Open Enaraque opened 2 weeks ago
The upgrade from v4.3.0
to v4.9.0
was tested in wazuh-docker deployment and some modifications were found that need to be made for the stack to run correctly.
1) Modify the Wazuh API user (API_PASSWORD) to wazuh-wui
2) Modify the environment variable "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
since Wazuh v4.8.0 requires more RAM allocated
3) The config
directory in the path /usr/share/wazuh-indexer/
was removed, so if needed, you must modify the paths of the configuration files and keys mounted to the Wazuh indexer container
4) For Wazuh dashboard two volumes are required, which hold the configurations made.
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
Check if these paths are not being persistent in your own configuration, and if not, add these volumes to the Wazuh dashboard container
5) Modify the uiSettings.overrides.defaultRoute: /app/wz-home
parameter within the opensearch_dashboards.yml
file that we mounted in the Wazuh dashboard container
The upgrade tests continued, checking all the errors that were generated, modifying the base tag from v4.3.0
to v4.3.11
, in which many of the corrections that were needed were already solved.
The enhancement/7809-upgrade-steps branch was created in which the changes found that were not within the Docker and Kubernetes upgrade page were added.
Deploy Wazuh 4.3.11
$ git checkout v4.3.11
Previous HEAD position was 73018f8 Merge pull request #627 from wazuh/change-dash-repo
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network single-node_default Created 0.2s
[+] Running 5/5
✔ generator Pulled 16.6s
✔ edaedc954fb5 Pull complete 10.4s
✔ 573f4d11a520 Pull complete 12.8s
✔ 8f200922197d Pull complete 12.9s
✔ 55a86de68c5c Pull complete 13.0s
The tool to create the certificates exists in the in Packages bucket
04/10/2024 16:21:51 INFO: Admin certificates created.
04/10/2024 16:21:51 INFO: Wazuh indexer certificates created.
04/10/2024 16:21:51 INFO: Wazuh server certificates created.
04/10/2024 16:21:51 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 42/42
✔ wazuh.dashboard Pulled 171.8s
✔ ca1778b69356 Pull complete 16.3s
✔ 7896abcd5fb0 Pull complete 21.3s
✔ 18c07c9c69d1 Pull complete 21.6s
✔ a56c8af26d52 Pull complete 21.9s
✔ 6a09ac175392 Pull complete 22.0s
✔ 03d70a4b2468 Pull complete 22.2s
✔ bb414b59b625 Pull complete 22.6s
✔ 1dd7330b6ec9 Pull complete 22.7s
✔ f27ee0d71ab7 Pull complete 22.9s
✔ c80563a2214f Pull complete 163.2s
✔ wazuh.indexer Pulled 125.8s
✔ 1392fb2be657 Pull complete 44.5s
✔ e1f3e19fcb02 Pull complete 45.1s
✔ df5fcdab7c84 Pull complete 45.6s
✔ 0fb1d60aaa35 Pull complete 45.7s
✔ 525dea4e6659 Pull complete 46.0s
✔ 491d59cd55c8 Pull complete 47.3s
✔ eb2326905fd1 Pull complete 47.4s
✔ 91cafdc0894d Pull complete 116.5s
✔ 82e12723e36a Pull complete 116.6s
✔ 5cf18b39cfbd Pull complete 116.8s
✔ c83d9132fb7e Pull complete 116.9s
✔ 5245ef7a70e8 Pull complete 117.1s
✔ wazuh.manager Pulled 120.8s
✔ 3d015cafc3c6 Pull complete 16.4s
✔ 41bffb284616 Pull complete 28.3s
✔ 103d60740ce7 Pull complete 28.6s
✔ c33126c14953 Pull complete 28.7s
✔ ad5faa77b2eb Pull complete 28.9s
✔ c8afd4d58b61 Pull complete 103.6s
✔ 5028fa12c95d Pull complete 107.7s
✔ 34281fed179e Pull complete 108.4s
✔ 4a382317a599 Pull complete 109.5s
✔ ddfdb9940271 Pull complete 110.1s
✔ 0b0c69857eb7 Pull complete 110.7s
✔ 75339528911b Pull complete 111.0s
✔ a66ac95f1d52 Pull complete 111.1s
✔ 53b8835a8fd7 Pull complete 111.3s
✔ 7012ff94f6eb Pull complete 111.4s
✔ 993f763a9cdf Pull complete 111.5s
✔ cc7fd7e6fd94 Pull complete 112.1s
[+] Running 15/15
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh-indexer-data" Created 0.0s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_wazuh_queue" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Container single-node-wazuh.manager-1 Started 3.0s
✔ Container single-node-wazuh.indexer-1 Started 2.9s
✔ Container single-node-wazuh.dashboard-1 Started 2.3s
$
Stack deployed and containers logs:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
062c66833b75 wazuh/wazuh-dashboard:4.3.11 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
3330e1587345 wazuh/wazuh-manager:4.3.11 "/init" About a minute ago Up About a minute 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
1bfc0b5ddfd9 wazuh/wazuh-indexer:4.3.11 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
$ docker logs single-node-wazuh.manager-1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing...
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
Installing /var/ossec/api/configuration
/var/ossec/data_tmp/permanent/var/ossec/etc/
Installing /var/ossec/etc
/var/ossec/data_tmp/permanent/var/ossec/logs/
Installing /var/ossec/logs
/var/ossec/data_tmp/permanent/var/ossec/queue/
Installing /var/ossec/queue
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/wodles/
Installing /var/ossec/wodles
/var/ossec/data_tmp/permanent/etc/filebeat/
Installing /etc/filebeat
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
find: '/proc/336/task/336/fd/6': No such file or directory
find: '/proc/336/task/336/fdinfo/6': No such file or directory
find: '/proc/336/fd/5': No such file or directory
find: '/proc/336/fdinfo/5': No such file or directory
find: '/proc/337/task/337/fd/6': No such file or directory
find: '/proc/337/task/337/fdinfo/6': No such file or directory
find: '/proc/337/fd/5': No such file or directory
find: '/proc/337/fdinfo/5': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing...
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing...
Starting Wazuh v4.3.11...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/10/04 17:11:25 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
starting Filebeat
[services.d] done.
2024/10/04 17:11:31 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:31 sca: INFO: Starting Security Configuration Assessment scan.
2024/10/04 17:11:31 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...
2024/10/04 17:11:31 wazuh-modulesd:database: INFO: Module started.
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Module started.
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/10/04 17:11:31 wazuh-modulesd:control: INFO: Starting control thread.
2024/10/04 17:11:31 wazuh-modulesd:download: INFO: Module started.
2024/10/04 17:11:31 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024-10-04T17:11:34.516Z INFO instance/beat.go:645 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-10-04T17:11:34.522Z INFO instance/beat.go:653 Beat ID: 2ed30e1f-5795-460e-b5de-0e639f165508
2024-10-04T17:11:34.524Z INFO [seccomp] seccomp/seccomp.go:124 Syscall filter successfully installed
2024-10-04T17:11:34.524Z INFO [beat] instance/beat.go:981 Beat info {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "2ed30e1f-5795-460e-b5de-0e639f165508"}}}
2024-10-04T17:11:34.524Z INFO [beat] instance/beat.go:990 Build info {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-10-04T17:11:34.524Z INFO [beat] instance/beat.go:993 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-10-04T17:11:34.525Z INFO [beat] instance/beat.go:997 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-10-03T09:33:58Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.8.0-45-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"20.04.6 LTS (Focal Fossa)","major":20,"minor":4,"patch":6,"codename":"focal"},"timezone":"UTC","timezone_offset_sec":0}}}
2024-10-04T17:11:34.526Z INFO [beat] instance/beat.go:1026 Process info {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 946, "ppid": 941, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-10-04T17:11:33.560Z"}}}
2024-10-04T17:11:34.527Z INFO instance/beat.go:299 Setup Beat: filebeat; Version: 7.10.2
2024-10-04T17:11:34.528Z INFO eslegclient/connection.go:99 elasticsearch url: https://wazuh.indexer:9200
2024-10-04T17:11:34.528Z INFO [publisher] pipeline/module.go:113 Beat name: wazuh.manager
2024-10-04T17:11:34.529Z INFO beater/filebeat.go:117 Enabled modules/filesets: wazuh (alerts), ()
2024-10-04T17:11:34.529Z INFO instance/beat.go:455 filebeat start running.
2024-10-04T17:11:34.537Z INFO memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-10-04T17:11:34.537Z INFO memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
2024-10-04T17:11:34.537Z INFO [registrar] registrar/registrar.go:109 States Loaded from registrar: 0
2024-10-04T17:11:34.538Z INFO [crawler] beater/crawler.go:71 Loading Inputs: 1
2024-10-04T17:11:34.538Z INFO log/input.go:157 Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-10-04T17:11:34.538Z INFO [crawler] beater/crawler.go:141 Starting input (ID: 9132358592892857476)
2024-10-04T17:11:34.538Z INFO [crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 1
2024-10-04T17:11:34.539Z INFO log/harvester.go:302 Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024/10/04 17:11:38 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:38 sca: INFO: Security Configuration Assessment scan finished. Duration: 7 seconds.
2024-10-04T17:11:42.548Z INFO [publisher_pipeline_output] pipeline/output.go:143 Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-10-04T17:11:42.548Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2024-10-04T17:11:42.549Z INFO [publisher] pipeline/retry.go:223 done
2024-10-04T17:11:42.994Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:11:43.002Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:11:43.006Z INFO template/load.go:183 Existing template will be overwritten, as overwrite is enabled.
2024-10-04T17:11:43.009Z INFO template/load.go:117 Try loading template wazuh to Elasticsearch
2024-10-04T17:11:43.176Z INFO template/load.go:109 template with name 'wazuh' loaded.
2024-10-04T17:11:43.178Z INFO [index-management] idxmgmt/std.go:298 Loaded index template.
2024-10-04T17:11:43.473Z INFO fileset/pipelines.go:143 Elasticsearch pipeline with ID 'filebeat-7.10.2-wazuh-alerts-pipeline' loaded
2024-10-04T17:11:43.475Z INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/10/04 17:11:49 rootcheck: INFO: Ending rootcheck scan.
$ docker logs single-node-wazuh.dashboard-1
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-10-04T17:11:20Z","tags":["info","plugins-service"],"pid":39,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:11:20Z","tags":["info","plugins-system"],"pid":39,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["info","savedobjects-service"],"pid":39,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["error","savedobjects-service"],"pid":39,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-10-04T17:11:23Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:26Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:28Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:31Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Creating index .kibana_1."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Pointing alias .kibana to .kibana_1."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Finished in 462ms."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","plugins-system"],"pid":39,"message":"Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["listening","info"],"pid":39,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-10-04T17:11:35Z","tags":["info","http","server","OpenSearchDashboards"],"pid":39,"message":"http server running at https://0.0.0.0:5601"}
{"type":"error","@timestamp":"2024-10-04T17:11:56Z","tags":["connection","client","error"],"pid":39,"level":"error","error":{"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n","name":"Error","stack":"Error: 138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"},"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"}
{"type":"error","@timestamp":"2024-10-04T17:11:56Z","tags":["connection","client","error"],"pid":39,"level":"error","error":{"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n","name":"Error","stack":"Error: 138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"},"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"}
{"type":"response","@timestamp":"2024-10-04T17:11:59Z","tags":[],"pid":39,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":302,"responseTime":1106,"contentLength":9},"message":"GET / 302 1106ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"logo default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"mark default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"loadingLogo default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"favicon config is not found or invalid."}
{"type":"response","@timestamp":"2024-10-04T17:12:00Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/app/wazuh","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":105,"contentLength":9},"message":"GET /app/wazuh 200 105ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":["api"],"pid":39,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","if-none-match":"\"80cd8cd1b1f369f9a90517b764d512f7fd21d7f2-gzip\""},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":127,"contentLength":9},"message":"GET /bootstrap.js 200 127ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":14,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 14ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /translations/en.json 200 4ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/node_modules/@osd/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":45,"contentLength":9},"message":"GET /node_modules/@osd/ui-framework/dist/kui_light.css 200 45ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /ui/legacy_light_theme.css 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/restapiinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":68,"contentLength":9},"message":"GET /api/v1/restapiinfo 200 68ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Regular.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Regular.woff2 200 35ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":27,"contentLength":9},"message":"GET /api/v1/configuration/account 200 27ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"322","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"POST /api/core/capabilities 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /api/v1/configuration/account 200 19ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.31.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.31.js 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/default_branding/opensearch_logo.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /ui/default_branding/opensearch_logo.svg 200 8ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Medium.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Medium.woff2 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.5.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.5.js 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/check-wazuh","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","content-type":"application/json","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /api/check-wazuh 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:04Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.6.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.6.js 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/elastic/security/current-platform","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","content-type":"application/json","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /elastic/security/current-platform 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/plugins/wazuh/assets/images/themes/light/logo.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=4, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /plugins/wazuh/assets/images/themes/light/logo.svg 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":32,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 32ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":83,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 83ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":23,"contentLength":9},"message":"GET /api/setup 200 23ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /utils/configuration 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":103,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 103ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /hosts/apis 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":59,"contentLength":9},"message":"GET /hosts/apis 200 59ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":53,"contentLength":9},"message":"GET /hosts/apis 200 53ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /hosts/apis 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /hosts/apis 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /utils/configuration 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"GET /api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"GET /hosts/apis 200 38ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":152,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 152ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":121,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 121ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /utils/configuration 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":33,"contentLength":9},"message":"GET /hosts/apis 200 33ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /hosts/apis 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":14,"contentLength":9},"message":"GET /hosts/apis 200 14ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-SemiBold.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-SemiBold.woff2 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/roboto_mono/RobotoMono-Regular.ttf","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /ui/fonts/roboto_mono/RobotoMono-Regular.ttf 200 19ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":52,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 404 52ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":62,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-monitoring-*?fields=title&fields=fields 404 62ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/extensions/1513629884013","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /api/extensions/1513629884013 200 9ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":53,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-statistics-*?fields=title&fields=fields 404 53ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"43","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":476,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 476ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/login","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"40","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1926,"contentLength":9},"message":"POST /api/login 200 1926ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:08Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":76,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 76ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:08Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"108","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1449,"contentLength":9},"message":"POST /api/request 200 1449ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:09Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/extensions","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"242","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"POST /api/extensions 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3211,"contentLength":9},"message":"POST /api/check-stored-api 200 3211ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3487,"contentLength":9},"message":"POST /api/check-stored-api 200 3487ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3249,"contentLength":9},"message":"POST /api/check-stored-api 200 3249ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3854,"contentLength":9},"message":"POST /api/check-stored-api 200 3854ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:07Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3033,"contentLength":9},"message":"POST /api/check-stored-api 200 3033ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:09Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"113","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":737,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 737ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":116,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 116ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-statistics-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":87,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-statistics-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 404 87ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-monitoring-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":125,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-monitoring-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 125ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":40,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 40ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":31,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 404 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"73","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1004,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-monitoring-* 200 1004ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"58","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":2474,"contentLength":9},"message":"POST /api/request 200 2474ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 64ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":31,"contentLength":9},"message":"GET /api/setup 200 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"1696","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":666,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-monitoring-* 200 666ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:13Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":39,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 39ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3694,"contentLength":9},"message":"POST /api/check-stored-api 200 3694ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3042,"contentLength":9},"message":"POST /api/check-stored-api 200 3042ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":74,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 74ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":97,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 97ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":55,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 55ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"73","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":926,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-statistics-* 200 926ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"340","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":550,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-alerts-* 200 550ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 64ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":111,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index 200 111ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":139,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index 200 139ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":77,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 77ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":101,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 101ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":51,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":225,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 225ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"66928","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":627,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 627ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"13129","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":566,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-statistics-* 200 566ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Light-BETA.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Light-BETA.woff2 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":54,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 54ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 22ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 22ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":86,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 86ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/elastic/template/wazuh-alerts-*","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":31,"contentLength":9},"message":"GET /elastic/template/wazuh-alerts-* 200 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80946","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1017,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 1017ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"45","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":569,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 569ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"66928","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1199,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 1199ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /utils/configuration 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /hosts/apis 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":68,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 68ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /utils/configuration 200 3ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"79","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":44,"contentLength":9},"message":"POST /api/request 200 44ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.8.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.8.js 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.0.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.0.js 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.4.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.4.js 200 4ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Bold.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Bold.woff2 200 21ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"79","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"POST /api/request 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.7.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.7.js 200 5ms - 9.0B"}
$ docker logs single-node-wazuh.indexer-1
[2024-10-04T17:11:17,905][INFO ][o.o.n.Node ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/6.8.0-45-generic/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2024-10-04T17:11:17,917][INFO ][o.o.n.Node ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
[2024-10-04T17:11:17,919][INFO ][o.o.n.Node ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-14536441334892420722, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-04T17:11:19,633][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:11:19,642][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
[2024-10-04T17:11:20,097][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-10-04T17:11:20,103][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
[2024-10-04T17:11:20,985][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-10-04T17:11:20,986][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-10-04T17:11:20,986][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider : JDK
[2024-10-04T17:11:20,987][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
[2024-10-04T17:11:20,987][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2, TLSv1.1]
[2024-10-04T17:11:21,299][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-10-04T17:11:21,306][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
[2024-10-04T17:11:21,420][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-10-04T17:11:21,422][INFO ][o.o.p.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-10-04T17:11:22,006][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-10-04T17:11:22,009][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-10-04T17:11:22,029][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-10-04T17:11:22,033][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-10-04T17:11:22,062][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-10-04T17:11:22,066][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-10-04T17:11:22,067][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [analysis-common]
[2024-10-04T17:11:22,068][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [geo]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-common]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-expression]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-mustache]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-painless]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [mapper-extras]
[2024-10-04T17:11:22,072][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [parent-join]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [percolator]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [rank-eval]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [reindex]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [repository-url]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [systemd]
[2024-10-04T17:11:22,075][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [transport-netty4]
[2024-10-04T17:11:22,076][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-10-04T17:11:22,076][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-10-04T17:11:22,077][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-10-04T17:11:22,109][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-10-04T17:11:22,130][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/sda5)]], net usable_space [35.8gb], net total_space [99.9gb], types [ext4]
[2024-10-04T17:11:22,131][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
[2024-10-04T17:11:22,173][INFO ][o.o.n.Node ] [wazuh.indexer] node name [wazuh.indexer], node ID [k8kFOxF9SYWybkfeDKvTUQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
[2024-10-04T17:11:26,163][WARN ][o.o.s.c.Salt ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-04T17:11:26,176][ERROR][o.o.s.a.s.SinkProvider ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-10-04T17:11:26,178][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-04T17:11:26,179][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Message routing enabled: false
[2024-10-04T17:11:26,237][INFO ][o.o.s.f.SecurityFilter ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-10-04T17:11:26,524][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2024-10-04T17:11:27,177][INFO ][o.o.t.NettyAllocator ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=512mb}]
[2024-10-04T17:11:27,290][INFO ][o.o.d.DiscoveryModule ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-10-04T17:11:27,896][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-04T17:11:28,538][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-10-04T17:11:28,654][INFO ][o.o.n.Node ] [wazuh.indexer] initialized
[2024-10-04T17:11:28,657][INFO ][o.o.n.Node ] [wazuh.indexer] starting ...
[2024-10-04T17:11:28,984][INFO ][o.o.t.TransportService ] [wazuh.indexer] publish_address {172.18.0.2:9300}, bound_addresses {[::]:9300}
[2024-10-04T17:11:29,452][INFO ][o.o.c.c.Coordinator ] [wazuh.indexer] setting initial configuration to VotingConfiguration{k8kFOxF9SYWybkfeDKvTUQ}
[2024-10-04T17:11:29,710][INFO ][o.o.c.s.MasterService ] [wazuh.indexer] elected-as-master ([1] nodes joined)[{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-10-04T17:11:29,841][INFO ][o.o.c.c.CoordinationState] [wazuh.indexer] cluster UUID set to [wgZWmmt6SPmZG2MclgkngA]
[2024-10-04T17:11:29,906][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] master node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2024-10-04T17:11:29,957][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-10-04T17:11:29,964][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-10-04T17:11:30,064][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.18.0.2:9200}, bound_addresses {[::]:9200}
[2024-10-04T17:11:30,065][INFO ][o.o.n.Node ] [wazuh.indexer] started
[2024-10-04T17:11:30,066][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-10-04T17:11:30,067][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-10-04T17:11:30,069][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-10-04T17:11:30,071][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-10-04T17:11:30,143][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Node added: [k8kFOxF9SYWybkfeDKvTUQ]
[2024-10-04T17:11:30,154][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Add data node to AD version hash ring: k8kFOxF9SYWybkfeDKvTUQ
[2024-10-04T17:11:30,159][INFO ][o.o.g.GatewayService ] [wazuh.indexer] recovered [0] indices into cluster_state
[2024-10-04T17:11:30,159][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] All nodes with known AD version: {k8kFOxF9SYWybkfeDKvTUQ=ADNodeInfo{version=1.2.4, isEligibleDataNode=true}}
[2024-10-04T17:11:30,160][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-10-04T17:11:30,160][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Build AD version hash ring successfully
[2024-10-04T17:11:30,164][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] Start migrating AD data
[2024-10-04T17:11:30,168][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-10-04T17:11:30,170][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-10-04T17:11:30,309][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:11:30,335][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opendistro_security]
[2024-10-04T17:11:30,756][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]).
[2024-10-04T17:11:30,821][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security created?: true
[2024-10-04T17:11:30,823][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-10-04T17:11:30,835][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,218][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] create_mapping [_doc]
[2024-10-04T17:11:31,538][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'config' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,539][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,568][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,612][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,667][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,677][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,681][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'roles' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,682][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,686][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,715][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,830][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'rolesmapping' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,831][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,860][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,942][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'internalusers' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,943][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,981][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,123][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'actiongroups' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,123][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:32,169][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,293][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'tenants' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,293][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:11:32,312][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,431][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'nodesdn' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,433][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:11:32,463][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,537][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'whitelist' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,538][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:32,571][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,642][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Doc with id 'audit' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,847][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:11:32,849][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:11:32,855][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:11:32,857][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:11:32,857][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:11:32,861][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:11:32,861][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-10-04T17:11:32,861][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-10-04T17:11:32,862][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-10-04T17:11:34,188][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:11:34,194][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_1]
[2024-10-04T17:11:34,393][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-10-04T17:11:34,961][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-statistics] for index patterns [wazuh-statistics-*]
[2024-10-04T17:11:35,048][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-agent] for index patterns [wazuh-monitoring-*]
[2024-10-04T17:11:35,683][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-monitoring-2024.40w] creating index, cause [api], templates [wazuh-agent], shards [1]/[0]
[2024-10-04T17:11:35,821][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-monitoring-2024.40w][0]]]).
[2024-10-04T17:11:35,879][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.40w]
Security Admin v7
Will connect to localhost:9300 ... done
[2024-10-04T17:11:43,064][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-10-04T17:11:43,712][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2024-10-04T17:11:44,373][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x-2024.10.04][0], [wazuh-alerts-4.x-2024.10.04][2]]]).
[2024-10-04T17:11:44,607][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw] update_mapping [_doc]
[2024-10-04T17:11:44,948][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw] update_mapping [_doc]
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml
SUCC: Configuration for 'audit' created or updated
[2024-10-04T17:11:48,025][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:11:48,027][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:11:48,028][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:11:48,028][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:11:48,029][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:11:48,029][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Internal index used for posting audit logs is null
Done with success
[2024-10-04T17:12:00,423][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/qgE9hSWyTdaxMWzN0b0hng] update_mapping [_doc]
[2024-10-04T17:12:11,366][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/qgE9hSWyTdaxMWzN0b0hng] update_mapping [_doc]
[2024-10-04T17:12:29,945][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Container single-node-wazuh.dashboard-1 Removed 8.4s
✔ Container single-node-wazuh.manager-1 Removed 4.7s
✔ Container single-node-wazuh.indexer-1 Removed 1.2s
✔ Network single-node_default Removed 0.4s
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network single-node_default Created 0.2s
[+] Running 5/5
✔ generator Pulled 14.7s
✔ 17d0386c2fff Pull complete 9.3s
✔ 7ce91ec7d1d3 Pull complete 11.9s
✔ 5249716d429c Pull complete 12.0s
✔ d7003467fd14 Pull complete 12.1s
The tool to create the certificates exists in the in Packages bucket
04/10/2024 17:22:10 INFO: Generating the root certificate.
04/10/2024 17:22:10 INFO: Generating Admin certificates.
04/10/2024 17:22:10 INFO: Admin certificates created.
04/10/2024 17:22:10 INFO: Generating Wazuh indexer certificates.
04/10/2024 17:22:11 INFO: Wazuh indexer certificates created.
04/10/2024 17:22:11 INFO: Generating Filebeat certificates.
04/10/2024 17:22:11 INFO: Wazuh Filebeat certificates created.
04/10/2024 17:22:11 INFO: Generating Wazuh dashboard certificates.
04/10/2024 17:22:11 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 44/33
✔ wazuh.dashboard Pulled 307.3s
✔ wazuh.manager Pulled 210.6s
✔ wazuh.indexer Pulled 252.5s
[+] Running 3/3
✔ Container single-node-wazuh.indexer-1 Started 3.2s
✔ Container single-node-wazuh.manager-1 Started 3.5s
✔ Container single-node-wazuh.dashboard-1 Started
Stack deployed and containers logs:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0604cfd5e4ba wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
64f6a1fbc99e wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
660e80eda0d0 wazuh/wazuh-manager:4.9.0 "/init" About a minute ago Up About a minute 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
$ docker logs single-node-wazuh.dashboard-1
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"applicationConfig\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"cspHandler\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["warning","config","deprecation"],"pid":54,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-system"],"pid":54,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["info","savedobjects-service"],"pid":54,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["error","savedobjects-service"],"pid":54,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-10-04T17:32:07Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:10Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:12Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:15Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:17Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:20Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:22Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:25Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Detected mapping change in \"properties.homepage\""}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Creating index .kibana_2."}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","savedobjects-service"],"pid":54,"message":"Pointing alias .kibana to .kibana_2."}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","savedobjects-service"],"pid":54,"message":"Finished in 961ms."}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["warning","cross-compatibility-service"],"pid":54,"message":"Starting cross compatibility service"}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","plugins-system"],"pid":54,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"dashboard index: .kibana"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"App revision: 07"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"Total RAM: 9946MB"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Updated the wazuh-agent template"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":54,"message":"Updated the wazuh-statistics template"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Settings added to wazuh-monitoring-2024.40w index"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["listening","info"],"pid":54,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","http","server","OpenSearchDashboards"],"pid":54,"message":"http server running at https://0.0.0.0:5601"}
{"type":"error","@timestamp":"2024-10-04T17:32:34Z","tags":["connection","client","error"],"pid":54,"level":"error","error":{"message":"0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n","name":"Error","stack":"Error: 0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n","code":"ERR_SSL_TLSV1_ALERT_UNKNOWN_CA"},"message":"0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"response","@timestamp":"2024-10-04T17:32:37Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":416,"contentLength":9},"message":"GET / 200 416ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":302,"responseTime":180,"contentLength":9},"message":"GET / 302 180ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/app/wz-home","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":105,"contentLength":9},"message":"GET /app/wz-home 200 105ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/logos/spinner_on_light.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /ui/logos/spinner_on_light.svg 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_mark_on_light.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":36,"contentLength":9},"message":"GET /ui/logos/wazuh_mark_on_light.svg 200 36ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Regular.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Regular.woff2 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":["api"],"pid":54,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","if-none-match":"\"52251ef97c000acd79b6bf57f25ff0131e9dd665-gzip\""},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":160,"contentLength":9},"message":"GET /bootstrap.js 200 160ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsUtils/opensearchDashboardsUtils.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsUtils/opensearchDashboardsUtils.plugin.js 200 35ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/usageCollection/usageCollection.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/usageCollection/usageCollection.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/core/core.entry.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /49007/bundles/core/core.entry.js 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsLegacy/opensearchDashboardsLegacy.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsLegacy/opensearchDashboardsLegacy.plugin.js 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/urlForwarding/urlForwarding.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":93,"contentLength":9},"message":"GET /49007/bundles/plugin/urlForwarding/urlForwarding.plugin.js 200 93ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/charts/charts.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":94,"contentLength":9},"message":"GET /49007/bundles/plugin/charts/charts.plugin.js 200 94ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visDefaultEditor/visDefaultEditor.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /49007/bundles/plugin/visDefaultEditor/visDefaultEditor.plugin.js 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/data/data.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/data/data.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/wazuh/wazuh.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":41,"contentLength":9},"message":"GET /49007/bundles/plugin/wazuh/wazuh.plugin.js 200 41ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchUiShared/opensearchUiShared.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchUiShared/opensearchUiShared.plugin.js 200 10ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/inspector/inspector.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /49007/bundles/plugin/inspector/inspector.plugin.js 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/share/share.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /49007/bundles/plugin/share/share.plugin.js 200 18ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/embeddable/embeddable.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /49007/bundles/plugin/embeddable/embeddable.plugin.js 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/uiActions/uiActions.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /49007/bundles/plugin/uiActions/uiActions.plugin.js 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/home/home.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /49007/bundles/plugin/home/home.plugin.js 200 17ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsReact/opensearchDashboardsReact.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsReact/opensearchDashboardsReact.plugin.js 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/discover/discover.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /49007/bundles/plugin/discover/discover.plugin.js 200 16ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visAugmenter/visAugmenter.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visAugmenter/visAugmenter.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/savedObjectsManagement/savedObjectsManagement.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/savedObjectsManagement/savedObjectsManagement.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/savedObjects/savedObjects.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /49007/bundles/plugin/savedObjects/savedObjects.plugin.js 200 21ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeVega/visTypeVega.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeVega/visTypeVega.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTimeline/visTypeTimeline.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTimeline/visTypeTimeline.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTable/visTypeTable.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTable/visTypeTable.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeMarkdown/visTypeMarkdown.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeMarkdown/visTypeMarkdown.plugin.js 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visBuilder/visBuilder.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/visBuilder/visBuilder.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeVislib/visTypeVislib.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeVislib/visTypeVislib.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/tileMap/tileMap.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /49007/bundles/plugin/tileMap/tileMap.plugin.js 200 17ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/regionMap/regionMap.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/regionMap/regionMap.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/managementOverview/managementOverview.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/managementOverview/managementOverview.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visualizations/visualizations.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visualizations/visualizations.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/inputControlVis/inputControlVis.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":12,"contentLength":9},"message":"GET /49007/bundles/plugin/inputControlVis/inputControlVis.plugin.js 200 12ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visualize/visualize.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visualize/visualize.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsOverview/opensearchDashboardsOverview.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":42,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsOverview/opensearchDashboardsOverview.plugin.js 200 42ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/management/management.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":66,"contentLength":9},"message":"GET /49007/bundles/plugin/management/management.plugin.js 200 66ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/indexManagementDashboards/indexManagementDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":76,"contentLength":9},"message":"GET /49007/bundles/plugin/indexManagementDashboards/indexManagementDashboards.plugin.js 200 76ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/notificationsDashboards/notificationsDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":78,"contentLength":9},"message":"GET /49007/bundles/plugin/notificationsDashboards/notificationsDashboards.plugin.js 200 78ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTagcloud/visTypeTagcloud.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTagcloud/visTypeTagcloud.plugin.js 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/indexPatternManagement/indexPatternManagement.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":32,"contentLength":9},"message":"GET /49007/bundles/plugin/indexPatternManagement/indexPatternManagement.plugin.js 200 32ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/bfetch/bfetch.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":29,"contentLength":9},"message":"GET /49007/bundles/plugin/bfetch/bfetch.plugin.js 200 29ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/advancedSettings/advancedSettings.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /49007/bundles/plugin/advancedSettings/advancedSettings.plugin.js 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/securityDashboards/securityDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /49007/bundles/plugin/securityDashboards/securityDashboards.plugin.js 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/dataExplorer/dataExplorer.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":37,"contentLength":9},"message":"GET /49007/bundles/plugin/dataExplorer/dataExplorer.plugin.js 200 37ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /translations/en.json 200 9ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/osd-ui-shared-deps/osd-ui-shared-deps.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /49007/bundles/osd-ui-shared-deps/osd-ui-shared-deps.css 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/node_modules/@osd/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /node_modules/@osd/ui-framework/dist/kui_light.css 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /ui/legacy_light_theme.css 200 63ms - 9.0B"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"post","statusCode":200,"req":{"url":"/api/ism/apiCaller","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","content-length":"82","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":65,"contentLength":9},"message":"POST /api/ism/apiCaller 200 65ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/restapiinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":43,"contentLength":9},"message":"GET /api/v1/restapiinfo 200 43ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":86,"contentLength":9},"message":"GET /api/v1/configuration/account 200 86ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":54,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 54ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/elastic/security/current-platform","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /elastic/security/current-platform 200 16ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /api/logos 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","content-length":"959","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"POST /api/core/capabilities 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":48,"contentLength":9},"message":"GET /api/setup 200 48ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /api/v1/configuration/account 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/wazuh/wazuh.chunk.4.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /49007/bundles/plugin/wazuh/wazuh.chunk.4.js 200 2ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Medium.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Medium.woff2 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 64ms - 9.0B"}
$ docker logs single-node-wazuh.indexer-1
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
Oct 04, 2024 5:32:00 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
WARNING: COMPAT locale provider will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-10-04T17:32:01,592][INFO ][o.o.n.Node ] [wazuh.indexer] version[2.13.0], pid[1], build[rpm/9fd1835bba77ae04d48550eb4dc9be4787070806/2024-08-30T10:04:33.447803Z], OS[Linux/6.8.0-45-generic/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-LTS]
[2024-10-04T17:32:01,600][INFO ][o.o.n.Node ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true]
[2024-10-04T17:32:01,602][INFO ][o.o.n.Node ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-3188154812931614830, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-04T17:32:04,041][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:32:04,042][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-10-04T17:32:04,983][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-10-04T17:32:04,993][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-10-04T17:32:05,597][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-10-04T17:32:05,598][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-10-04T17:32:05,598][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider : JDK
[2024-10-04T17:32:05,599][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-10-04T17:32:05,599][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2]
[2024-10-04T17:32:05,652][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-10-04T17:32:05,833][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/certs has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,834][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,834][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,835][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,837][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/modules has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jwebserver has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,841][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,841][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,847][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,848][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,848][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,849][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,849][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,850][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,854][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,855][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,858][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,860][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,860][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/indexer-security-init.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/systemd-entrypoint has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,865][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,867][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-10-04T17:32:15,508][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-10-04T17:32:15,509][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-10-04T17:32:16,065][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-10-04T17:32:16,068][INFO ][o.o.i.r.ReindexPlugin ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-10-04T17:32:16,111][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-10-04T17:32:16,142][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-10-04T17:32:16,144][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-10-04T17:32:16,146][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource
[2024-10-04T17:32:16,149][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opensearch_sap_job, index: .opensearch-sap--job
[2024-10-04T17:32:16,157][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-10-04T17:32:16,158][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [analysis-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [cache-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [geo]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-expression]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-mustache]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [lang-painless]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [mapper-extras]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [parent-join]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [percolator]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [rank-eval]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [reindex]
[2024-10-04T17:32:16,163][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [repository-url]
[2024-10-04T17:32:16,163][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [search-pipeline-common]
[2024-10-04T17:32:16,164][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [systemd]
[2024-10-04T17:32:16,164][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded module [transport-netty4]
[2024-10-04T17:32:16,165][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-10-04T17:32:16,165][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-geospatial]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-ml]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-neural-search]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-notifications]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-notifications-core]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-security-analytics]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-10-04T17:32:16,324][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-10-04T17:32:16,332][INFO ][o.o.e.ExtensionsManager ] [wazuh.indexer] ExtensionsManager initialized
[2024-10-04T17:32:16,358][INFO ][o.a.l.s.MemorySegmentIndexInputProvider] [wazuh.indexer] Using MemorySegmentIndexInput with Java 21 or later; to disable start with -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false
[2024-10-04T17:32:16,383][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/sda5)]], net usable_space [31gb], net total_space [99.9gb], types [ext4]
[2024-10-04T17:32:16,384][INFO ][o.o.e.NodeEnvironment ] [wazuh.indexer] heap size [1gb], compressed ordinary object pointers [true]
[2024-10-04T17:32:16,546][INFO ][o.o.n.Node ] [wazuh.indexer] node name [wazuh.indexer], node ID [k8kFOxF9SYWybkfeDKvTUQ], cluster name [opensearch], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-10-04T17:32:19,488][INFO ][o.o.n.p.NeuralSearch ] [wazuh.indexer] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled]
[2024-10-04T17:32:20,046][WARN ][o.o.s.c.Salt ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-04T17:32:20,071][ERROR][o.o.s.a.s.SinkProvider ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-10-04T17:32:20,073][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-04T17:32:20,074][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Message routing enabled: false
[2024-10-04T17:32:20,105][INFO ][o.o.s.f.SecurityFilter ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-10-04T17:32:20,565][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
[2024-10-04T17:32:21,172][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML memory breaker.
[2024-10-04T17:32:21,173][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML disk breaker.
[2024-10-04T17:32:21,173][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML native memory breaker.
[2024-10-04T17:32:21,307][INFO ][o.r.Reflections ] [wazuh.indexer] Reflections took 54 ms to scan 1 urls, producing 22 keys and 63 values
[2024-10-04T17:32:21,407][WARN ][o.o.s.p.SQLPlugin ] [wazuh.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-04T17:32:22,239][INFO ][o.o.t.NettyAllocator ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
[2024-10-04T17:32:22,243][INFO ][o.o.s.s.t.SSLConfig ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:32:22,412][INFO ][o.o.d.DiscoveryModule ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-10-04T17:32:23,240][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-04T17:32:24,256][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-10-04T17:32:24,311][INFO ][o.o.n.Node ] [wazuh.indexer] initialized
[2024-10-04T17:32:24,313][INFO ][o.o.n.Node ] [wazuh.indexer] starting ...
[2024-10-04T17:32:24,361][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [windows_logtype.json] log type
[2024-10-04T17:32:24,363][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [waf_logtype.json] log type
[2024-10-04T17:32:24,365][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [vpcflow_logtype.json] log type
[2024-10-04T17:32:24,366][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [test_windows_logtype.json] log type
[2024-10-04T17:32:24,367][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [s3_logtype.json] log type
[2024-10-04T17:32:24,368][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_web_logtype.json] log type
[2024-10-04T17:32:24,369][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_proxy_logtype.json] log type
[2024-10-04T17:32:24,370][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_macos_logtype.json] log type
[2024-10-04T17:32:24,370][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_compliance_logtype.json] log type
[2024-10-04T17:32:24,371][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_cloud_logtype.json] log type
[2024-10-04T17:32:24,372][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_apt_logtype.json] log type
[2024-10-04T17:32:24,373][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_application_logtype.json] log type
[2024-10-04T17:32:24,373][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [okta_logtype.json] log type
[2024-10-04T17:32:24,374][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [network_logtype.json] log type
[2024-10-04T17:32:24,376][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [netflow_logtype.json] log type
[2024-10-04T17:32:24,378][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [m365_logtype.json] log type
[2024-10-04T17:32:24,378][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [linux_logtype.json] log type
[2024-10-04T17:32:24,379][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [gworkspace_logtype.json] log type
[2024-10-04T17:32:24,380][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [github_logtype.json] log type
[2024-10-04T17:32:24,381][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [dns_logtype.json] log type
[2024-10-04T17:32:24,382][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [cloudtrail_logtype.json] log type
[2024-10-04T17:32:24,383][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [azure_logtype.json] log type
[2024-10-04T17:32:24,383][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [apache_access_logtype.json] log type
[2024-10-04T17:32:24,384][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [ad_ldap_logtype.json] log type
[2024-10-04T17:32:24,577][INFO ][o.o.t.TransportService ] [wazuh.indexer] publish_address {172.18.0.2:9300}, bound_addresses {[::]:9300}
[2024-10-04T17:32:24,581][INFO ][o.o.t.TransportService ] [wazuh.indexer] Remote clusters initialized successfully.
[2024-10-04T17:32:24,973][INFO ][o.o.c.c.Coordinator ] [wazuh.indexer] cluster UUID [wgZWmmt6SPmZG2MclgkngA]
[2024-10-04T17:32:25,139][INFO ][o.o.c.s.MasterService ] [wazuh.indexer] elected-as-cluster-manager ([1] nodes joined)[{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 3, version: 56, delta: cluster-manager node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-10-04T17:32:25,258][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] cluster-manager node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 3, version: 56, reason: Publication{term=3, version=56}
[2024-10-04T17:32:25,269][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-10-04T17:32:25,282][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:25,311][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cache cluster manager node onClusterManager time: 1728063145311
[2024-10-04T17:32:25,325][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-10-04T17:32:25,336][INFO ][o.o.d.PeerFinder ] [wazuh.indexer] setting findPeersInterval to [1s] as node commission status = [true] for local node [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]
[2024-10-04T17:32:25,369][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.18.0.2:9200}, bound_addresses {[::]:9200}
[2024-10-04T17:32:25,369][INFO ][o.o.n.Node ] [wazuh.indexer] started
[2024-10-04T17:32:25,370][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-10-04T17:32:25,370][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-10-04T17:32:25,374][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-10-04T17:32:25,373][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-10-04T17:32:25,381][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Wait for cluster to be available ...
[2024-10-04T17:32:25,439][INFO ][o.o.c.s.ClusterSettings ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-10-04T17:32:25,488][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Node added: [k8kFOxF9SYWybkfeDKvTUQ]
[2024-10-04T17:32:25,491][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:25,494][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Add data node to AD version hash ring: k8kFOxF9SYWybkfeDKvTUQ
[2024-10-04T17:32:25,498][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] All nodes with known AD version: {k8kFOxF9SYWybkfeDKvTUQ=ADNodeInfo{version=2.13.0, isEligibleDataNode=true}}
[2024-10-04T17:32:25,499][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-10-04T17:32:25,500][INFO ][o.o.a.c.HashRing ] [wazuh.indexer] Build AD version hash ring successfully
[2024-10-04T17:32:25,517][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] Start migrating AD data
[2024-10-04T17:32:25,518][INFO ][o.o.a.c.ADDataMigrator ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-10-04T17:32:25,518][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-10-04T17:32:25,519][INFO ][o.o.g.GatewayService ] [wazuh.indexer] recovered [8] indices into cluster_state
[2024-10-04T17:32:25,522][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:25,527][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:25,569][WARN ][o.o.o.i.ObservabilityIndex] [wazuh.indexer] message: index [.opensearch-observability/VWcRoTMLSvCq8ukqYepHUw] already exists
[2024-10-04T17:32:25,574][WARN ][o.o.s.SecurityAnalyticsPlugin] [wazuh.indexer] Failed to initialize LogType config index and builtin log types
[2024-10-04T17:32:25,787][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/xM0M4U1gTUG6ENI60ic7iA]
[2024-10-04T17:32:26,024][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/47ylTRfmT9KMKvWNeqHCjA]
[2024-10-04T17:32:26,050][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/12bxWmGLT_6z5eSALtam6g]
[2024-10-04T17:32:26,077][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/VWcRoTMLSvCq8ukqYepHUw]
[2024-10-04T17:32:26,199][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,334][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:26,336][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:26,380][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:26,381][INFO ][o.o.s.l.LogTypeService ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:26,391][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
[2024-10-04T17:32:26,391][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-10-04T17:32:26,395][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] info deleteOldIndices
[2024-10-04T17:32:26,401][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] No Old Correlation Indices to delete
[2024-10-04T17:32:26,481][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,548][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,570][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/opensearch-security/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,642][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw]
[2024-10-04T17:32:26,769][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-statistics-2024.40w/8tkjhrj8QPOql9KDYPsIQA]
[2024-10-04T17:32:26,849][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
[2024-10-04T17:32:26,861][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,881][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
[2024-10-04T17:32:26,882][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,915][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
[2024-10-04T17:32:26,920][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,918][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,985][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
[2024-10-04T17:32:26,987][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,999][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
[2024-10-04T17:32:27,003][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:27,019][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
[2024-10-04T17:32:27,021][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,029][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
[2024-10-04T17:32:27,031][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,041][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
[2024-10-04T17:32:27,045][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,061][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id allowlist, skipping update.
[2024-10-04T17:32:27,069][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:27,130][INFO ][o.o.s.s.ConfigHelper ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
[2024-10-04T17:32:27,188][ERROR][o.o.s.a.BackendRegistry ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:32:27,339][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,406][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,472][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:32:27,473][INFO ][stdout ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:32:27,475][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:32:27,477][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:32:27,477][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:32:27,478][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing request headers <NONE> is disabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing request url params <NONE> is disabled.
[2024-10-04T17:32:27,480][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:32:27,487][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:32:27,488][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:32:27,488][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:32:27,492][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:32:27,494][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:32:27,494][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-10-04T17:32:27,494][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-10-04T17:32:27,494][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-10-04T17:32:27,519][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/qgE9hSWyTdaxMWzN0b0hng]
[2024-10-04T17:32:27,536][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.40w/0TdrdGCaReWJKnvVwRKssg]
[2024-10-04T17:32:27,579][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,676][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,679][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-10-04T17:32:27,730][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,307][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,344][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:32:28,353][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_2]
[2024-10-04T17:32:28,423][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,457][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,550][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_2][0]]]).
[2024-10-04T17:32:28,615][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,771][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,793][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/kZ2E-7FXRm62WLczId9r9w] update_mapping [_doc]
[2024-10-04T17:32:28,884][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,931][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,956][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/kZ2E-7FXRm62WLczId9r9w] update_mapping [_doc]
[2024-10-04T17:32:29,024][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:29,156][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:30,101][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[UxemHrOsScO0HnAeo7OwAw/F3G8jZ4HQUKJKTvxn0p7MA]
[2024-10-04T17:32:30,129][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[D0rBAOzfRNWCQ--FgAkE0A/J4rkVbBVRHWIlYrmFdD58Q]
[2024-10-04T17:32:30,229][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.40w]
[2024-10-04T17:32:30,250][INFO ][o.o.p.PluginsService ] [wazuh.indexer] PluginService:onIndexModule index:[iPZyk-UzTv-ggJCHX1CUYA/UUjKD79bRciHzo-3VniE8Q]
[2024-10-04T17:32:30,272][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-10-04T17:32:30,367][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:35,339][INFO ][o.o.m.a.MLModelAutoReDeployer] [wazuh.indexer] Index not found, not performing auto reloading!
[2024-10-04T17:32:35,340][INFO ][o.o.m.c.MLCommonsClusterManagerEventListener] [wazuh.indexer] Starting ML sync up job...
[2024-10-04T17:32:45,347][INFO ][o.o.m.c.MLSyncUpCron ] [wazuh.indexer] ML configuration already initialized, no action needed
[2024-10-04T17:33:25,313][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-10-04T17:33:25,316][INFO ][o.o.i.i.MetadataService ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
$ docker logs single-node-wazuh.manager-1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing...
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
The path /var/ossec/api/configuration is already mounted
/var/ossec/data_tmp/permanent/var/ossec/etc/
The path /var/ossec/etc is already mounted
/var/ossec/data_tmp/permanent/var/ossec/logs/
The path /var/ossec/logs is already mounted
/var/ossec/data_tmp/permanent/var/ossec/queue/
The path /var/ossec/queue is already mounted
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is already mounted
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is already mounted
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is already mounted
/var/ossec/data_tmp/permanent/var/ossec/wodles/
The path /var/ossec/wodles is already mounted
/var/ossec/data_tmp/permanent/etc/filebeat/
The path /etc/filebeat is already mounted
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/db/orm.py
Updating /var/ossec/wodles/azure/db/utils.py
Updating /var/ossec/wodles/azure/db/__init__.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/373/task/373/fd/6': No such file or directory
find: '/proc/373/task/373/fdinfo/6': No such file or directory
find: '/proc/373/fd/5': No such file or directory
find: '/proc/373/fdinfo/5': No such file or directory
find: '/proc/374/task/374/fd/6': No such file or directory
find: '/proc/374/task/374/fdinfo/6': No such file or directory
find: '/proc/374/fd/5': No such file or directory
find: '/proc/374/fdinfo/5': No such file or directory
find: '/proc/375/task/375/fd/6': No such file or directory
find: '/proc/375/task/375/fdinfo/6': No such file or directory
find: '/proc/375/fd/5': No such file or directory
find: '/proc/375/fdinfo/5': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing...
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing...
Configuring password.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: The 'vulnerability-detector' configuration is deprecated, please update your settings to use the new 'vulnerability-detection' instead (default values will be used based on your previous configurations). See https://documentation.wazuh.com
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'interval'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'min_full_scan_interval'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'run_on_start'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd:router: INFO: Loaded router module.
2024/10/04 17:32:04 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.9.0...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/10/04 17:32:07 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/10/04 17:32:11 wazuh-modulesd: WARNING: The 'vulnerability-detector' configuration is deprecated, please update your settings to use the new 'vulnerability-detection' instead (default values will be used based on your previous configurations). See https://documentation.wazuh.com
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'interval'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'min_full_scan_interval'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'run_on_start'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd:router: INFO: Loaded router module.
2024/10/04 17:32:11 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
starting Filebeat
[services.d] done.
2024/10/04 17:32:11 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/10/04 17:32:11 wazuh-modulesd:database: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:download: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:control: INFO: Starting control thread.
2024/10/04 17:32:11 sca: INFO: Starting Security Configuration Assessment scan.
2024/10/04 17:32:11 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/10/04 17:32:11 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: Missing enabled field..
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024-10-04T17:32:13.666Z INFO instance/beat.go:645 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-10-04T17:32:13.667Z INFO instance/beat.go:653 Beat ID: 2ed30e1f-5795-460e-b5de-0e639f165508
2024-10-04T17:32:13.668Z INFO [seccomp] seccomp/seccomp.go:124 Syscall filter successfully installed
2024-10-04T17:32:13.668Z INFO [beat] instance/beat.go:981 Beat info {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "2ed30e1f-5795-460e-b5de-0e639f165508"}}}
2024-10-04T17:32:13.668Z INFO [beat] instance/beat.go:990 Build info {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-10-04T17:32:13.668Z INFO [beat] instance/beat.go:993 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-10-04T17:32:13.669Z INFO [beat] instance/beat.go:997 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-10-03T09:33:58Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.8.0-45-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":5,"patch":20240903},"timezone":"UTC","timezone_offset_sec":0}}}
2024-10-04T17:32:13.671Z INFO [beat] instance/beat.go:1026 Process info {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1054, "ppid": 1050, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-10-04T17:32:12.730Z"}}}
2024-10-04T17:32:13.671Z INFO instance/beat.go:299 Setup Beat: filebeat; Version: 7.10.2
2024-10-04T17:32:13.673Z INFO eslegclient/connection.go:99 elasticsearch url: https://wazuh.indexer:9200
2024-10-04T17:32:13.674Z INFO [publisher] pipeline/module.go:113 Beat name: wazuh.manager
2024-10-04T17:32:13.677Z INFO beater/filebeat.go:117 Enabled modules/filesets: wazuh (alerts), ()
2024-10-04T17:32:13.679Z INFO instance/beat.go:455 filebeat start running.
2024-10-04T17:32:13.680Z INFO memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-10-04T17:32:13.682Z INFO memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=20
2024-10-04T17:32:13.683Z INFO [registrar] registrar/registrar.go:109 States Loaded from registrar: 1
2024-10-04T17:32:13.683Z INFO [crawler] beater/crawler.go:71 Loading Inputs: 1
2024-10-04T17:32:13.684Z INFO log/input.go:157 Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-10-04T17:32:13.684Z INFO [crawler] beater/crawler.go:141 Starting input (ID: 9132358592892857476)
2024-10-04T17:32:13.684Z INFO [crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 1
2024/10/04 17:32:20 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/10/04 17:32:20 sca: INFO: Security Configuration Assessment scan finished. Duration: 9 seconds.
2024-10-04T17:32:23.686Z INFO log/harvester.go:302 Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024-10-04T17:32:24.688Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2024-10-04T17:32:24.688Z INFO [publisher] pipeline/retry.go:223 done
2024-10-04T17:32:24.687Z INFO [publisher_pipeline_output] pipeline/output.go:143 Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-10-04T17:32:26.616Z ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): Get "https://wazuh.indexer:9200": dial tcp 172.18.0.2:9200: connect: connection refused
2024-10-04T17:32:26.617Z INFO [publisher_pipeline_output] pipeline/output.go:145 Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 1 reconnect attempt(s)
2024-10-04T17:32:26.617Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2024-10-04T17:32:26.618Z INFO [publisher] pipeline/retry.go:223 done
2024-10-04T17:32:29.971Z ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): 503 Service Unavailable: OpenSearch Security not initialized.
2024-10-04T17:32:29.971Z INFO [publisher_pipeline_output] pipeline/output.go:145 Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 2 reconnect attempt(s)
2024-10-04T17:32:29.972Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2024-10-04T17:32:29.972Z INFO [publisher] pipeline/retry.go:223 done
2024-10-04T17:32:30.209Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:32:30.213Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:32:30.226Z INFO template/load.go:183 Existing template will be overwritten, as overwrite is enabled.
2024-10-04T17:32:30.228Z INFO template/load.go:117 Try loading template wazuh to Elasticsearch
2024-10-04T17:32:30.375Z INFO template/load.go:109 template with name 'wazuh' loaded.
2024-10-04T17:32:30.375Z INFO [index-management] idxmgmt/std.go:298 Loaded index template.
2024-10-04T17:32:30.401Z INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/10/04 17:32:31 rootcheck: INFO: Ending rootcheck scan.
Deploy Wazuh 4.3.11
$ git checkout v4.3.11
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network multi-node_default Created 0.2s
[+] Running 5/5
✔ generator Pulled 14.4s
✔ edaedc954fb5 Pull complete 8.9s
✔ 573f4d11a520 Pull complete 10.7s
✔ 8f200922197d Pull complete 10.8s
✔ 55a86de68c5c Pull complete 10.9s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 13:38:00 INFO: Admin certificates created.
07/10/2024 13:38:00 INFO: Wazuh indexer certificates created.
07/10/2024 13:38:00 INFO: Wazuh server certificates created.
07/10/2024 13:38:00 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 53/37
✔ wazuh.master Pulled 104.9s
✔ wazuh.worker Pulled 104.9s
✔ wazuh.dashboard Pulled 178.6s
✔ wazuh3.indexer Pulled 92.4s
✔ nginx Pulled 74.7s
✔ wazuh1.indexer Pulled 92.4s
✔ wazuh2.indexer Pulled 92.4s
[+] Running 32/32
✔ Volume "multi-node_worker-wazuh-queue" Created 0.0s
✔ Volume "multi-node_master-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_worker-wazuh-logs" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-3" Created 0.0s
✔ Volume "multi-node_master-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_master-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-wazuh-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_master-filebeat-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_master-wazuh-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_master-wazuh-logs" Created 0.0s
✔ Volume "multi-node_master-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_worker-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_master-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_worker-filebeat-var" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-1" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-2" Created 0.0s
✔ Volume "multi-node_master-filebeat-var" Created 0.0s
✔ Volume "multi-node_worker-filebeat-etc" Created 0.0s
✔ Volume "multi-node_master-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_master-wazuh-queue" Created 0.0s
✔ Volume "multi-node_worker-wazuh-integrations" Created 0.0s
✔ Container multi-node-wazuh.worker-1 Started 4.2s
✔ Container multi-node-wazuh1.indexer-1 Started 5.1s
✔ Container multi-node-wazuh3.indexer-1 Started 4.9s
✔ Container multi-node-wazuh.master-1 Started 5.0s
✔ Container multi-node-wazuh2.indexer-1 Started 4.1s
✔ Container multi-node-wazuh.dashboard-1 Started 4.4s
✔ Container multi-node-nginx-1 Started 6.6s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45de19c9edc3 nginx:stable "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
a0f92232d638 wazuh/wazuh-dashboard:4.3.11 "/entrypoint.sh" 3 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
74a18b80b302 wazuh/wazuh-indexer:4.3.11 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh3.indexer-1
ee8778142dd1 wazuh/wazuh-manager:4.3.11 "/init" 3 minutes ago Up 3 minutes 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
e9ab3194d753 wazuh/wazuh-manager:4.3.11 "/init" 3 minutes ago Up 3 minutes 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
4b3f1b28609c wazuh/wazuh-indexer:4.3.11 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
4fde447fecf0 wazuh/wazuh-indexer:4.3.11 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh2.indexer-1
$
Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 8/8
✔ Container multi-node-nginx-1 Removed 0.8s
✔ Container multi-node-wazuh2.indexer-1 Removed 1.3s
✔ Container multi-node-wazuh3.indexer-1 Removed 1.1s
✔ Container multi-node-wazuh.dashboard-1 Removed 10.8s
✔ Container multi-node-wazuh.worker-1 Removed 4.7s
✔ Container multi-node-wazuh.master-1 Removed 4.5s
✔ Container multi-node-wazuh1.indexer-1 Removed 10.6s
✔ Network multi-node_default Removed 0.2s
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network multi-node_default Created 0.2s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 14:22:24 INFO: Admin certificates created.
07/10/2024 14:22:24 INFO: Wazuh indexer certificates created.
07/10/2024 14:22:24 INFO: Wazuh server certificates created.
07/10/2024 14:22:24 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 47/32
✔ wazuh.dashboard Pulled 286.7s
✔ wazuh.worker Pulled 227.5s
✔ wazuh2.indexer Pulled 239.5s
✔ wazuh.master Pulled 227.6s
✔ wazuh1.indexer Pulled 239.6s
✔ wazuh3.indexer Pulled 239.5s
[+] Running 8/8
✔ Network multi-node_default Created 0.4s
✔ Container multi-node-wazuh.worker-1 Started 4.5s
✔ Container multi-node-wazuh3.indexer-1 Started 4.6s
✔ Container multi-node-wazuh.master-1 Started 4.6s
✔ Container multi-node-wazuh1.indexer-1 Started 4.7s
✔ Container multi-node-wazuh2.indexer-1 Started 4.6s
✔ Container multi-node-wazuh.dashboard-1 Started 3.8s
✔ Container multi-node-nginx-1 Started 5.9s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc7e3f354e7f nginx:stable "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
088f65b407c0 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 2 minutes ago Up 2 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
ba622bfdd263 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 2 minutes ago Up 2 minutes 9200/tcp multi-node-wazuh2.indexer-1
7d2de31c598a wazuh/wazuh-manager:4.9.0 "/init" 2 minutes ago Up 2 minutes 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
c2a84247c0ac wazuh/wazuh-manager:4.9.0 "/init" 2 minutes ago Up 2 minutes 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
e5ba2bd030bc wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
520f02ec70d7 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 2 minutes ago Up 2 minutes 9200/tcp multi-node-wazuh3.indexer-1
$
Deploy Wazuh 4.7.0
$ git checkout v4.7.0
Previous HEAD position was e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
HEAD is now at dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
$ cd single-node/
(failed reverse-i-search)`': ^Ccker-compose -f generate-indexer-certs.yml run --rm generator
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network single-node_default Created 0.2s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 14:35:22 INFO: Admin certificates created.
07/10/2024 14:35:23 INFO: Wazuh indexer certificates created.
07/10/2024 14:35:23 INFO: Wazuh server certificates created.
07/10/2024 14:35:23 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 43/32
✔ wazuh.indexer Pulled 178.9s
✔ wazuh.dashboard Pulled 248.5s
✔ wazuh.manager Pulled 146.2s
[+] Running 17/17
✔ Volume "single-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-config" Created 0.1s
✔ Volume "single-node_wazuh-indexer-data" Created 0.1s
✔ Volume "single-node_wazuh_queue" Created 0.1s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Container single-node-wazuh.manager-1 Started 2.6s
✔ Container single-node-wazuh.indexer-1 Started 2.3s
✔ Container single-node-wazuh.dashboard-1 Started
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
10610cbc7c4a wazuh/wazuh-dashboard:4.7.0 "/entrypoint.sh" 48 seconds ago Up 46 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
297c84aaa123 wazuh/wazuh-manager:4.7.0 "/init" 48 seconds ago Up 47 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
3134f2608dde wazuh/wazuh-indexer:4.7.0 "/entrypoint.sh open…" 48 seconds ago Up 47 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
Turn off v4.7.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Container single-node-wazuh.dashboard-1 Removed 10.5s
✔ Container single-node-wazuh.indexer-1 Removed 0.6s
✔ Container single-node-wazuh.manager-1 Removed 4.5s
✔ Network single-node_default Removed 0.2s
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Network single-node_default Created 0.2s
✔ Container single-node-wazuh.manager-1 Started 1.5s
✔ Container single-node-wazuh.indexer-1 Started 1.1s
✔ Container single-node-wazuh.dashboard-1 Started 2.3s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
261cab396f42 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 26 seconds ago Up 24 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
8a9f50196884 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 27 seconds ago Up 25 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
3809513ec905 wazuh/wazuh-manager:4.9.0 "/init" 27 seconds ago Up 25 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
Deploy Wazuh 4.7.0
$ git checkout v4.7.0
Previous HEAD position was e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
HEAD is now at dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network multi-node_default Created 0.2s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 16:37:09 INFO: Admin certificates created.
07/10/2024 16:37:09 INFO: Wazuh indexer certificates created.
07/10/2024 16:37:10 INFO: Wazuh server certificates created.
07/10/2024 16:37:10 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 34/34
✔ Volume "multi-node_worker-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_master-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_master-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_worker-wazuh-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_worker-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "multi-node_master-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_worker-wazuh-logs" Created 0.0s
✔ Volume "multi-node_worker-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-wazuh-queue" Created 0.0s
✔ Volume "multi-node_master-wazuh-queue" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "multi-node_master-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_master-filebeat-var" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-3" Created 0.0s
✔ Volume "multi-node_master-wazuh-etc" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-1" Created 0.0s
✔ Volume "multi-node_master-wazuh-logs" Created 0.0s
✔ Volume "multi-node_master-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_master-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-2" Created 0.0s
✔ Volume "multi-node_master-filebeat-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_worker-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_worker-filebeat-etc" Created 0.0s
✔ Volume "multi-node_worker-filebeat-var" Created 0.0s
✔ Container multi-node-wazuh3.indexer-1 Started 1.8s
✔ Container multi-node-wazuh2.indexer-1 Started 1.8s
✔ Container multi-node-wazuh.worker-1 Started 1.9s
✔ Container multi-node-wazuh1.indexer-1 Started 1.7s
✔ Container multi-node-wazuh.master-1 Started 2.4s
✔ Container multi-node-wazuh.dashboard-1 Started 3.2s
✔ Container multi-node-nginx-1 Started 5.2s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7fcacd72e052 nginx:stable "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
c8bb5b34d9a5 wazuh/wazuh-dashboard:4.7.0 "/entrypoint.sh" 3 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
a55fd041d408 wazuh/wazuh-manager:4.7.0 "/init" 3 minutes ago Up 3 minutes 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
da2b5d19a003 wazuh/wazuh-indexer:4.7.0 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh3.indexer-1
a8ad2d11b662 wazuh/wazuh-indexer:4.7.0 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
12cd69f6e6f7 wazuh/wazuh-manager:4.7.0 "/init" 3 minutes ago Up 3 minutes 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
57da77d790b1 wazuh/wazuh-indexer:4.7.0 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 9200/tcp multi-node-wazuh2.indexer-1
Turn off v4.7.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 8/8
✔ Container multi-node-nginx-1 Removed 1.0s
✔ Container multi-node-wazuh2.indexer-1 Removed 1.3s
✔ Container multi-node-wazuh3.indexer-1 Removed 1.3s
✔ Container multi-node-wazuh.dashboard-1 Removed 10.6s
✔ Container multi-node-wazuh.worker-1 Removed 4.4s
✔ Container multi-node-wazuh.master-1 Removed 4.6s
✔ Container multi-node-wazuh1.indexer-1 Removed 10.7s
✔ Network multi-node_default Removed 0.3s
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 8/8
✔ Network multi-node_default Created 0.2s
✔ Container multi-node-wazuh.master-1 Started 2.2s
✔ Container multi-node-wazuh.worker-1 Started 2.0s
✔ Container multi-node-wazuh1.indexer-1 Started 2.2s
✔ Container multi-node-wazuh2.indexer-1 Started 2.1s
✔ Container multi-node-wazuh3.indexer-1 Started 2.1s
✔ Container multi-node-wazuh.dashboard-1 Started 3.3s
✔ Container multi-node-nginx-1 Started 4.6s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
87e666553cb1 nginx:stable "/docker-entrypoint.…" 54 seconds ago Up 51 seconds 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
994d1d392c78 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 54 seconds ago Up 52 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
990d17e8d7b8 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 55 seconds ago Up 53 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
b530c5606bf5 wazuh/wazuh-manager:4.9.0 "/init" 55 seconds ago Up 54 seconds 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
08866ec3421a wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 55 seconds ago Up 53 seconds 9200/tcp multi-node-wazuh3.indexer-1
7aaf25a4eaf6 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 55 seconds ago Up 53 seconds 9200/tcp multi-node-wazuh2.indexer-1
6cf01f1c533e wazuh/wazuh-manager:4.9.0 "/init" 55 seconds ago Up 53 seconds 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
Deploy Wazuh 4.8.0
$ git checkout v4.8.0
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at 829e435 Merge pull request #1384 from wazuh/enhancement/revert-image-tag
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network single-node_default Created 0.2s
[+] Running 5/5
✔ generator Pulled 15.4s
✔ 17d0386c2fff Pull complete 9.6s
✔ 7ce91ec7d1d3 Pull complete 11.7s
✔ 5249716d429c Pull complete 11.7s
✔ d7003467fd14 Pull complete 11.8s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 17:01:16 INFO: Generating the root certificate.
07/10/2024 17:01:16 INFO: Generating Admin certificates.
07/10/2024 17:01:17 INFO: Admin certificates created.
07/10/2024 17:01:17 INFO: Generating Wazuh indexer certificates.
07/10/2024 17:01:17 INFO: Wazuh indexer certificates created.
07/10/2024 17:01:17 INFO: Generating Filebeat certificates.
07/10/2024 17:01:17 INFO: Wazuh Filebeat certificates created.
07/10/2024 17:01:17 INFO: Generating Wazuh dashboard certificates.
07/10/2024 17:01:17 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 45/30
✔ wazuh.manager Pulled 198.0s
✔ wazuh.indexer Pulled 203.7s
✔ wazuh.dashboard Pulled 238.1s
[+] Running 17/17
✔ Volume "single-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh_queue" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Volume "single-node_wazuh-indexer-data" Created 0.0s
✔ Container single-node-wazuh.manager-1 Started 2.9s
✔ Container single-node-wazuh.indexer-1 Started 2.8s
✔ Container single-node-wazuh.dashboard-1 Started 1.6s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dfbd00a2584a wazuh/wazuh-dashboard:4.8.0 "/entrypoint.sh" 4 minutes ago Up 4 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
74f6c8723297 wazuh/wazuh-manager:4.8.0 "/init" 4 minutes ago Up 4 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
f76c5892bfec wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" 4 minutes ago Up 4 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
Turn off v4.8.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Container single-node-wazuh.dashboard-1 Removed 10.7s
✔ Container single-node-wazuh.manager-1 Removed 4.0s
✔ Container single-node-wazuh.indexer-1 Removed 0.7s
✔ Network single-node_default Removed 0.2s
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Network single-node_default Created 0.2s
✔ Container single-node-wazuh.indexer-1 Started 1.2s
✔ Container single-node-wazuh.manager-1 Started 1.3s
✔ Container single-node-wazuh.dashboard-1 Started 2.1s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9e06bcdece04 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 3 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
84daf237244e wazuh/wazuh-manager:4.9.0 "/init" 3 minutes ago Up 3 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
15cbbfe9fe2a wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 3 minutes ago Up 3 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
Deploy Wazuh 4.8.0
$ git checkout v4.8.0
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at 829e435 Merge pull request #1384 from wazuh/enhancement/revert-image-tag
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network multi-node_default Created 0.2s
The tool to create the certificates exists in the in Packages bucket
07/10/2024 17:38:34 INFO: Generating the root certificate.
07/10/2024 17:38:34 INFO: Generating Admin certificates.
07/10/2024 17:38:34 INFO: Admin certificates created.
07/10/2024 17:38:34 INFO: Generating Wazuh indexer certificates.
07/10/2024 17:38:34 INFO: Wazuh indexer certificates created.
07/10/2024 17:38:34 INFO: Generating Filebeat certificates.
07/10/2024 17:38:34 INFO: Wazuh Filebeat certificates created.
07/10/2024 17:38:34 INFO: Generating Wazuh dashboard certificates.
07/10/2024 17:38:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 34/34
✔ Volume "multi-node_master-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_master-filebeat-var" Created 0.0s
✔ Volume "multi-node_worker-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_worker-filebeat-var" Created 0.0s
✔ Volume "multi-node_master-wazuh-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_master-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-2" Created 0.0s
✔ Volume "multi-node_master-filebeat-etc" Created 0.0s
✔ Volume "multi-node_master-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-1" Created 0.0s
✔ Volume "multi-node_master-wazuh-queue" Created 0.0s
✔ Volume "multi-node_worker-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-3" Created 0.0s
✔ Volume "multi-node_worker-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_master-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_master-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-filebeat-etc" Created 0.0s
✔ Volume "multi-node_master-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_worker-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "multi-node_worker-wazuh-etc" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "multi-node_worker-wazuh-logs" Created 0.0s
✔ Volume "multi-node_master-wazuh-logs" Created 0.0s
✔ Volume "multi-node_worker-wazuh-queue" Created 0.0s
✔ Container multi-node-wazuh.worker-1 Started 2.3s
✔ Container multi-node-wazuh1.indexer-1 Started 2.1s
✔ Container multi-node-wazuh2.indexer-1 Started 2.3s
✔ Container multi-node-wazuh3.indexer-1 Started 2.3s
✔ Container multi-node-wazuh.master-1 Started 2.3s
✔ Container multi-node-wazuh.dashboard-1 Started 3.3s
✔ Container multi-node-nginx-1 Started 4.9s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bcf3e0e0eca6 nginx:stable "/docker-entrypoint.…" 59 seconds ago Up 55 seconds 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
e75a8642626b wazuh/wazuh-dashboard:4.8.0 "/entrypoint.sh" About a minute ago Up 57 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
156545acbc29 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" About a minute ago Up 58 seconds 9200/tcp multi-node-wazuh3.indexer-1
08172c55ceb9 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" About a minute ago Up 58 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
ac1e04890bb0 wazuh/wazuh-manager:4.8.0 "/init" About a minute ago Up 58 seconds 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
cff55d7fc0a8 wazuh/wazuh-manager:4.8.0 "/init" About a minute ago Up 58 seconds 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
3b72ae81ece2 wazuh/wazuh-indexer:4.8.0 "/entrypoint.sh open…" About a minute ago Up 58 seconds 9200/tcp multi-node-wazuh2.indexer-1
Turn off v4.8.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 8/8
✔ Container multi-node-wazuh2.indexer-1 Removed 1.7s
✔ Container multi-node-wazuh3.indexer-1 Removed 1.7s
✔ Container multi-node-nginx-1 Removed 1.0s
✔ Container multi-node-wazuh.dashboard-1 Removed 10.6s
✔ Container multi-node-wazuh.worker-1 Removed 4.3s
✔ Container multi-node-wazuh1.indexer-1 Removed 10.5s
✔ Container multi-node-wazuh.master-1 Removed 4.1s
✔ Network multi-node_default Removed 0.2s
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 8/8
✔ Network multi-node_default Created 0.2s
✔ Container multi-node-wazuh2.indexer-1 Started 3.3s
✔ Container multi-node-wazuh3.indexer-1 Started 3.5s
✔ Container multi-node-wazuh.master-1 Started 3.4s
✔ Container multi-node-wazuh.worker-1 Started 3.4s
✔ Container multi-node-wazuh1.indexer-1 Started 3.4s
✔ Container multi-node-wazuh.dashboard-1 Started 4.6s
✔ Container multi-node-nginx-1 Started 6.3s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
863e6d6e5e6c nginx:stable "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node-nginx-1
61e68d1698e2 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp multi-node-wazuh.dashboard-1
8842abbe9610 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" About a minute ago Up About a minute 9200/tcp multi-node-wazuh3.indexer-1
56b44290d92e wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" About a minute ago Up About a minute 9200/tcp multi-node-wazuh2.indexer-1
d423d1a89b61 wazuh/wazuh-manager:4.9.0 "/init" About a minute ago Up About a minute 1514-1516/tcp, 514/udp, 55000/tcp multi-node-wazuh.worker-1
cac11593bbe2 wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node-wazuh1.indexer-1
ffd8c829fa5b wazuh/wazuh-manager:4.9.0 "/init" About a minute ago Up About a minute 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node-wazuh.master-1
Deploy v4.3.11
$ git checkout v4.3.11
Previous HEAD position was 15205ad Merge pull request #742 from wazuh/bump-4-3-10
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Creating 1/1
✔ Network single-node_default Created 0.3s
[+] Running 5/5
✔ generator Pulled 19.6s
✔ edaedc954fb5 Pull complete 12.9s
✔ 573f4d11a520 Pull complete 15.6s
✔ 8f200922197d Pull complete 15.7s
✔ 55a86de68c5c Pull complete 15.7s
The tool to create the certificates exists in the in Packages bucket
09/10/2024 16:16:10 INFO: Admin certificates created.
09/10/2024 16:16:10 INFO: Wazuh indexer certificates created.
09/10/2024 16:16:10 INFO: Wazuh server certificates created.
09/10/2024 16:16:10 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 42/42
✔ wazuh.dashboard Pulled 172.8s
✔ 7896abcd5fb0 Pull complete 37.6s
✔ 18c07c9c69d1 Pull complete 37.7s
✔ a56c8af26d52 Pull complete 38.2s
✔ 6a09ac175392 Pull complete 39.3s
✔ 03d70a4b2468 Pull complete 39.8s
✔ bb414b59b625 Pull complete 40.8s
✔ 1dd7330b6ec9 Pull complete 41.1s
✔ f27ee0d71ab7 Pull complete 41.4s
✔ c80563a2214f Pull complete 168.5s
✔ wazuh.manager Pulled 127.9s
✔ ca1778b69356 Pull complete 20.7s
✔ 3d015cafc3c6 Pull complete 21.0s
✔ 41bffb284616 Pull complete 46.8s
✔ 103d60740ce7 Pull complete 46.9s
✔ c33126c14953 Pull complete 47.1s
✔ ad5faa77b2eb Pull complete 47.4s
✔ c8afd4d58b61 Pull complete 119.8s
✔ 5028fa12c95d Pull complete 122.1s
✔ 34281fed179e Pull complete 122.5s
✔ 4a382317a599 Pull complete 123.0s
✔ ddfdb9940271 Pull complete 123.1s
✔ 0b0c69857eb7 Pull complete 123.2s
✔ 75339528911b Pull complete 123.3s
✔ a66ac95f1d52 Pull complete 123.4s
✔ 53b8835a8fd7 Pull complete 123.4s
✔ 7012ff94f6eb Pull complete 123.5s
✔ 993f763a9cdf Pull complete 123.6s
✔ cc7fd7e6fd94 Pull complete 124.2s
✔ wazuh.indexer Pulled 121.0s
✔ 1392fb2be657 Pull complete 20.7s
✔ e1f3e19fcb02 Pull complete 21.0s
✔ df5fcdab7c84 Pull complete 21.3s
✔ 0fb1d60aaa35 Pull complete 21.6s
✔ 525dea4e6659 Pull complete 21.8s
✔ 491d59cd55c8 Pull complete 22.1s
✔ eb2326905fd1 Pull complete 22.3s
✔ 91cafdc0894d Pull complete 116.5s
✔ 82e12723e36a Pull complete 116.7s
✔ 5cf18b39cfbd Pull complete 116.9s
✔ c83d9132fb7e Pull complete 117.0s
✔ 5245ef7a70e8 Pull complete 117.1s
[+] Running 15/15
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh-indexer-data" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Volume "single-node_wazuh_queue" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Container single-node-wazuh.indexer-1 Started 3.3s
✔ Container single-node-wazuh.manager-1 Started 3.3s
✔ Container single-node-wazuh.dashboard-1 Started 3.4s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90f5ff2098a3 wazuh/wazuh-dashboard:4.3.11 "/entrypoint.sh" 2 minutes ago Up 2 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
683b2b0f8d99 wazuh/wazuh-indexer:4.3.11 "/entrypoint.sh open…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
e78ffd39d466 wazuh/wazuh-manager:4.3.11 "/init" 2 minutes ago Up 2 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack
$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 4/4
✔ Container single-node-wazuh.dashboard-1 Removed 10.4s
✔ Container single-node-wazuh.indexer-1 Removed 0.5s
✔ Container single-node-wazuh.manager-1 Removed 4.3s
✔ Network single-node_default Removed 0.3s
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
The tool to create the certificates exists in the in Packages bucket
09/10/2024 17:20:06 INFO: Generating the root certificate.
09/10/2024 17:20:06 INFO: Generating Admin certificates.
09/10/2024 17:20:06 INFO: Admin certificates created.
09/10/2024 17:20:06 INFO: Generating Wazuh indexer certificates.
09/10/2024 17:20:06 INFO: Wazuh indexer certificates created.
09/10/2024 17:20:06 INFO: Generating Filebeat certificates.
09/10/2024 17:20:06 INFO: Wazuh Filebeat certificates created.
09/10/2024 17:20:06 INFO: Generating Wazuh dashboard certificates.
09/10/2024 17:20:06 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 44/16
✔ wazuh.dashboard Pulled 301.1s
✔ wazuh.manager Pulled 243.4s
✔ wazuh.indexer Pulled 270.6s
[+] Running 4/4
✔ Network single-node_default Created 0.3s
✔ Container single-node-wazuh.indexer-1 Started 3.0s
✔ Container single-node-wazuh.manager-1 Started 3.0s
✔ Container single-node-wazuh.dashboard-1 Started 2.9s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63c4492f6ec4 wazuh/wazuh-dashboard:4.9.0 "/entrypoint.sh" 2 minutes ago Up 2 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
27040e6d5c8b wazuh/wazuh-indexer:4.9.0 "/entrypoint.sh open…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
22e7f429b747 wazuh/wazuh-manager:4.9.0 "/init" 2 minutes ago Up 2 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
Description
During https://github.com/wazuh/wazuh/issues/25851, I found that the documentation regarding to keeping custom Docker Compose files was not up to date.
It mentions that to keep the custom Docker Compose files, the only thing that needs to be updated are the paths related to the Wazuh indexer and Wazuh dashboard.
However, if we only change this, the indexer container does not start correctly and keeps restarting continuously:
This issue was resolved by changing the line:
to:
Once this was done, the containers were relaunched, but this time it failed when trying to access the dashboard.
Conclusion
We need to investigate the fix and update the documentation so that when the containers are started, everything works as expected.