilegeEscalation: false

We were able to identify that the node binary throws the error because in the package construction process we run the setcap command to it and, since Wazuh 4.9.0, the image building process uses the RPM instead of the tag.gz.

$ getcap ./node/bin/node 
./node/bin/node cap_net_bind_service=ep
$ ./node/bin/node -v
bash: ./node/bin/node: Operation not permitted
$ cp ./node/bin/node node
$ ./node -v
bash: ./node: Is a directory
$ cp ./node/bin/node node2
$ ./node2 -v
v18.19.0

In Wazuh v4.8.2 none of the node binaries have setcap:

$ getcap ./node/bin/node 
$ getcap ./node/fallback/bin/node
vcerenu commented 2 days ago

Update

Added two commands that modified the setcap added to node binaries within the Wazuh dashboard Dockerfile

RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node

This change was tested in 4.9.2, which is where the error is currently being generated:

Test

Update from v4.8.2 to v4.9.2 without setcap

Deploy 4.8.2 and stop the stack

$ git checkout v4.8.2
Note: switching to 'v4.8.2'.
HEAD is now at 15a856d Merge pull request #1489 from wazuh/enhancement/1485-revert-image-tag
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
The tool to create the certificates exists in the in Packages bucket
11/11/2024 18:05:49 INFO: Generating the root certificate.
11/11/2024 18:05:49 INFO: Generating Admin certificates.
11/11/2024 18:05:50 INFO: Admin certificates created.
11/11/2024 18:05:50 INFO: Generating Wazuh indexer certificates.
11/11/2024 18:05:50 INFO: Wazuh indexer certificates created.
11/11/2024 18:05:50 INFO: Generating Filebeat certificates.
11/11/2024 18:05:50 INFO: Wazuh Filebeat certificates created.
11/11/2024 18:05:50 INFO: Generating Wazuh dashboard certificates.
11/11/2024 18:05:50 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
[+] Running 17/17
 ✔ Volume "single-node_filebeat_etc"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_active_response"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_agentless"          Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-indexer-data"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_var_multigroups"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-dashboard-custom"   Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_api_configuration"  Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_integrations"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_logs"               Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_wodles"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_var"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_etc"                Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_queue"              Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-dashboard-config"   Created                                                                                                                           0.0s 
 ✔ Container single-node-wazuh.indexer-1         Started                                                                                                                           1.6s 
 ✔ Container single-node-wazuh.manager-1         Started                                                                                                                           1.8s 
 ✔ Container single-node-wazuh.dashboard-1       Started                                                                                                                           2.8s 
$ docker logs single-node-wazuh.dashboard-1 -f
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-11-11T18:06:18Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-11-11T18:06:18Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:06:18Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:06:18Z","tags":["warning","config","deprecation"],"pid":54,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
{"type":"log","@timestamp":"2024-11-11T18:06:18Z","tags":["info","plugins-system"],"pid":54,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,expressions,data,home,apmOss,savedObjects,reportsDashboards,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,embeddable,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,visBuilder,visTypeMarkdown,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,dataExplorer,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh]"}
{"type":"log","@timestamp":"2024-11-11T18:06:19Z","tags":["info","savedobjects-service"],"pid":54,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-11-11T18:06:19Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:19Z","tags":["error","savedobjects-service"],"pid":54,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-11-11T18:06:22Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:24Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:27Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:29Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:32Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:06:34Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-11T18:06:37Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-11T18:06:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-11-11T18:06:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Creating index .kibana_1."}
{"type":"log","@timestamp":"2024-11-11T18:06:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Pointing alias .kibana to .kibana_1."}
{"type":"log","@timestamp":"2024-11-11T18:06:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Finished in 644ms."}
{"type":"log","@timestamp":"2024-11-11T18:06:40Z","tags":["info","plugins-system"],"pid":54,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,expressions,data,home,apmOss,savedObjects,reportsDashboards,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,embeddable,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,visBuilder,visTypeMarkdown,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,dataExplorer,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh]"}
{"type":"log","@timestamp":"2024-11-11T18:06:41Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-11T18:06:42Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-11T18:06:42Z","tags":["listening","info"],"pid":54,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-11T18:06:43Z","tags":["info","http","server","OpenSearchDashboards"],"pid":54,"message":"http server running at https://0.0.0.0:5601"}
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
e827db91fa06   wazuh/wazuh-dashboard:4.8.2   "/entrypoint.sh"         54 seconds ago   Up 51 seconds   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
130a58fe7d8e   wazuh/wazuh-indexer:4.8.2     "/entrypoint.sh open…"   54 seconds ago   Up 53 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
2acd58f1e62a   wazuh/wazuh-manager:4.8.2     "/init"                  54 seconds ago   Up 53 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
$ docker-compose down
[+] Running 4/4
 ✔ Container single-node-wazuh.dashboard-1  Removed                                                                                                                               14.2s 
 ✔ Container single-node-wazuh.indexer-1    Removed                                                                                                                                1.3s 
 ✔ Container single-node-wazuh.manager-1    Removed                                                                                                                                4.8s 
 ✔ Network single-node_default              Removed

Deploy v4.9.2 with fix applied

$ git checkout v4.9.2
Note: switching to 'v4.9.2'.
HEAD is now at 574c7b0 Merge pull request #1599 from wazuh/enhancement/1596-revert-images-tag
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
The tool to create the certificates exists in the in Packages bucket
11/11/2024 18:07:53 INFO: Generating the root certificate.
11/11/2024 18:07:53 INFO: Generating Admin certificates.
11/11/2024 18:07:54 INFO: Admin certificates created.
11/11/2024 18:07:54 INFO: Generating Wazuh indexer certificates.
11/11/2024 18:07:54 INFO: Wazuh indexer certificates created.
11/11/2024 18:07:54 INFO: Generating Filebeat certificates.
11/11/2024 18:07:54 INFO: Wazuh Filebeat certificates created.
11/11/2024 18:07:54 INFO: Generating Wazuh dashboard certificates.
11/11/2024 18:07:54 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
[+] Running 3/3
 ✔ Container single-node-wazuh.indexer-1    Started                                                                                                                                1.1s 
 ✔ Container single-node-wazuh.manager-1    Started                                                                                                                                1.4s 
 ✔ Container single-node-wazuh.dashboard-1  Started                                                                                                                                2.1s 
$ docker logs single-node-wazuh.dashboard-1 -f
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"applicationConfig\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"cspHandler\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-11-11T18:08:20Z","tags":["warning","config","deprecation"],"pid":54,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-11-11T18:08:21Z","tags":["info","plugins-system"],"pid":54,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,reportsDashboards,dataExplorer,savedObjects,home,dashboard,visualizations,visAugmenter,alertingDashboards,visTypeVega,visTypeTimeline,visTypeMarkdown,visTypeTable,visBuilder,regionMap,customImportMapDashboards,tileMap,inputControlVis,ganttChartDashboards,visualize,apmOss,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,charts,visTypeMetric,visTypeVislib,visTypeTimeseries,visTypeTagcloud,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-11-11T18:08:21Z","tags":["info","savedobjects-service"],"pid":54,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-11-11T18:08:21Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:21Z","tags":["error","savedobjects-service"],"pid":54,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-11-11T18:08:24Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:26Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:29Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:31Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:34Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:36Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:39Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.3:9200"}
{"type":"log","@timestamp":"2024-11-11T18:08:41Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-11T18:08:44Z","tags":["info","savedobjects-service"],"pid":54,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["info","savedobjects-service"],"pid":54,"message":"Detected mapping change in \"properties.homepage\""}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["info","savedobjects-service"],"pid":54,"message":"Creating index .kibana_2."}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["info","savedobjects-service"],"pid":54,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["info","savedobjects-service"],"pid":54,"message":"Pointing alias .kibana to .kibana_2."}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["info","savedobjects-service"],"pid":54,"message":"Finished in 846ms."}
{"type":"log","@timestamp":"2024-11-11T18:08:45Z","tags":["warning","cross-compatibility-service"],"pid":54,"message":"Starting cross compatibility service"}
{"type":"log","@timestamp":"2024-11-11T18:08:46Z","tags":["info","plugins-system"],"pid":54,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,reportsDashboards,dataExplorer,savedObjects,home,dashboard,visualizations,visAugmenter,alertingDashboards,visTypeVega,visTypeTimeline,visTypeMarkdown,visTypeTable,visBuilder,regionMap,customImportMapDashboards,tileMap,inputControlVis,ganttChartDashboards,visualize,apmOss,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,charts,visTypeMetric,visTypeVislib,visTypeTimeseries,visTypeTagcloud,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-11-11T18:08:47Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"dashboard index: .kibana"}
{"type":"log","@timestamp":"2024-11-11T18:08:47Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"App revision: 01"}
{"type":"log","@timestamp":"2024-11-11T18:08:47Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"Total RAM: 9946MB"}
{"type":"log","@timestamp":"2024-11-11T18:08:48Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":54,"message":"Updated the wazuh-statistics template"}
{"type":"log","@timestamp":"2024-11-11T18:08:48Z","tags":["listening","info"],"pid":54,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-11T18:08:48Z","tags":["info","http","server","OpenSearchDashboards"],"pid":54,"message":"http server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-11T18:08:48Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Updated the wazuh-agent template"}
{"type":"log","@timestamp":"2024-11-11T18:08:48Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Settings added to wazuh-monitoring-2024.46w index"}
^Ccontext canceled
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED              STATUS              PORTS                                                                                                                                                           NAMES
67c1b4fb2aef   wazuh/wazuh-dashboard:4.9.2   "/entrypoint.sh"         About a minute ago   Up About a minute   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
a808e54d5bb7   wazuh/wazuh-manager:4.9.2     "/init"                  About a minute ago   Up About a minute   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
8a9aff4c711d   wazuh/wazuh-indexer:4.9.2     "/entrypoint.sh open…"   About a minute ago   Up About a minute   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
vcerenu commented 1 day ago

Test

Upgrade from v4.8.2 with allowPrivilegeEscalation: false to v4.9.2 modified with allowPrivilegeEscalation: false in EKS:

$ wazuh/certs/indexer_cluster/generate_certs.sh 
Root CA
Admin cert
create: admin-key-temp.pem
create: admin-key.pem
create: admin.csr
Ignoring -days without -x509; not generating a certificate
create: admin.pem
Certificate request self-signature ok
subject=C = US, L = California, O = Company, CN = admin
* Node cert
create: node-key-temp.pem
create: node-key.pem
create: node.csr
Ignoring -days without -x509; not generating a certificate
create: node.pem
Certificate request self-signature ok
subject=C = US, L = California, O = Company, CN = indexer
* dashboard cert
create: dashboard-key-temp.pem
create: dashboard-key.pem
create: dashboard.csr
Ignoring -days without -x509; not generating a certificate
create: dashboard.pem
Certificate request self-signature ok
subject=C = US, L = California, O = Company, CN = dashboard
* Filebeat cert
create: filebeat-key-temp.pem
create: filebeat-key.pem
create: filebeat.csr
Ignoring -days without -x509; not generating a certificate
create: filebeat.pem
Certificate request self-signature ok
subject=C = US, L = California, O = Company, CN = filebeat
$ wazuh/certs/dashboard_http/generate_certs.sh 
..+.....+............+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.....+.+.....+.........+.+...+..+.......+.....+.+......+..............+..........+.....+......+.........+....+...+.....+.......+...+...............+..............+.........+.......+..+.+......+...+...+..+......+.......+..+...+....+...+..+..........+.....+....+..+.......+...+...+...........+......+...+.+........+...+..........+..............+.........+.......+........+....+...+........+....+..+...+.......+..................+...+..+......+.+...............+.....+....+...........+.+.........+.........+.....+......+.+...+..+.............+..+....+......+............+..+.+..+.+..............+.+.....+.+..................+........+...+....+..+...+...+....+...............+......+.....+...+.+.........+......+.....+........................+.+.........+.....+.........+............+...+.+..+...............+.........+...+.+......+.....+....+.........+..+......+...+.+...+...+.....+............+...............+......................+...+..+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+.+..+....+...+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+.......+...........+......+...+.+..+.......+.....+...+.......+.....+...+...+.+........+.......+........+...+...+....+..+..........+..............+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
$ kubectl apply -k envs/eks/
namespace/wazuh created
storageclass.storage.k8s.io/wazuh-storage created
configmap/dashboard-conf-46kfc92gfm created
configmap/indexer-conf-t8tdh7thct created
configmap/wazuh-conf-54bf8bh7fk created
secret/dashboard-certs-fttc6gt72k created
secret/dashboard-cred created
secret/indexer-certs-7kk759m6b4 created
secret/indexer-cred created
secret/wazuh-api-cred created
secret/wazuh-authd-pass created
secret/wazuh-cluster-key created
service/dashboard created
service/indexer created
service/wazuh created
service/wazuh-cluster created
service/wazuh-indexer created
service/wazuh-workers created
deployment.apps/wazuh-dashboard created
statefulset.apps/wazuh-indexer created
statefulset.apps/wazuh-manager-master created
Warning: spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector: a null labelSelector results in matching no pod
statefulset.apps/wazuh-manager-worker created
$ kubectl get all -n wazuh -o wide
NAME                                   READY   STATUS            RESTARTS   AGE     IP               NODE                                           NOMINATED NODE   READINESS GATES
pod/wazuh-dashboard-648fbc4d5d-v2b72   1/1     Running           0          2m30s   192.168.7.128    ip-192-168-23-178.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-0                    1/1     Running           0          2m29s   192.168.32.141   ip-192-168-53-231.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-1                    1/1     Running           0          97s     192.168.20.203   ip-192-168-23-178.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-2                    0/1     PodInitializing   0          40s     192.168.35.237   ip-192-168-36-28.us-west-1.compute.internal    <none>           <none>
pod/wazuh-manager-master-0             1/1     Running           0          2m29s   192.168.10.164   ip-192-168-29-21.us-west-1.compute.internal    <none>           <none>
pod/wazuh-manager-worker-0             1/1     Running           0          2m28s   192.168.37.90    ip-192-168-47-157.us-west-1.compute.internal   <none>           <none>
pod/wazuh-manager-worker-1             1/1     Running           0          2m28s   192.168.30.144   ip-192-168-20-178.us-west-1.compute.internal   <none>           <none>

NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP                                                                        PORT(S)                          AGE     SELECTOR
service/dashboard       LoadBalancer   10.100.193.9     a36fb5012b38a48c7b6700413099f83e-2049043123.us-west-1.elb.amazonaws.com            443:32087/TCP                    2m35s   app=wazuh-dashboard
service/indexer         LoadBalancer   10.100.175.208   af975bf8e269c4d658e61aa779dc863a-252034738.us-west-1.elb.amazonaws.com             9200:31386/TCP                   2m35s   app=wazuh-indexer
service/wazuh           LoadBalancer   10.100.64.162    a4425ba51d5464434acc878490671f8e-1187177975.us-west-1.elb.amazonaws.com            1515:30946/TCP,55000:30146/TCP   2m34s   app=wazuh-manager,node-type=master
service/wazuh-cluster   ClusterIP      None             <none>                                                                             1516/TCP                         2m33s   app=wazuh-manager
service/wazuh-indexer   ClusterIP      None             <none>                                                                             9300/TCP                         2m32s   app=wazuh-indexer
service/wazuh-workers   LoadBalancer   10.100.240.98    internal-a97f85c86927c48d48453a3539517df8-1868169495.us-west-1.elb.amazonaws.com   1514:30406/TCP                   2m32s   app=wazuh-manager,node-type=worker

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS        IMAGES                        SELECTOR
deployment.apps/wazuh-dashboard   1/1     1            1           2m31s   wazuh-dashboard   wazuh/wazuh-dashboard:4.8.2   app=wazuh-dashboard

NAME                                         DESIRED   CURRENT   READY   AGE     CONTAINERS        IMAGES                        SELECTOR
replicaset.apps/wazuh-dashboard-648fbc4d5d   1         1         1       2m31s   wazuh-dashboard   wazuh/wazuh-dashboard:4.8.2   app=wazuh-dashboard,pod-template-hash=648fbc4d5d

NAME                                    READY   AGE     CONTAINERS      IMAGES
statefulset.apps/wazuh-indexer          2/3     2m31s   wazuh-indexer   wazuh/wazuh-indexer:4.8.2
statefulset.apps/wazuh-manager-master   1/1     2m31s   wazuh-manager   wazuh/wazuh-manager:4.8.2
statefulset.apps/wazuh-manager-worker   2/2     2m30s   wazuh-manager   wazuh/wazuh-manager:4.8.2
$ kubectl logs pod/wazuh-dashboard-648fbc4d5d-v2b72 -n wazuh
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
{"type":"log","@timestamp":"2024-11-12T14:58:46Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-11-12T14:58:46Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T14:58:46Z","tags":["info","plugins-service"],"pid":55,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T14:58:46Z","tags":["warning","config","deprecation"],"pid":55,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
{"type":"log","@timestamp":"2024-11-12T14:58:47Z","tags":["info","plugins-system"],"pid":55,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-11-12T14:58:50Z","tags":["info","savedobjects-service"],"pid":55,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-11-12T14:58:50Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:58:50Z","tags":["error","savedobjects-service"],"pid":55,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-11-12T14:58:52Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:58:55Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:58:57Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:00Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:02Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:05Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:07Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:10Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:12Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:15Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:17Z","tags":["error","opensearch","data"],"pid":55,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T14:59:21Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:22Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:25Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:27Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:31Z","tags":["info","savedobjects-service"],"pid":55,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-11-12T14:59:31Z","tags":["info","savedobjects-service"],"pid":55,"message":"Creating index .kibana_1."}
{"type":"log","@timestamp":"2024-11-12T14:59:32Z","tags":["info","savedobjects-service"],"pid":55,"message":"Pointing alias .kibana to .kibana_1."}
{"type":"log","@timestamp":"2024-11-12T14:59:32Z","tags":["info","savedobjects-service"],"pid":55,"message":"Finished in 681ms."}
{"type":"log","@timestamp":"2024-11-12T14:59:32Z","tags":["info","plugins-system"],"pid":55,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-11-12T14:59:34Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:34Z","tags":["error","opensearch","data"],"pid":55,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T14:59:36Z","tags":["listening","info"],"pid":55,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-12T14:59:37Z","tags":["info","http","server","OpenSearchDashboards"],"pid":55,"message":"http server running at https://0.0.0.0:5601"}
$ kubectl apply -k envs/eks/
namespace/wazuh unchanged
storageclass.storage.k8s.io/wazuh-storage unchanged
configmap/dashboard-conf-46kfc92gfm unchanged
configmap/indexer-conf-t8tdh7thct unchanged
configmap/wazuh-conf-54bf8bh7fk unchanged
secret/dashboard-certs-fttc6gt72k configured
secret/dashboard-cred unchanged
secret/indexer-certs-7kk759m6b4 configured
secret/indexer-cred unchanged
secret/wazuh-api-cred unchanged
secret/wazuh-authd-pass unchanged
secret/wazuh-cluster-key unchanged
service/dashboard unchanged
service/indexer unchanged
service/wazuh unchanged
service/wazuh-cluster unchanged
service/wazuh-indexer unchanged
service/wazuh-workers unchanged
deployment.apps/wazuh-dashboard configured
statefulset.apps/wazuh-indexer configured
statefulset.apps/wazuh-manager-master configured
Warning: spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector: a null labelSelector results in matching no pod
statefulset.apps/wazuh-manager-worker configured
$ kubectl get all -n wazuh -o wide
NAME                                   READY   STATUS    RESTARTS   AGE     IP               NODE                                           NOMINATED NODE   READINESS GATES
pod/wazuh-dashboard-5b48fc7fdd-z6j59   1/1     Running   0          2m23s   192.168.60.105   ip-192-168-53-231.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-0                    1/1     Running   0          114s    192.168.63.108   ip-192-168-53-231.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-1                    1/1     Running   0          2m7s    192.168.21.142   ip-192-168-23-178.us-west-1.compute.internal   <none>           <none>
pod/wazuh-indexer-2                    1/1     Running   0          2m21s   192.168.45.30    ip-192-168-36-28.us-west-1.compute.internal    <none>           <none>
pod/wazuh-manager-master-0             1/1     Running   0          2m17s   192.168.5.140    ip-192-168-29-21.us-west-1.compute.internal    <none>           <none>
pod/wazuh-manager-worker-0             1/1     Running   0          2m10s   192.168.57.175   ip-192-168-47-157.us-west-1.compute.internal   <none>           <none>
pod/wazuh-manager-worker-1             1/1     Running   0          2m16s   192.168.9.250    ip-192-168-20-178.us-west-1.compute.internal   <none>           <none>

NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP                                                                        PORT(S)                          AGE     SELECTOR
service/dashboard       LoadBalancer   10.100.193.9     a36fb5012b38a48c7b6700413099f83e-2049043123.us-west-1.elb.amazonaws.com            443:32087/TCP                    6m34s   app=wazuh-dashboard
service/indexer         LoadBalancer   10.100.175.208   af975bf8e269c4d658e61aa779dc863a-252034738.us-west-1.elb.amazonaws.com             9200:31386/TCP                   6m34s   app=wazuh-indexer
service/wazuh           LoadBalancer   10.100.64.162    a4425ba51d5464434acc878490671f8e-1187177975.us-west-1.elb.amazonaws.com            1515:30946/TCP,55000:30146/TCP   6m33s   app=wazuh-manager,node-type=master
service/wazuh-cluster   ClusterIP      None             <none>                                                                             1516/TCP                         6m32s   app=wazuh-manager
service/wazuh-indexer   ClusterIP      None             <none>                                                                             9300/TCP                         6m31s   app=wazuh-indexer
service/wazuh-workers   LoadBalancer   10.100.240.98    internal-a97f85c86927c48d48453a3539517df8-1868169495.us-west-1.elb.amazonaws.com   1514:30406/TCP                   6m31s   app=wazuh-manager,node-type=worker

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS        IMAGES                         SELECTOR
deployment.apps/wazuh-dashboard   1/1     1            1           6m31s   wazuh-dashboard   merecu/wazuh-dashboard:4.9.2   app=wazuh-dashboard

NAME                                         DESIRED   CURRENT   READY   AGE     CONTAINERS        IMAGES                         SELECTOR
replicaset.apps/wazuh-dashboard-5b48fc7fdd   1         1         1       2m24s   wazuh-dashboard   merecu/wazuh-dashboard:4.9.2   app=wazuh-dashboard,pod-template-hash=5b48fc7fdd
replicaset.apps/wazuh-dashboard-648fbc4d5d   0         0         0       6m31s   wazuh-dashboard   wazuh/wazuh-dashboard:4.8.2    app=wazuh-dashboard,pod-template-hash=648fbc4d5d

NAME                                    READY   AGE     CONTAINERS      IMAGES
statefulset.apps/wazuh-indexer          3/3     6m30s   wazuh-indexer   wazuh/wazuh-indexer:4.9.2
statefulset.apps/wazuh-manager-master   1/1     6m30s   wazuh-manager   wazuh/wazuh-manager:4.9.2
statefulset.apps/wazuh-manager-worker   2/2     6m29s   wazuh-manager   wazuh/wazuh-manager:4.9.2
$ kubectl logs pod/wazuh-dashboard-5b48fc7fdd-z6j59 -n wazuh
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"applicationConfig\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"cspHandler\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-11-12T15:03:09Z","tags":["warning","config","deprecation"],"pid":54,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-11-12T15:03:10Z","tags":["info","plugins-system"],"pid":54,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-11-12T15:03:13Z","tags":["info","savedobjects-service"],"pid":54,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-11-12T15:03:13Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:13Z","tags":["error","savedobjects-service"],"pid":54,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-11-12T15:03:15Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:18Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:20Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:23Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:25Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 10.100.175.208:9200"}
{"type":"log","@timestamp":"2024-11-12T15:03:28Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T15:03:31Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T15:03:33Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T15:03:35Z","tags":["error","opensearch","data"],"pid":54,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-11-12T15:03:39Z","tags":["info","savedobjects-service"],"pid":54,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-11-12T15:03:39Z","tags":["info","savedobjects-service"],"pid":54,"message":"Detected mapping change in \"properties.homepage\""}
{"type":"log","@timestamp":"2024-11-12T15:03:39Z","tags":["info","savedobjects-service"],"pid":54,"message":"Creating index .kibana_2."}
{"type":"log","@timestamp":"2024-11-12T15:03:39Z","tags":["info","savedobjects-service"],"pid":54,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
{"type":"log","@timestamp":"2024-11-12T15:03:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Pointing alias .kibana to .kibana_2."}
{"type":"log","@timestamp":"2024-11-12T15:03:40Z","tags":["info","savedobjects-service"],"pid":54,"message":"Finished in 834ms."}
{"type":"log","@timestamp":"2024-11-12T15:03:40Z","tags":["warning","cross-compatibility-service"],"pid":54,"message":"Starting cross compatibility service"}
{"type":"log","@timestamp":"2024-11-12T15:03:40Z","tags":["info","plugins-system"],"pid":54,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-11-12T15:03:42Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"dashboard index: .kibana"}
{"type":"log","@timestamp":"2024-11-12T15:03:42Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"App revision: 01"}
{"type":"log","@timestamp":"2024-11-12T15:03:42Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"Total RAM: 3863MB"}
{"type":"log","@timestamp":"2024-11-12T15:03:43Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Updated the wazuh-agent template"}
{"type":"log","@timestamp":"2024-11-12T15:03:43Z","tags":["listening","info"],"pid":54,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-12T15:03:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":54,"message":"http server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-11-12T15:03:45Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":54,"message":"Updated the wazuh-statistics template"}
{"type":"log","@timestamp":"2024-11-12T15:03:45Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Settings added to wazuh-monitoring-2024.46w index"}
$