juliamagan
commented
2 years ago Task 1: No errors or warnings found in logs
Agents
Amazon Linux 🟡
- `journalctl -xe -u wazuh-agent.service`: ``` may 03 17:08:54 ip-10-0-1-127.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun shutting down. may 03 17:08:54 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Killing wazuh-modulesd... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Killing wazuh-logcollector... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Killing wazuh-syscheckd... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Killing wazuh-agentd... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Killing wazuh-execd... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15183]: Wazuh v4.3.0 Stopped may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun starting up. may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Starting Wazuh v4.3.0... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-execd... may 03 17:08:56 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-agentd... may 03 17:08:57 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-syscheckd... may 03 17:08:58 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-logcollector... may 03 17:08:59 ip-10-0-1-127.us-west-1.compute.internal crontab[15411]: (root) LIST (root) may 03 17:08:59 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-modulesd... may 03 17:09:01 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Completed. may 03 17:09:01 ip-10-0-1-127.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log`: ``` [root@ip-10-0-1-127 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2022/05/04 08:02:29 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated. 2022/05/04 08:02:29 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated. 2022/05/04 08:02:29 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated. ``` - `systemctl status wazuh-agent -l`: ``` [root@ip-10-0-1-127 wazuh-user]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since mar 2022-05-03 17:09:01 UTC; 14h ago Process: 15183 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15248 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-agent.service ├─15275 /var/ossec/bin/wazuh-execd ├─15284 /var/ossec/bin/wazuh-agentd ├─15299 /var/ossec/bin/wazuh-syscheckd ├─15312 /var/ossec/bin/wazuh-logcollector └─15335 /var/ossec/bin/wazuh-modulesd may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Starting Wazuh v4.3.0... may 03 17:08:55 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-execd... may 03 17:08:56 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-agentd... may 03 17:08:57 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-syscheckd... may 03 17:08:58 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-logcollector... may 03 17:08:59 ip-10-0-1-127.us-west-1.compute.internal crontab[15411]: (root) LIST (root) may 03 17:08:59 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Started wazuh-modulesd... may 03 17:09:01 ip-10-0-1-127.us-west-1.compute.internal env[15248]: Completed. may 03 17:09:01 ip-10-0-1-127.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` - `/var/ossec/bin/wazuh-control status`: ``` [root@ip-10-0-1-127 wazuh-user]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```RHEL 🔴
- `journalctl -xe -u wazuh-agent.service`: ``` may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun shutting down. may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Killing wazuh-modulesd... may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Killing wazuh-logcollector... may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Killing wazuh-syscheckd... may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Killing wazuh-agentd... may 03 17:32:11 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Killing wazuh-execd... may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal env[30609]: Wazuh v4.3.0 Stopped may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished shutting down. may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun starting up. may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Starting Wazuh v4.3.0... may 03 17:32:13 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-execd... may 03 17:32:14 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-agentd... may 03 17:32:15 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-syscheckd... may 03 17:32:16 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-logcollector... may 03 17:32:16 ip-10-0-1-217.us-west-1.compute.internal osqueryd[30806]: osqueryd started [version=4.3.0] may 03 17:32:17 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-modulesd... may 03 17:32:19 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Completed. may 03 17:32:19 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log`: ``` [root@ip-10-0-1-217 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2022/05/04 08:01:13 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated. 2022/05/04 08:01:13 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated. 2022/05/04 08:01:13 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated. 2022/05/04 08:01:13 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/httpd/error_log'. 2022/05/04 08:01:14 wazuh-modulesd:oscap: ERROR: Internal error. Exiting... ``` - `systemctl status wazuh-agent -l`: ``` [root@ip-10-0-1-217 wazuh-user]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since mar 2022-05-03 17:32:19 UTC; 14h ago Process: 30609 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 30696 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 53 Memory: 183.9M CGroup: /system.slice/wazuh-agent.service ├─30723 /var/ossec/bin/wazuh-execd ├─30735 /var/ossec/bin/wazuh-agentd ├─30750 /var/ossec/bin/wazuh-syscheckd ├─30763 /var/ossec/bin/wazuh-logcollector ├─30787 /var/ossec/bin/wazuh-modulesd ├─30803 python3 wodles/docker/DockerListener ├─30806 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf └─30814 /usr/bin/osqueryd may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... may 03 17:32:12 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Starting Wazuh v4.3.0... may 03 17:32:13 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-execd... may 03 17:32:14 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-agentd... may 03 17:32:15 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-syscheckd... may 03 17:32:16 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-logcollector... may 03 17:32:16 ip-10-0-1-217.us-west-1.compute.internal osqueryd[30806]: osqueryd started [version=4.3.0] may 03 17:32:17 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Started wazuh-modulesd... may 03 17:32:19 ip-10-0-1-217.us-west-1.compute.internal env[30696]: Completed. may 03 17:32:19 ip-10-0-1-217.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` - `/var/ossec/bin/wazuh-control status`: ``` [root@ip-10-0-1-217 wazuh-user]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```Ubuntu 🔴
- `journalctl -xe -u wazuh-agent.service`: ``` May 04 07:52:24 ip-10-0-1-187 systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit wazuh-agent.service has begun shutting down. May 04 07:52:24 ip-10-0-1-187 env[6520]: Killing wazuh-modulesd... May 04 07:52:24 ip-10-0-1-187 env[6520]: Killing wazuh-logcollector... May 04 07:52:24 ip-10-0-1-187 env[6520]: Killing wazuh-syscheckd... May 04 07:52:24 ip-10-0-1-187 env[6520]: Killing wazuh-agentd... May 04 07:52:24 ip-10-0-1-187 env[6520]: Killing wazuh-execd... May 04 07:52:24 ip-10-0-1-187 env[6520]: Wazuh v4.3.0 Stopped May 04 07:52:24 ip-10-0-1-187 systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit wazuh-agent.service has finished shutting down. May 04 07:52:24 ip-10-0-1-187 systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit wazuh-agent.service has begun starting up. May 04 07:52:24 ip-10-0-1-187 env[6575]: Starting Wazuh v4.3.0... May 04 07:52:25 ip-10-0-1-187 env[6575]: Started wazuh-execd... May 04 07:52:26 ip-10-0-1-187 env[6575]: Started wazuh-agentd... May 04 07:52:27 ip-10-0-1-187 env[6575]: Started wazuh-syscheckd... May 04 07:52:28 ip-10-0-1-187 env[6575]: Started wazuh-logcollector... May 04 07:52:29 ip-10-0-1-187 env[6575]: Started wazuh-modulesd... May 04 07:52:31 ip-10-0-1-187 env[6575]: Completed. May 04 07:52:31 ip-10-0-1-187 systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is RESULT. ``` - `egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log`: ``` root@ip-10-0-1-187:/home/wazuh-user# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2022/05/04 07:52:27 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/messages' due to [(2)-(No such file or directory)]. 2022/05/04 07:52:27 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)]. 2022/05/04 07:52:27 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)]. ``` - `systemctl status wazuh-agent -l`: ``` root@ip-10-0-1-187:/home/wazuh-user# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-05-04 07:52:31 UTC; 7min ago Process: 6520 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 6575 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 31 (limit: 1125) CGroup: /system.slice/wazuh-agent.service ├─6625 /var/ossec/bin/wazuh-execd ├─6636 /var/ossec/bin/wazuh-agentd ├─6651 /var/ossec/bin/wazuh-syscheckd ├─6664 /var/ossec/bin/wazuh-logcollector └─6681 /var/ossec/bin/wazuh-modulesd May 04 07:52:24 ip-10-0-1-187 systemd[1]: Starting Wazuh agent... May 04 07:52:24 ip-10-0-1-187 env[6575]: Starting Wazuh v4.3.0... May 04 07:52:25 ip-10-0-1-187 env[6575]: Started wazuh-execd... May 04 07:52:26 ip-10-0-1-187 env[6575]: Started wazuh-agentd... May 04 07:52:27 ip-10-0-1-187 env[6575]: Started wazuh-syscheckd... May 04 07:52:28 ip-10-0-1-187 env[6575]: Started wazuh-logcollector... May 04 07:52:29 ip-10-0-1-187 env[6575]: Started wazuh-modulesd... May 04 07:52:31 ip-10-0-1-187 env[6575]: Completed. May 04 07:52:31 ip-10-0-1-187 systemd[1]: Started Wazuh agent. ``` - `/var/ossec/bin/wazuh-control status`: ``` root@ip-10-0-1-187:/home/wazuh-user# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```Centos 🟡
- `journalctl -xe -u wazuh-agent.service`: ``` may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun shutting down. may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Killing wazuh-modulesd... may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Killing wazuh-logcollector... may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Killing wazuh-syscheckd... may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Killing wazuh-agentd... may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Killing wazuh-execd... may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal env[18322]: Wazuh v4.3.0 Stopped may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished shutting down. may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun starting up. may 04 08:05:18 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Starting Wazuh v4.3.0... may 04 08:05:19 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-execd... may 04 08:05:20 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-agentd... may 04 08:05:21 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-syscheckd... may 04 08:05:22 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-logcollector... may 04 08:05:23 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-modulesd... may 04 08:05:25 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Completed. may 04 08:05:25 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log`: ``` [root@ip-10-0-1-106 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2022/05/04 08:05:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated. 2022/05/04 08:05:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated. 2022/05/04 08:05:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated. ``` - `systemctl status wazuh-agent -l`: ``` [root@ip-10-0-1-106 wazuh-user]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 08:05:25 UTC; 1min 20s ago Process: 18322 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 18387 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-agent.service ├─18414 /var/ossec/bin/wazuh-execd ├─18426 /var/ossec/bin/wazuh-agentd ├─18441 /var/ossec/bin/wazuh-syscheckd ├─18456 /var/ossec/bin/wazuh-logcollector └─18476 /var/ossec/bin/wazuh-modulesd may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. may 04 08:05:17 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... may 04 08:05:18 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Starting Wazuh v4.3.0... may 04 08:05:19 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-execd... may 04 08:05:20 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-agentd... may 04 08:05:21 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-syscheckd... may 04 08:05:22 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-logcollector... may 04 08:05:23 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Started wazuh-modulesd... may 04 08:05:25 ip-10-0-1-106.us-west-1.compute.internal env[18387]: Completed. may 04 08:05:25 ip-10-0-1-106.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` - `/var/ossec/bin/wazuh-control status`: ``` [root@ip-10-0-1-106 wazuh-user]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```Debian 🔴
- `journalctl -xe -u wazuh-agent.service`: ``` may 04 08:08:14 ip-10-0-1-185 systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit wazuh-agent.service has begun shutting down. may 04 08:08:14 ip-10-0-1-185 env[9536]: Killing wazuh-modulesd... may 04 08:08:14 ip-10-0-1-185 env[9536]: Killing wazuh-logcollector... may 04 08:08:14 ip-10-0-1-185 env[9536]: Killing wazuh-syscheckd... may 04 08:08:14 ip-10-0-1-185 env[9536]: Killing wazuh-agentd... may 04 08:08:14 ip-10-0-1-185 env[9536]: Killing wazuh-execd... may 04 08:08:14 ip-10-0-1-185 env[9536]: Wazuh v4.3.0 Stopped may 04 08:08:14 ip-10-0-1-185 systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit wazuh-agent.service has finished shutting down. may 04 08:08:14 ip-10-0-1-185 systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit wazuh-agent.service has begun starting up. may 04 08:08:14 ip-10-0-1-185 env[9591]: Starting Wazuh v4.3.0... may 04 08:08:15 ip-10-0-1-185 env[9591]: Started wazuh-execd... may 04 08:08:16 ip-10-0-1-185 env[9591]: Started wazuh-agentd... may 04 08:08:17 ip-10-0-1-185 env[9591]: Started wazuh-syscheckd... may 04 08:08:18 ip-10-0-1-185 env[9591]: Started wazuh-logcollector... may 04 08:08:19 ip-10-0-1-185 env[9591]: Started wazuh-modulesd... may 04 08:08:21 ip-10-0-1-185 env[9591]: Completed. may 04 08:08:21 ip-10-0-1-185 systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log`: ``` root@ip-10-0-1-185:/home/wazuh-user# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2022/05/04 08:08:17 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)]. 2022/05/04 08:08:17 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)]. ``` - `systemctl status wazuh-agent -l`: ``` root@ip-10-0-1-185:/home/wazuh-user# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-05-04 08:08:21 UTC; 1min 27s ago Process: 9536 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 9591 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 31 (limit: 4915) CGroup: /system.slice/wazuh-agent.service ├─9615 /var/ossec/bin/wazuh-execd ├─9626 /var/ossec/bin/wazuh-agentd ├─9640 /var/ossec/bin/wazuh-syscheckd ├─9657 /var/ossec/bin/wazuh-logcollector └─9696 /var/ossec/bin/wazuh-modulesd may 04 08:08:14 ip-10-0-1-185 systemd[1]: Stopped Wazuh agent. may 04 08:08:14 ip-10-0-1-185 systemd[1]: Starting Wazuh agent... may 04 08:08:14 ip-10-0-1-185 env[9591]: Starting Wazuh v4.3.0... may 04 08:08:15 ip-10-0-1-185 env[9591]: Started wazuh-execd... may 04 08:08:16 ip-10-0-1-185 env[9591]: Started wazuh-agentd... may 04 08:08:17 ip-10-0-1-185 env[9591]: Started wazuh-syscheckd... may 04 08:08:18 ip-10-0-1-185 env[9591]: Started wazuh-logcollector... may 04 08:08:19 ip-10-0-1-185 env[9591]: Started wazuh-modulesd... may 04 08:08:21 ip-10-0-1-185 env[9591]: Completed. may 04 08:08:21 ip-10-0-1-185 systemd[1]: Started Wazuh agent. ``` - `/var/ossec/bin/wazuh-control status`: ``` root@ip-10-0-1-185:/home/wazuh-user# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ```Windows 🔴
- EventViewer: ``` Log Name: System Source: Service Control Manager Date: 5/3/2022 5:32:23 PM Event ID: 7036 Task Category: None Level: Information Keywords: Classic User: N/A Computer: EC2AMAZ-L45ASS8 Description: The Wazuh service entered the running state. Event Xml:Managers
Master env 1 🔴
- `journalctl -xe -u wazuh-manager.service`: ``` may 04 08:44:16 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. may 04 08:44:16 wazuh-manager-master-0 env[1040]: Killing wazuh-clusterd... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-modulesd... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-monitord... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-logcollector... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-remoted... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-syscheckd... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-analysisd... may 04 08:44:17 wazuh-manager-master-0 env[1040]: wazuh-maild not running... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-execd... may 04 08:44:17 wazuh-manager-master-0 env[1040]: Killing wazuh-db... may 04 08:44:18 wazuh-manager-master-0 env[1040]: Killing wazuh-authd... may 04 08:44:19 wazuh-manager-master-0 env[1040]: wazuh-agentlessd not running... may 04 08:44:19 wazuh-manager-master-0 env[1040]: Killing wazuh-integratord... may 04 08:44:19 wazuh-manager-master-0 env[1040]: wazuh-dbd not running... may 04 08:44:19 wazuh-manager-master-0 env[1040]: wazuh-csyslogd not running... may 04 08:44:19 wazuh-manager-master-0 env[1040]: Killing wazuh-apid... may 04 08:44:19 wazuh-manager-master-0 env[1040]: Wazuh v4.3.0 Stopped may 04 08:44:19 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. may 04 08:44:21 wazuh-manager-master-0 env[1186]: 2022/05/04 08:44:21 wazuh-modulesd: WARNING: TheWorker env 1 🟡
- `journalctl -xe -u wazuh-manager.service`: ``` -- Unit wazuh-manager.service has begun shutting down. may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-clusterd... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-modulesd... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-monitord... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-logcollector... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-remoted... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-syscheckd... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-analysisd... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: wazuh-maild not running... may 04 08:50:07 wazuh-manager-worker-0 env[26161]: Killing wazuh-execd... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: Killing wazuh-db... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: wazuh-authd not running... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: wazuh-agentlessd not running... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: Killing wazuh-integratord... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: wazuh-dbd not running... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: wazuh-csyslogd not running... may 04 08:50:08 wazuh-manager-worker-0 env[26161]: Killing wazuh-apid... may 04 08:50:09 wazuh-manager-worker-0 env[26161]: Wazuh v4.3.0 Stopped may 04 08:50:09 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7616): List 'etc/lists/amazon/aws-eventnames' could not be loaded. Rule '80202' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80203' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80203' was not found. Invalid 'if_sid'. Rule '80250' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80251' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80251' was not found. Invalid 'if_matched_sid'. Rule '80252' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80253' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80253' was not found. Invalid 'if_sid'. Rule '80254' will be ignored. may 04 08:50:09 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:09 wazuh-analysisd: WARNING: (7606): Signature ID '80254' was not found. Invalid 'if_matched_sid'. Rule '80255' will be ignored. may 04 08:50:10 wazuh-manager-worker-0 env[26291]: 2022/05/04 08:50:10 wazuh-modulesd: WARNING: TheMaster env 2 🟡
- `journalctl -xe -u wazuh-manager.service`: ``` may 04 08:56:21 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-clusterd... may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-modulesd... may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-monitord... may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-logcollector... may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-remoted... may 04 08:56:21 wazuh-manager-master-0 env[30029]: Killing wazuh-syscheckd... may 04 08:56:22 wazuh-manager-master-0 env[30029]: Killing wazuh-analysisd... may 04 08:56:22 wazuh-manager-master-0 env[30029]: wazuh-maild not running... may 04 08:56:22 wazuh-manager-master-0 env[30029]: Killing wazuh-execd... may 04 08:56:22 wazuh-manager-master-0 env[30029]: Killing wazuh-db... may 04 08:56:23 wazuh-manager-master-0 env[30029]: Killing wazuh-authd... may 04 08:56:23 wazuh-manager-master-0 env[30029]: wazuh-agentlessd not running... may 04 08:56:23 wazuh-manager-master-0 env[30029]: Killing wazuh-integratord... may 04 08:56:23 wazuh-manager-master-0 env[30029]: wazuh-dbd not running... may 04 08:56:23 wazuh-manager-master-0 env[30029]: wazuh-csyslogd not running... may 04 08:56:23 wazuh-manager-master-0 env[30029]: Killing wazuh-apid... may 04 08:56:24 wazuh-manager-master-0 env[30029]: Wazuh v4.3.0 Stopped may 04 08:56:24 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. may 04 08:56:26 wazuh-manager-master-0 env[30183]: 2022/05/04 08:56:26 wazuh-modulesd: WARNING: TheWazuh Indexer
Bootstrap 🔴
- `journalctl -xe -u wazuh-indexer.service`: ``` may 04 08:17:50 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[19152]: Exception in thread "Attach Listener" Agent failed to start! may 04 08:48:01 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[19152]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:17:53 ip-10-0-2-125.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. may 04 09:17:54 ip-10-0-2-125.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. may 04 09:18:09 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: An illegal reflective access operation has occurred may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/o may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: All illegal access operations will be denied in a future release may 04 09:18:15 ip-10-0-2-125.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log`: ``` [2022-05-04T08:40:50,436][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context [2022-05-04T08:44:36,501][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f616c696173657320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T08:53:00,611][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174732f696e646963657320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T08:57:18,206][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f737461747320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31315f3529204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f35302e302e323636312e313032205361666172692f3533372e33360d0a0d0a [2022-05-04T08:57:18,209][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f2a2f5f73657474696e677320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31315f3529204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f35302e302e323636312e313032205361666172692f3533372e33360d0a0d0a [2022-05-04T08:57:18,213][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f6e6f64657320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31315f3529204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f35302e302e323636312e313032205361666172692f3533372e33360d0a0d0a [2022-05-04T08:57:18,216][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a436f6e6e656374696f6e3a20636c6f73650d0a4163636570742d456e636f64696e673a20677a69700d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31315f3529204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f35302e302e323636312e313032205361666172692f3533372e33360d0a0d0a [2022-05-04T08:57:42,330][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f636c75737465722f6865616c74683f6c6576656c3d696e646963657320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T09:14:16,912][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174757320485454502f312e310d0a486f73743a2035322e35322e3134372e33373a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T09:17:59,309][INFO ][o.o.n.Node ] [node-3] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-5513364696324844172, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2022-05-04T09:18:09,281][ERROR][o.o.s.a.s.SinkProvider ] [node-3] Default endpoint could not be created, auditlog will not work properly. ``` - `systemctl status wazuh-indexer -l`: ``` [root@ip-10-0-2-125 wazuh-user]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 09:18:15 UTC; 3min 34s ago Docs: https://documentation.wazuh.com Main PID: 16738 (java) CGroup: /system.slice/wazuh-indexer.service └─16738 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-5513364696324844172 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet may 04 09:17:54 ip-10-0-2-125.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... may 04 09:18:09 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: An illegal reflective access operation has occurred may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:18:10 ip-10-0-2-125.us-west-1.compute.internal systemd-entrypoint[16738]: WARNING: All illegal access operations will be denied in a future release may 04 09:18:15 ip-10-0-2-125.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. ```Master B 🔴
- `journalctl -xe -u wazuh-indexer.service`: ``` may 04 08:47:42 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[18812]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:17:53 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[18812]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:23:44 ip-10-0-2-85.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. may 04 09:23:45 ip-10-0-2-85.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: An illegal reflective access operation has occurred may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/op may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: All illegal access operations will be denied in a future release may 04 09:24:01 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:24:06 ip-10-0-2-85.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log`: ``` [2022-05-04T09:16:44,829][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-2] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 48454c500d0a [2022-05-04T09:16:44,967][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-2] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context [2022-05-04T09:23:50,650][INFO ][o.o.n.Node ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-4567178945924237329, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2022-05-04T09:24:00,307][ERROR][o.o.s.a.s.SinkProvider ] [node-2] Default endpoint could not be created, auditlog will not work properly. ``` - `systemctl status wazuh-indexer -l`: ``` [root@ip-10-0-2-85 wazuh-user]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 09:24:06 UTC; 1min 33s ago Docs: https://documentation.wazuh.com Main PID: 21286 (java) CGroup: /system.slice/wazuh-indexer.service └─21286 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-4567178945924237329 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet may 04 09:23:45 ip-10-0-2-85.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: An illegal reflective access operation has occurred may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:24:00 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: WARNING: All illegal access operations will be denied in a future release may 04 09:24:01 ip-10-0-2-85.us-west-1.compute.internal systemd-entrypoint[21286]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:24:06 ip-10-0-2-85.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. ```Master C 🔴
- `journalctl -xe -u wazuh-indexer.service`: ``` may 04 08:48:38 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[19957]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:18:49 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[19957]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:26:28 ip-10-0-2-209.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. may 04 09:26:29 ip-10-0-2-209.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. may 04 09:26:43 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: An illegal reflective access operation has occurred may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/o may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: All illegal access operations will be denied in a future release may 04 09:26:50 ip-10-0-2-209.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log`: ``` [2022-05-04T08:51:28,825][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context [2022-05-04T08:53:12,122][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174732f696e646963657320485454502f312e310d0a486f73743a2035342e3137372e3231302e3137353a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T08:57:28,241][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a2035342e3137372e3231302e3137353a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c653b2043656e737973496e73706563742f312e313b202b68747470733a2f2f61626f75742e63656e7379732e696f2f290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T08:57:29,336][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset [2022-05-04T08:58:01,182][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f636c75737465722f6865616c74683f6c6576656c3d696e646963657320485454502f312e310d0a486f73743a2035342e3137372e3231302e3137353a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T09:14:21,347][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174757320485454502f312e310d0a486f73743a2035342e3137372e3231302e3137353a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a [2022-05-04T09:26:33,991][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15123537735382070843, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2022-05-04T09:26:44,108][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. ``` - `systemctl status wazuh-indexer -l`: ``` [root@ip-10-0-2-209 wazuh-user]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 09:26:50 UTC; 1min 27s ago Docs: https://documentation.wazuh.com Main PID: 23515 (java) CGroup: /system.slice/wazuh-indexer.service └─23515 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15123537735382070843 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet may 04 09:26:29 ip-10-0-2-209.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... may 04 09:26:43 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: An illegal reflective access operation has occurred may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:26:44 ip-10-0-2-209.us-west-1.compute.internal systemd-entrypoint[23515]: WARNING: All illegal access operations will be denied in a future release may 04 09:26:50 ip-10-0-2-209.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. ```Wazuh Dashboard
wazuh-indexer 🔴
- `journalctl -xe -u wazuh-indexer.service`: ``` may 04 08:54:30 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[21307]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:24:41 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[21307]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:31:35 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. may 04 09:31:36 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. may 04 09:31:52 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: An illegal reflective access operation has occurred may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/o may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: All illegal access operations will be denied in a future release may 04 09:31:58 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ``` - `egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log`: ``` [root@ip-10-0-0-107 wazuh-user]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log [2022-05-04T09:31:41,457][INFO ][o.o.n.Node ] [node-7] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms2560m, -Xmx2560m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-14437330058389193133, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=1342177280, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2022-05-04T09:31:52,361][ERROR][o.o.s.a.s.SinkProvider ] [node-7] Default endpoint could not be created, auditlog will not work properly. ``` - `systemctl status wazuh-indexer -l`: ``` [root@ip-10-0-0-107 wazuh-user]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 09:31:58 UTC; 1min 9s ago Docs: https://documentation.wazuh.com Main PID: 24466 (java) CGroup: /system.slice/wazuh-indexer.service └─24466 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-14437330058389193133 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet may 04 09:31:36 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... may 04 09:31:52 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: Exception in thread "Attach Listener" Agent failed to start! may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: An illegal reflective access operation has occurred may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations may 04 09:31:53 ip-10-0-0-107.us-west-1.compute.internal systemd-entrypoint[24466]: WARNING: All illegal access operations will be denied in a future release may 04 09:31:58 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. ```wazuh-dashboard 🔴
- `journalctl -xe -u wazuh-dashboard.service`: ``` may 04 09:33:40 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Stopping wazuh-dashboard... -- Subject: Unit wazuh-dashboard.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-dashboard.service has begun shutting down. may 04 09:33:40 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[1753]: {"type":"log","@timestamp":"2022-05-04T09:33:40Z","tags":["info","plugins-system"],"pid":1753,"message":"Stopping all plugins may 04 09:33:40 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Started wazuh-dashboard. -- Subject: Unit wazuh-dashboard.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-dashboard.service has finished starting up. -- -- The start-up result is done. may 04 09:33:40 ip-10-0-0-107.us-west-1.compute.internal systemd[1]: Starting wazuh-dashboard... -- Subject: Unit wazuh-dashboard.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-dashboard.service has begun starting up. may 04 09:33:46 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:46Z","tags":["info","plugins-service"],"pid":26314,"message":"Plugin \"visTypeX may 04 09:33:46 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:46Z","tags":["info","plugins-system"],"pid":26314,"message":"Setting up [45] pl may 04 09:33:47 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:47Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Waiting unti may 04 09:33:47 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:47Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Starting sav may 04 09:33:47 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:47Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Creating ind may 04 09:33:48 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:48Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Migrating .k may 04 09:33:48 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:48Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Pointing ali may 04 09:33:48 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:48Z","tags":["info","savedobjects-service"],"pid":26314,"message":"Finished in may 04 09:33:48 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:48Z","tags":["info","plugins-system"],"pid":26314,"message":"Starting [45] plug may 04 09:33:49 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:49Z","tags":["listening","info"],"pid":26314,"message":"Server running at https may 04 09:33:50 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"log","@timestamp":"2022-05-04T09:33:50Z","tags":["info","http","server","OpenSearchDashboards"],"pid":26314,"messag ``` - `systemctl status wazuh-dashboard -l`: ``` [root@ip-10-0-0-107 wazuh-user]# systemctl status wazuh-dashboard -l ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since mié 2022-05-04 09:33:40 UTC; 3min 38s ago Main PID: 26314 (node) CGroup: /system.slice/wazuh-dashboard.service └─26314 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml may 04 09:34:12 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:34:12Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_template&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":39,"contentLength":9},"message":"POST /api/console/proxy?path=_template&method=GET 200 39ms - 9.0B"} may 04 09:35:13 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:35:13Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_aliases&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":40,"contentLength":9},"message":"POST /api/console/proxy?path=_aliases&method=GET 200 40ms - 9.0B"} may 04 09:35:13 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:35:13Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_mapping&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":79,"contentLength":9},"message":"POST /api/console/proxy?path=_mapping&method=GET 200 79ms - 9.0B"} may 04 09:35:13 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:35:13Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_template&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":26,"contentLength":9},"message":"POST /api/console/proxy?path=_template&method=GET 200 26ms - 9.0B"} may 04 09:36:14 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:36:14Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_mapping&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":66,"contentLength":9},"message":"POST /api/console/proxy?path=_mapping&method=GET 200 66ms - 9.0B"} may 04 09:36:15 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:36:15Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_aliases&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"POST /api/console/proxy?path=_aliases&method=GET 200 21ms - 9.0B"} may 04 09:36:15 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:36:15Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_template&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":27,"contentLength":9},"message":"POST /api/console/proxy?path=_template&method=GET 200 27ms - 9.0B"} may 04 09:37:16 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:37:16Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_mapping&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":93,"contentLength":9},"message":"POST /api/console/proxy?path=_mapping&method=GET 200 93ms - 9.0B"} may 04 09:37:17 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:37:17Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_aliases&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"POST /api/console/proxy?path=_aliases&method=GET 200 20ms - 9.0B"} may 04 09:37:17 ip-10-0-0-107.us-west-1.compute.internal opensearch-dashboards[26314]: {"type":"response","@timestamp":"2022-05-04T09:37:17Z","tags":["access:console"],"pid":26314,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_template&method=GET","method":"post","headers":{"host":"10.0.0.107:5601","connection":"close","content-length":"0","accept":"text/plain, */*; q=0.01","osd-xsrf":"opensearchDashboards","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","osd-version":"1.2.0","sec-gpc":"1","origin":"https://demo-430-rc7-wazuh.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.107","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36","referer":"https://demo-430-rc7-wazuh.com/app/dev_tools"},"res":{"statusCode":200,"responseTime":28,"contentLength":9},"message":"POST /api/console/proxy?path=_template&method=GET 200 28ms - 9.0B"} ``` - `/usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log` ``` {"date":"2022-05-03T16:48:31.065Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2022-05-03T16:48:31.065Z","level":"info","location":"initialize","message":"App revision: 4301-1"} {"date":"2022-05-03T16:48:31.066Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"} {"date":"2022-05-03T16:48:32.479Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED 10.0.0.226:55000"} {"date":"2022-05-03T16:48:54.789Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2022-05-03T16:48:54.790Z","level":"info","location":"initialize","message":"App revision: 4301-1"} {"date":"2022-05-03T16:48:54.790Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"} {"date":"2022-05-03T16:48:55.348Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED 10.0.0.226:55000"} {"date":"2022-05-03T17:03:24.459Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2022-05-03T17:03:24.459Z","level":"info","location":"initialize","message":"App revision: 4301-1"} {"date":"2022-05-03T17:03:24.459Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"} {"date":"2022-05-03T17:05:23.921Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2022-05-03T17:05:23.921Z","level":"info","location":"initialize","message":"App revision: 4301-1"} {"date":"2022-05-03T17:05:23.922Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"} {"date":"2022-05-03T17:10:01.102Z","level":"error","location":"cron-scheduler|SaveDocument","message":"resource_already_exists_exception"} {"date":"2022-05-04T08:01:07.238Z","level":"error","location":"wazuh-api:makeRequest","data":{"title":"Bad Request","detail":"Error in wazuhdb request: Cannot execute SQL query","remediation":"Make sure the request is correct","dapi_errors":{"master":{"error":"Error in wazuhdb request: Cannot execute SQL query"}},"error":2003}} {"date":"2022-05-04T08:01:12.512Z","level":"error","location":"wazuh-api:makeRequest","data":{"title":"Bad Request","detail":"Error in wazuhdb request: Cannot execute SQL query","remediation":"Make sure the request is correct","dapi_errors":{"master":{"error":"Error in wazuhdb request: Cannot execute SQL query"}},"error":2003}} {"date":"2022-05-04T08:01:39.343Z","level":"error","location":"wazuh-api:makeRequest","data":{"title":"Bad Request","detail":"Error in wazuhdb request: Cannot execute SQL query","remediation":"Make sure the request is correct","dapi_errors":{"master":{"error":"Error in wazuhdb request: Cannot execute SQL query"}},"error":2003}} {"date":"2022-05-04T09:33:49.058Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2022-05-04T09:33:49.058Z","level":"info","location":"initialize","message":"App revision: 4301-1"} {"date":"2022-05-04T09:33:49.059Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"} {"date":"2022-05-04T10:05:22.699Z","level":"error","location":"wazuh-api:makeRequest","data":{"title":"Wazuh Internal Error","detail":"Timeout executing API request","dapi_errors":{"master":{"error":"Timeout executing API request","logfile":"WAZUH_HOME/logs/api.log"}},"error":3021}} ```| Status | |
|---|---|
| 🔴 | Errors were found |
| 🟡 | Warnings were found |
| 🟢 | No errors or warnings were found |
alberpilot
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
Test information
Test tasks
Conclusion 🔵
Amazon Linux, RHEL and CentOS logs are related to https://github.com/wazuh/wazuh-automation/issues/800. Debian and Ubuntu logs are related to https://github.com/wazuh/wazuh-automation/issues/801. Windows logs are related to https://github.com/wazuh/wazuh-automation/issues/802. Managers' logs were fixed in https://github.com/wazuh/wazuh-automation/issues/803. However, more logs were found, and we have created https://github.com/wazuh/wazuh-automation/issues/813. More error and warning logs were found in wazuh-indexer, we have created https://github.com/wazuh/wazuh-packages/issues/1511.
Open issues
Auditors validation
The definition of done for this one is the validation of the conclusions and the test results from all auditors.
All checks from below must be accepted in order to close this issue.