search

wazuh / wazuh-qa

Wazuh - Quality Assurance
GNU General Public License v2.0
64 stars 30 forks source link

Test reproducibility of https://github.com/wazuh/wazuh-indexer/issues/201 #5200

Closed AlexRuiz7 closed 6 months ago

AlexRuiz7 commented 6 months ago
Target version Related issue Related PR/dev branch
4.8.0 https://github.com/wazuh/wazuh-indexer/issues/201 beta5

Description

It has been reported that the wazuh-indexer fails to start as the whole /var/log/wazuh-indexer/ folder disappears due to unknown reasons.

We have been trying to replicate the problem without success. Using a Vagrant AIO deployment, the log folder exists, is persistent between restarts and the service starts as expected.

We have tested this behavior in RHEL7 and Ubuntu 22.04 operating systems.

Check https://github.com/wazuh/wazuh-indexer/issues/201

We would like to be sure that this issue is not reproducible and has been a particular case. We would like to create a new environment with a fresh v4.8.0-beta5 installation and check if this error happens again.

Configuration and considerations

Fresh and untouched Wazuh v4.8.0-beta5 installation.

santipadilla commented 6 months ago

We tried to reproduce the issue in 4.8.0 - beta5 AIO in the following environments:

Jenkins QA Environment Ubuntu 22.04 :green_circle:

System information ```console root@ip-172-31-8-6:/home/qa# cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04 LTS" PRETTY_NAME="Ubuntu 22.04 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ```
Wazuh version ```console root@ip-172-31-8-6:/home/qa# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
Before reboot ```console root@ip-172-31-8-6:/home/qa# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-15 07:47:50 UTC; 16min ago Docs: https://documentation.wazuh.com Main PID: 13235 (java) Tasks: 76 (limit: 9170) Memory: 4.2G CPU: 1min 758ms CGroup: /system.slice/wazuh-indexer.service └─13235 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.he> Apr 15 07:47:38 ip-172-31-8-6 systemd[1]: Starting Wazuh-indexer... Apr 15 07:47:40 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 07:47:40 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.ja> Apr 15 07:47:40 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Apr 15 07:47:40 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 07:47:41 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 07:47:41 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 07:47:41 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Apr 15 07:47:41 ip-172-31-8-6 systemd-entrypoint[13235]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 07:47:50 ip-172-31-8-6 systemd[1]: Started Wazuh-indexer. ``` ```console root@ip-172-31-8-6:/home/qa# ls -la /var/log/wazuh-indexer total 420 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Apr 15 07:47 . drwxrwxr-x 13 root syslog 4096 Apr 15 07:46 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 111136 Apr 15 08:14 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2006 Apr 15 07:47 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 44131 Apr 15 07:47 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2043 Apr 15 07:47 gc.log.02 -rw-r----- 1 wazuh-indexer wazuh-indexer 75868 Apr 15 08:12 wazuh.log -rw-r----- 1 wazuh-indexer wazuh-indexer 5635 Apr 15 07:54 wazuh_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 3510 Apr 15 07:54 wazuh_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 159059 Apr 15 08:12 wazuh_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_task_detailslog.log ```
After reboot ```console root@ip-172-31-8-6:/home/qa# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-15 08:24:31 UTC; 24s ago Docs: https://documentation.wazuh.com Main PID: 530 (java) Tasks: 76 (limit: 9170) Memory: 4.3G CPU: 46.010s CGroup: /system.slice/wazuh-indexer.service └─530 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.head> Apr 15 08:24:07 ip-172-31-8-6 systemd[1]: Starting Wazuh-indexer... Apr 15 08:24:12 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 08:24:12 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 08:24:12 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Apr 15 08:24:12 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 08:24:15 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 08:24:15 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 08:24:15 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Apr 15 08:24:15 ip-172-31-8-6 systemd-entrypoint[530]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 08:24:31 ip-172-31-8-6 systemd[1]: Started Wazuh-indexer. ``` ```console root@ip-172-31-8-6:/home/qa# ls -la /var/log/wazuh-indexer total 592 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Apr 15 08:24 . drwxrwxr-x 13 root syslog 4096 Apr 15 08:24 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 44447 Apr 15 08:25 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2006 Apr 15 07:47 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 44131 Apr 15 07:47 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2043 Apr 15 07:47 gc.log.02 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 119409 Apr 15 08:23 gc.log.03 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 Apr 15 08:24 gc.log.04 -rw-r----- 1 wazuh-indexer wazuh-indexer 110610 Apr 15 08:24 wazuh.log -rw-r----- 1 wazuh-indexer wazuh-indexer 8210 Apr 15 08:24 wazuh_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 5124 Apr 15 08:24 wazuh_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 230577 Apr 15 08:24 wazuh_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 07:47 wazuh_task_detailslog.log ```
santipadilla commented 6 months ago

Vagrant RHEL 7 :green_circle:

System information ```console [root@AIOwazuh vagrant]# cat /etc/*release NAME="Red Hat Enterprise Linux Server" VERSION="7.9 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7" REDHAT_BUGZILLA_PRODUCT_VERSION=7.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="7.9" Red Hat Enterprise Linux Server release 7.9 (Maipo) Red Hat Enterprise Linux Server release 7.9 (Maipo) ```
Wazuh version ```console [root@AIOwazuh vagrant]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
Before reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2024-04-15 09:04:12 UTC; 5min ago Docs: https://documentation.wazuh.com Main PID: 4652 (java) CGroup: /system.slice/wazuh-indexer.service └─4652 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... Apr 15 09:04:02 AIOwazuh systemd[1]: Starting Wazuh-indexer... Apr 15 09:04:03 AIOwazuh systemd-entrypoint[4652]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 09:04:03 AIOwazuh systemd-entrypoint[4652]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 09:04:03 AIOwazuh systemd-entrypoint[4652]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Apr 15 09:04:03 AIOwazuh systemd-entrypoint[4652]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 09:04:04 AIOwazuh systemd-entrypoint[4652]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 09:04:04 AIOwazuh systemd-entrypoint[4652]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 09:04:04 AIOwazuh systemd-entrypoint[4652]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Apr 15 09:04:04 AIOwazuh systemd-entrypoint[4652]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 09:04:12 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 328 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 Apr 15 09:04 . drwxr-xr-x. 11 root root 4096 Apr 15 09:05 .. -rw-r--r--. 1 wazuh-indexer wazuh-indexer 62830 Apr 15 09:10 gc.log -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 Apr 15 09:04 gc.log.00 -rw-r-----. 1 wazuh-indexer wazuh-indexer 52657 Apr 15 09:09 wazuh-cluster.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 2735 Apr 15 09:06 wazuh-cluster_deprecation.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 1631 Apr 15 09:06 wazuh-cluster_deprecation.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_indexing_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_indexing_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_search_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_search_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 115732 Apr 15 09:09 wazuh-cluster_server.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_task_detailslog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_task_detailslog.log ```
After reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2024-04-15 09:11:37 UTC; 34s ago Docs: https://documentation.wazuh.com Main PID: 1130 (java) CGroup: /system.slice/wazuh-indexer.service └─1130 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... Apr 15 09:11:15 AIOwazuh systemd[1]: Starting Wazuh-indexer... Apr 15 09:11:18 AIOwazuh systemd-entrypoint[1130]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 09:11:18 AIOwazuh systemd-entrypoint[1130]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 09:11:18 AIOwazuh systemd-entrypoint[1130]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Apr 15 09:11:18 AIOwazuh systemd-entrypoint[1130]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 09:11:19 AIOwazuh systemd-entrypoint[1130]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 09:11:19 AIOwazuh systemd-entrypoint[1130]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 09:11:19 AIOwazuh systemd-entrypoint[1130]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Apr 15 09:11:19 AIOwazuh systemd-entrypoint[1130]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 09:11:37 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 460 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 Apr 15 09:11 . drwxr-xr-x. 11 root root 4096 Apr 15 09:11 .. -rw-r--r--. 1 wazuh-indexer wazuh-indexer 44175 Apr 15 09:13 gc.log -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 Apr 15 09:04 gc.log.00 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 66644 Apr 15 09:10 gc.log.01 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 Apr 15 09:11 gc.log.02 -rw-r-----. 1 wazuh-indexer wazuh-indexer 88606 Apr 15 09:12 wazuh-cluster.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 5005 Apr 15 09:12 wazuh-cluster_deprecation.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 3004 Apr 15 09:12 wazuh-cluster_deprecation.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_indexing_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_indexing_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_search_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_index_search_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 191710 Apr 15 09:12 wazuh-cluster_server.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_task_detailslog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 Apr 15 09:04 wazuh-cluster_task_detailslog.log ```
santipadilla commented 6 months ago

Vagrant CentOS 7 :green_circle:

System information ```console [root@AIOwazuh vagrant]# cat /etc/*release CentOS Linux release 7.9.2009 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" CentOS Linux release 7.9.2009 (Core) CentOS Linux release 7.9.2009 (Core) ```
Wazuh version ```console [root@AIOwazuh vagrant]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
Before reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 09:34:24 UTC; 27min ago Docs: https://documentation.wazuh.com Main PID: 4234 (java) CGroup: /system.slice/wazuh-indexer.service └─4234 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... abr 15 09:34:13 AIOwazuh systemd[1]: Starting Wazuh-indexer... abr 15 09:34:15 AIOwazuh systemd-entrypoint[4234]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 09:34:15 AIOwazuh systemd-entrypoint[4234]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 09:34:15 AIOwazuh systemd-entrypoint[4234]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 09:34:15 AIOwazuh systemd-entrypoint[4234]: WARNING: System::setSecurityManager will be removed in a future release abr 15 09:34:16 AIOwazuh systemd-entrypoint[4234]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 09:34:16 AIOwazuh systemd-entrypoint[4234]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 09:34:16 AIOwazuh systemd-entrypoint[4234]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 09:34:16 AIOwazuh systemd-entrypoint[4234]: WARNING: System::setSecurityManager will be removed in a future release abr 15 09:34:24 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 320 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 abr 15 09:34 . drwxr-xr-x. 9 root root 4096 abr 15 09:35 .. -rw-r--r--. 1 wazuh-indexer wazuh-indexer 105851 abr 15 10:02 gc.log -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 abr 15 09:34 gc.log.00 -rw-r-----. 1 wazuh-indexer wazuh-indexer 2735 abr 15 09:37 wazuh-cluster_deprecation.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 1631 abr 15 09:37 wazuh-cluster_deprecation.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_indexing_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_indexing_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_search_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_search_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 53426 abr 15 10:00 wazuh-cluster.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 117681 abr 15 10:00 wazuh-cluster_server.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_task_detailslog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_task_detailslog.log ```
After reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 10:03:30 UTC; 2min 26s ago Docs: https://documentation.wazuh.com Main PID: 1125 (java) CGroup: /system.slice/wazuh-indexer.service └─1125 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... abr 15 10:03:12 AIOwazuh systemd[1]: Starting Wazuh-indexer... abr 15 10:03:14 AIOwazuh systemd-entrypoint[1125]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:03:14 AIOwazuh systemd-entrypoint[1125]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:03:14 AIOwazuh systemd-entrypoint[1125]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 10:03:14 AIOwazuh systemd-entrypoint[1125]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:03:15 AIOwazuh systemd-entrypoint[1125]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:03:15 AIOwazuh systemd-entrypoint[1125]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:03:15 AIOwazuh systemd-entrypoint[1125]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 10:03:15 AIOwazuh systemd-entrypoint[1125]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:03:30 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 504 drwxr-x---. 2 wazuh-indexer wazuh-indexer 4096 abr 15 10:03 . drwxr-xr-x. 9 root root 4096 abr 15 10:03 .. -rw-r--r--. 1 wazuh-indexer wazuh-indexer 48436 abr 15 10:06 gc.log -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 abr 15 09:34 gc.log.00 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 106596 abr 15 10:02 gc.log.01 -rw-r--r--. 1 wazuh-indexer wazuh-indexer 2019 abr 15 10:03 gc.log.02 -rw-r-----. 1 wazuh-indexer wazuh-indexer 5005 abr 15 10:03 wazuh-cluster_deprecation.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 3004 abr 15 10:03 wazuh-cluster_deprecation.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_indexing_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_indexing_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_search_slowlog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_index_search_slowlog.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 89720 abr 15 10:05 wazuh-cluster.log -rw-r-----. 1 wazuh-indexer wazuh-indexer 194605 abr 15 10:05 wazuh-cluster_server.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_task_detailslog.json -rw-r-----. 1 wazuh-indexer wazuh-indexer 0 abr 15 09:34 wazuh-cluster_task_detailslog.log ```
santipadilla commented 6 months ago

Vagrant Amazon Linux 2 :green_circle:

System information ```console [root@AIOwazuh vagrant]# cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" SUPPORT_END="2025-06-30" Amazon Linux release 2 (Karoo) ```
Wazuh version ```console [root@AIOwazuh vagrant]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
Before reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 10:17:57 UTC; 4min 35s ago Docs: https://documentation.wazuh.com Main PID: 6234 (java) CGroup: /system.slice/wazuh-indexer.service └─6234 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... abr 15 10:17:30 AIOwazuh systemd[1]: Starting Wazuh-indexer... abr 15 10:17:35 AIOwazuh systemd-entrypoint[6234]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:17:35 AIOwazuh systemd-entrypoint[6234]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:17:35 AIOwazuh systemd-entrypoint[6234]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 10:17:35 AIOwazuh systemd-entrypoint[6234]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:17:37 AIOwazuh systemd-entrypoint[6234]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:17:37 AIOwazuh systemd-entrypoint[6234]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:17:37 AIOwazuh systemd-entrypoint[6234]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 10:17:37 AIOwazuh systemd-entrypoint[6234]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:17:57 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 328 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 abr 15 10:17 . drwxr-xr-x 9 root root 4096 abr 15 10:19 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 64703 abr 15 10:23 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 abr 15 10:17 gc.log.00 -rw-r----- 1 wazuh-indexer wazuh-indexer 2735 abr 15 10:20 wazuh-cluster_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 1631 abr 15 10:20 wazuh-cluster_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 53122 abr 15 10:22 wazuh-cluster.log -rw-r----- 1 wazuh-indexer wazuh-indexer 116796 abr 15 10:22 wazuh-cluster_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_task_detailslog.log ```
After reboot ```console [root@AIOwazuh vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 10:24:58 UTC; 27s ago Docs: https://documentation.wazuh.com Main PID: 2841 (java) CGroup: /system.slice/wazuh-indexer.service └─2841 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... abr 15 10:24:27 AIOwazuh systemd[1]: Starting Wazuh-indexer... abr 15 10:24:30 AIOwazuh systemd-entrypoint[2841]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:24:30 AIOwazuh systemd-entrypoint[2841]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:24:30 AIOwazuh systemd-entrypoint[2841]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 10:24:30 AIOwazuh systemd-entrypoint[2841]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:24:32 AIOwazuh systemd-entrypoint[2841]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:24:32 AIOwazuh systemd-entrypoint[2841]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) abr 15 10:24:32 AIOwazuh systemd-entrypoint[2841]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 10:24:32 AIOwazuh systemd-entrypoint[2841]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:24:58 AIOwazuh systemd[1]: Started Wazuh-indexer. ``` ```console [root@AIOwazuh vagrant]# ls -la /var/log/wazuh-indexer total 460 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 abr 15 10:24 . drwxr-xr-x 9 root root 4096 abr 15 10:24 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 43222 abr 15 10:25 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 abr 15 10:17 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 66217 abr 15 10:23 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 abr 15 10:24 gc.log.02 -rw-r----- 1 wazuh-indexer wazuh-indexer 5005 abr 15 10:25 wazuh-cluster_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 3004 abr 15 10:25 wazuh-cluster_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 88259 abr 15 10:25 wazuh-cluster.log -rw-r----- 1 wazuh-indexer wazuh-indexer 190765 abr 15 10:25 wazuh-cluster_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:17 wazuh-cluster_task_detailslog.log ```
santipadilla commented 6 months ago

Jenkins QA Environment Amazon Linux 2 :green_circle:

System information ```console [root@ip-172-31-8-70 qa]# cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ```
Wazuh version ```console [root@ip-172-31-8-70 qa]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
Before reboot ```console [root@ip-172-31-8-70 qa]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 10:20:11 UTC; 12min ago Docs: https://documentation.wazuh.com Main PID: 391 (java) Tasks: 75 Memory: 4.2G CGroup: /system.slice/wazuh-indexer.service └─391 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.head... abr 15 10:19:59 ip-172-31-8-70.ec2.internal systemd[1]: Starting Wazuh-indexer... abr 15 10:20:01 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:20:01 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer...2.10.0.jar) abr 15 10:20:01 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 10:20:01 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:20:02 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:20:02 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/l...2.10.0.jar) abr 15 10:20:02 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 10:20:02 ip-172-31-8-70.ec2.internal systemd-entrypoint[391]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:20:11 ip-172-31-8-70.ec2.internal systemd[1]: Started Wazuh-indexer. ``` ```console [root@ip-172-31-8-70 qa]# ls -la /var/log/wazuh-indexer total 464 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 abr 15 10:20 . drwxr-xr-x 8 root root 4096 abr 15 10:19 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 92748 abr 15 10:32 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2030 abr 15 10:19 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 33702 abr 15 10:19 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 1995 abr 15 10:20 gc.log.02 -rw-r----- 1 wazuh-indexer wazuh-indexer 5635 abr 15 10:24 wazuh_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 3510 abr 15 10:24 wazuh_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 79105 abr 15 10:30 wazuh.log -rw-r----- 1 wazuh-indexer wazuh-indexer 164064 abr 15 10:30 wazuh_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_task_detailslog.log ```
After reboot ```console [root@ip-172-31-8-70 qa]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since lun 2024-04-15 10:33:39 UTC; 1min 13s ago Docs: https://documentation.wazuh.com Main PID: 2466 (java) Tasks: 75 Memory: 4.3G CGroup: /system.slice/wazuh-indexer.service └─2466 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea... abr 15 10:33:15 ip-172-31-8-70.ec2.internal systemd[1]: Starting Wazuh-indexer... abr 15 10:33:20 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:33:20 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexe...2.10.0.jar) abr 15 10:33:20 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch abr 15 10:33:20 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:33:22 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: A terminally deprecated method in java.lang.System has been called abr 15 10:33:22 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/...2.10.0.jar) abr 15 10:33:22 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security abr 15 10:33:22 ip-172-31-8-70.ec2.internal systemd-entrypoint[2466]: WARNING: System::setSecurityManager will be removed in a future release abr 15 10:33:39 ip-172-31-8-70.ec2.internal systemd[1]: Started Wazuh-indexer. ``` ```console [root@ip-172-31-8-70 qa]# ls -la /var/log/wazuh-indexer total 608 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 abr 15 10:33 . drwxr-xr-x 8 root root 4096 abr 15 10:33 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 55237 abr 15 10:35 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2030 abr 15 10:19 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 33702 abr 15 10:19 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 1995 abr 15 10:20 gc.log.02 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 93676 abr 15 10:32 gc.log.03 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 abr 15 10:33 gc.log.04 -rw-r----- 1 wazuh-indexer wazuh-indexer 8210 abr 15 10:33 wazuh_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 5124 abr 15 10:33 wazuh_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 107853 abr 15 10:34 wazuh.log -rw-r----- 1 wazuh-indexer wazuh-indexer 223436 abr 15 10:34 wazuh_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 abr 15 10:19 wazuh_task_detailslog.log ```
santipadilla commented 6 months ago

We have not been able to replicate the error, on any of the operating systems discussed, with an AIO installation using both local vagrant and the qa test environment in jenkins, everything worked correctly. In the main issue we were using an aws environment, stopping it and reactivating it the next day, we changed the issue to on hold until tomorrow to test that case.

santipadilla commented 6 months ago

UBUNTU 22.04 on AWS :green_circle:

AIO installation ```console root@ip-172-31-35-19:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 15/04/2024 13:25:36 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 15/04/2024 13:25:36 INFO: Verbose logging redirected to /var/log/wazuh-install.log 15/04/2024 13:25:51 INFO: Verifying that your system meets the recommended minimum hardware requirements. 15/04/2024 13:25:51 INFO: Wazuh web interface port will be 443. 15/04/2024 13:25:55 INFO: --- Dependencies ---- 15/04/2024 13:25:55 INFO: Installing apt-transport-https. 15/04/2024 13:26:02 INFO: Wazuh development repository added. 15/04/2024 13:26:02 INFO: --- Configuration files --- 15/04/2024 13:26:02 INFO: Generating configuration files. 15/04/2024 13:26:03 INFO: Generating the root certificate. 15/04/2024 13:26:03 INFO: Generating Admin certificates. 15/04/2024 13:26:03 INFO: Generating Wazuh indexer certificates. 15/04/2024 13:26:04 INFO: Generating Filebeat certificates. 15/04/2024 13:26:04 INFO: Generating Wazuh dashboard certificates. 15/04/2024 13:26:04 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 15/04/2024 13:26:05 INFO: --- Wazuh indexer --- 15/04/2024 13:26:05 INFO: Starting Wazuh indexer installation. 15/04/2024 13:27:27 INFO: Wazuh indexer installation finished. 15/04/2024 13:27:27 INFO: Wazuh indexer post-install configuration finished. 15/04/2024 13:27:27 INFO: Starting service wazuh-indexer. 15/04/2024 13:27:39 INFO: wazuh-indexer service started. 15/04/2024 13:27:39 INFO: Initializing Wazuh indexer cluster security settings. 15/04/2024 13:27:51 INFO: Wazuh indexer cluster security configuration initialized. 15/04/2024 13:27:51 INFO: Wazuh indexer cluster initialized. 15/04/2024 13:27:51 INFO: --- Wazuh server --- 15/04/2024 13:27:51 INFO: Starting the Wazuh manager installation. 15/04/2024 13:29:13 INFO: Wazuh manager installation finished. 15/04/2024 13:29:13 INFO: Wazuh manager vulnerability detection configuration finished. 15/04/2024 13:29:13 INFO: Starting service wazuh-manager. 15/04/2024 13:29:29 INFO: wazuh-manager service started. 15/04/2024 13:29:29 INFO: Starting Filebeat installation. 15/04/2024 13:29:42 INFO: Filebeat installation finished. 15/04/2024 13:29:43 INFO: Filebeat post-install configuration finished. 15/04/2024 13:29:43 INFO: Starting service filebeat. 15/04/2024 13:29:44 INFO: filebeat service started. 15/04/2024 13:29:44 INFO: --- Wazuh dashboard --- 15/04/2024 13:29:44 INFO: Starting Wazuh dashboard installation. 15/04/2024 13:32:24 INFO: Wazuh dashboard installation finished. 15/04/2024 13:32:24 INFO: Wazuh dashboard post-install configuration finished. 15/04/2024 13:32:24 INFO: Starting service wazuh-dashboard. 15/04/2024 13:32:24 INFO: wazuh-dashboard service started. 15/04/2024 13:32:26 INFO: Updating the internal users. 15/04/2024 13:32:30 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 15/04/2024 13:33:15 INFO: Initializing Wazuh dashboard web application. 15/04/2024 13:33:16 INFO: Wazuh dashboard web application initialized. 15/04/2024 13:33:16 INFO: --- Summary --- 15/04/2024 13:33:16 INFO: You can access the web interface https://:443 User: admin Password: WPJhLxblc8hcr*R?TV4D1pYcm7bZVAp+ 15/04/2024 13:33:16 INFO: Installation finished. ```
System information ```console root@ip-172-31-35-19:/home/ubuntu# cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS" PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ```
Wazuh version ```console root@ip-172-31-35-19:/home/ubuntu# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40807" WAZUH_TYPE="server" ```
On 2024.04.15 ```console root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-15 13:27:39 UTC; 7min ago Docs: https://documentation.wazuh.com Main PID: 3957 (java) Tasks: 93 (limit: 9189) Memory: 4.2G CPU: 1min 5.640s CGroup: /system.slice/wazuh-indexer.service └─3957 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea> Apr 15 13:27:27 ip-172-31-35-19 systemd[1]: Starting Wazuh-indexer... Apr 15 13:27:29 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 13:27:29 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.j> Apr 15 13:27:29 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Apr 15 13:27:29 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 13:27:30 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: A terminally deprecated method in java.lang.System has been called Apr 15 13:27:30 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) Apr 15 13:27:30 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Apr 15 13:27:30 ip-172-31-35-19 systemd-entrypoint[3957]: WARNING: System::setSecurityManager will be removed in a future release Apr 15 13:27:39 ip-172-31-35-19 systemd[1]: Started Wazuh-indexer. ``` ```console root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-15 13:33:04 UTC; 2min 41s ago Tasks: 172 (limit: 9189) Memory: 759.7M CPU: 23.979s CGroup: /system.slice/wazuh-manager.service ├─52114 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─52115 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─52118 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─52121 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─52162 /var/ossec/bin/wazuh-authd ├─52178 /var/ossec/bin/wazuh-db ├─52203 /var/ossec/bin/wazuh-execd ├─52217 /var/ossec/bin/wazuh-analysisd ├─52282 /var/ossec/bin/wazuh-syscheckd ├─52299 /var/ossec/bin/wazuh-remoted ├─52334 /var/ossec/bin/wazuh-logcollector ├─52353 /var/ossec/bin/wazuh-monitord └─52379 /var/ossec/bin/wazuh-modulesd Apr 15 13:32:57 ip-172-31-35-19 env[52056]: Started wazuh-analysisd... Apr 15 13:32:58 ip-172-31-35-19 env[52056]: Started wazuh-syscheckd... Apr 15 13:32:59 ip-172-31-35-19 env[52056]: Started wazuh-remoted... Apr 15 13:33:00 ip-172-31-35-19 env[52056]: Started wazuh-logcollector... Apr 15 13:33:01 ip-172-31-35-19 env[52056]: Started wazuh-monitord... Apr 15 13:33:01 ip-172-31-35-19 env[52376]: 2024/04/15 13:33:01 wazuh-modulesd:router: INFO: Loaded router module. Apr 15 13:33:01 ip-172-31-35-19 env[52376]: 2024/04/15 13:33:01 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Apr 15 13:33:02 ip-172-31-35-19 env[52056]: Started wazuh-modulesd... Apr 15 13:33:04 ip-172-31-35-19 env[52056]: Completed. Apr 15 13:33:04 ip-172-31-35-19 systemd[1]: Started Wazuh manager. ``` ```console root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-15 13:33:05 UTC; 3min 12s ago Main PID: 53290 (node) Tasks: 11 (limit: 9189) Memory: 164.3M CPU: 7.743s CGroup: /system.slice/wazuh-dashboard.service └─53290 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist Apr 15 13:33:09 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:09Z","tags":["info","plugins-service"],"pid":53290,"message":"Plugin \"dataSourceManagement\" ha> Apr 15 13:33:09 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:09Z","tags":["info","plugins-service"],"pid":53290,"message":"Plugin \"dataSource\" is disabled.> Apr 15 13:33:09 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:09Z","tags":["info","plugins-service"],"pid":53290,"message":"Plugin \"visTypeXy\" is disabled."} Apr 15 13:33:09 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:09Z","tags":["info","plugins-system"],"pid":53290,"message":"Setting up [48] plugins: [usageColl> Apr 15 13:33:10 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:10Z","tags":["info","savedobjects-service"],"pid":53290,"message":"Waiting until all OpenSearch > Apr 15 13:33:10 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:10Z","tags":["info","savedobjects-service"],"pid":53290,"message":"Starting saved objects migrat> Apr 15 13:33:10 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:10Z","tags":["info","plugins-system"],"pid":53290,"message":"Starting [48] plugins: [usageCollec> Apr 15 13:33:10 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:10Z","tags":["listening","info"],"pid":53290,"message":"Server running at https://0.0.0.0:443"} Apr 15 13:33:11 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"log","@timestamp":"2024-04-15T13:33:11Z","tags":["info","http","server","OpenSearchDashboards"],"pid":53290,"message":"http server r> Apr 15 13:33:16 ip-172-31-35-19 opensearch-dashboards[53290]: {"type":"response","@timestamp":"2024-04-15T13:33:15Z","tags":[],"pid":53290,"method":"get","statusCode":200,"req":{"url":"/status","method":> lines 1-20/20 (END) ``` ```console root@ip-172-31-35-19:/home/ubuntu# ls -la /var/log/wazuh-indexer total 300 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Apr 15 13:27 . drwxrwxr-x 12 root syslog 4096 Apr 15 13:29 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 85815 Apr 15 13:36 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 Apr 15 13:27 gc.log.00 -rw-r----- 1 wazuh-indexer wazuh-indexer 58636 Apr 15 13:33 wazuh-cluster.log -rw-r----- 1 wazuh-indexer wazuh-indexer 2735 Apr 15 13:32 wazuh-cluster_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 1631 Apr 15 13:32 wazuh-cluster_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_search_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 128063 Apr 15 13:33 wazuh-cluster_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_task_detailslog.log ```
On 2024.04.16 ```console root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-04-16 07:02:17 UTC; 8min ago Docs: https://documentation.wazuh.com Main PID: 421 (java) Tasks: 90 (limit: 9189) Memory: 4.3G CPU: 57.137s CGroup: /system.slice/wazuh-indexer.service └─421 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.tt> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.Bootstrap.set> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.Bootstrap.ini> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.OpenSearch.in> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.OpenSearch.ex> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.cli.EnvironmentAwareCom> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.cli.Command.mainWithout> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.cli.Command.main(Comman> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.OpenSearch.ma> Apr 16 07:02:00 ip-172-31-35-19 systemd-entrypoint[421]: at org.opensearch.bootstrap.OpenSearch.ma> Apr 16 07:02:17 ip-172-31-35-19 systemd[1]: Started Wazuh-indexer. root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-04-16 07:02:11 UTC; 9min ago Tasks: 171 (limit: 9189) Memory: 1.8G CPU: 33.308s CGroup: /system.slice/wazuh-manager.service ├─1032 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─1037 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─1040 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─1043 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─1088 /var/ossec/bin/wazuh-authd ├─1105 /var/ossec/bin/wazuh-db ├─1130 /var/ossec/bin/wazuh-execd ├─1143 /var/ossec/bin/wazuh-analysisd ├─1157 /var/ossec/bin/wazuh-syscheckd ├─1222 /var/ossec/bin/wazuh-remoted ├─1260 /var/ossec/bin/wazuh-logcollector ├─1279 /var/ossec/bin/wazuh-monitord └─1305 /var/ossec/bin/wazuh-modulesd Apr 16 07:02:03 ip-172-31-35-19 env[422]: Started wazuh-analysisd... Apr 16 07:02:04 ip-172-31-35-19 env[422]: Started wazuh-syscheckd... Apr 16 07:02:05 ip-172-31-35-19 env[422]: Started wazuh-remoted... Apr 16 07:02:06 ip-172-31-35-19 env[422]: Started wazuh-logcollector... Apr 16 07:02:07 ip-172-31-35-19 env[422]: Started wazuh-monitord... Apr 16 07:02:08 ip-172-31-35-19 env[1301]: 2024/04/16 07:02:08 wazuh-modulesd:router: INFO: Loaded router > Apr 16 07:02:08 ip-172-31-35-19 env[1301]: 2024/04/16 07:02:08 wazuh-modulesd:content_manager: INFO: Loade> Apr 16 07:02:09 ip-172-31-35-19 env[422]: Started wazuh-modulesd... Apr 16 07:02:11 ip-172-31-35-19 env[422]: Completed. Apr 16 07:02:11 ip-172-31-35-19 systemd[1]: Started Wazuh manager. root@ip-172-31-35-19:/home/ubuntu# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-04-16 07:01:53 UTC; 10min ago Main PID: 420 (node) Tasks: 11 (limit: 9189) Memory: 284.1M CPU: 9.397s CGroup: /system.slice/wazuh-dashboard.service └─420 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --u> Apr 16 07:02:06 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:0> Apr 16 07:02:07 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:0> Apr 16 07:02:09 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:0> Apr 16 07:02:11 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:1> Apr 16 07:02:14 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:1> Apr 16 07:02:16 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:1> Apr 16 07:02:20 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:2> Apr 16 07:02:20 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:2> Apr 16 07:02:20 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:2> Apr 16 07:02:21 ip-172-31-35-19 opensearch-dashboards[420]: {"type":"log","@timestamp":"2024-04-16T07:02:2> lines 1-20/20 (END) root@ip-172-31-35-19:/home/ubuntu# ls -la /var/log/wazuh-indexer total 328 drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Apr 16 07:02 . drwxrwxr-x 12 root syslog 4096 Apr 16 07:01 .. -rw-r--r-- 1 wazuh-indexer wazuh-indexer 85633 Apr 16 07:12 gc.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 2019 Apr 15 13:27 gc.log.00 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 88670 Apr 15 13:37 gc.log.01 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 1995 Apr 16 07:01 gc.log.02 -rw-r--r-- 1 wazuh-indexer wazuh-indexer 9932 Apr 16 07:02 wazuh-cluster-2024-04-15-1.json.gz -rw-r--r-- 1 wazuh-indexer wazuh-indexer 8868 Apr 16 07:02 wazuh-cluster-2024-04-15-1.log.gz -rw-r--r-- 1 wazuh-indexer wazuh-indexer 30876 Apr 16 07:12 wazuh-cluster.log -rw-r----- 1 wazuh-indexer wazuh-indexer 5005 Apr 16 07:02 wazuh-cluster_deprecation.json -rw-r----- 1 wazuh-indexer wazuh-indexer 3004 Apr 16 07:02 wazuh-cluster_deprecation.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_indexing_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_indexing_slowlog.log -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_search_slowlog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_index_search_slowlog.log -rw-r--r-- 1 wazuh-indexer wazuh-indexer 65128 Apr 16 07:12 wazuh-cluster_server.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_task_detailslog.json -rw-r----- 1 wazuh-indexer wazuh-indexer 0 Apr 15 13:27 wazuh-cluster_task_detailslog.log ```
santipadilla commented 6 months ago

In all the cases mentioned above, everything has worked as it should, the error has not been reproduced.

juliamagan commented 6 months ago

LGTM

davidjiglesias commented 6 months ago

LGTM