System info
```
bash-4.4$ hostname
soaxp078
bash-4.4$ uname -a
AIX soaxp078 1 6 00CADA644C00
```
Build :green_circle:
[aix-4.4.0-rc2-compilation.log](https://github.com/wazuh/wazuh/files/11017316/aix-4.4.0-rc2-compilation.log)
Install :green_circle:
- Wazuh agent
```
bash-4.4$ curl -k -LO https://packages-dev.wazuh.com/pre-release/aix/wazuh-agent-4.4.0-1.aix.ppc.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8261k 100 8261k 0 0 4473k 0 0:00:01 0:00:01 --:--:-- 4475k
bash-4.4$ ls
wazuh-agent-4.4.0-1.aix.ppc.rpm
bash-4.4$ rpm -qip wazuh-agent-4.4.0-1.aix.ppc.rpm
Name : wazuh-agent Relocations: (not relocateable)
Version : 4.4.0 Vendor: Wazuh, Inc
Release : 1 Build Date: Mon Mar 20 04:49:54 2023
Install date: (not installed) Build Host: soaxp078
Group : System Environment/Daemons Source RPM: wazuh-agent-4.4.0-1.src.rpm
Size : 27755722 License: GPL
Packager : Wazuh, Inc
URL : https://www.wazuh.com/
Summary : The Wazuh agent, used for threat detection, incident response and integrity monitoring.
Description :
Wazuh is an open source security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
bash-4.4# WAZUH_MANAGER="xxx.xxx.xxx.xxx" rpm -ivh wazuh-agent-4.4.0-1.aix.ppc.rpm
wazuh-agent ##################################################
bash-4.4# /var/ossec/bin/wazuh-control start
Starting Wazuh v4.4.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
bash-4.4# ps -ef | grep wazuh
root 5636274 1 0 06:39:59 - 0:10 /var/ossec/bin/wazuh-syscheckd
root 6094994 1 0 06:39:58 - 0:00 /var/ossec/bin/wazuh-execd
wazuh 6422620 1 2 06:39:58 - 0:00 /var/ossec/bin/wazuh-agentd
root 6750324 1 0 06:39:59 - 0:00 /var/ossec/bin/wazuh-logcollector
root 7536892 1 1 06:40:00 - 0:00 /var/ossec/bin/wazuh-modulesd
bash-4.4# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.4.0"
WAZUH_REVISION="40404"
WAZUH_TYPE="agent"
bash-4.4# grep "tcp" /var/ossec/etc/ossec.conf
tcp
bash-4.4# prtconf
System Model: IBM,8231-E2D
Machine Serial Number: 06ADA64
Processor Type: PowerPC_POWER7
Processor Implementation Mode: POWER 7
Processor Version: PV_7_Compat
bash-4.4# grep wazuh /etc/group
wazuh:!:207:
```
- Wazuh server
```
[root@wazuh-server wazuh-user]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.4.0"
WAZUH_REVISION="40404"
WAZUH_TYPE="server"
[root@wazuh-server wazuh-user]# /var/ossec/bin/agent_control -i 001
Wazuh agent_control. Agent information:
Agent ID: 001
Agent Name: soaxp078
IP address: any
Status: Active
Operating system: AIX |soaxp078 |1 |6 |00CADA644C00
Client version: Wazuh v4.4.0
Configuration hash: ab73af41699f13fdd81903b5f23d8d00
Shared file hash: 4a8724b20dee0124ff9656783c490c4e
Last keep alive: 1679314071
Syscheck last started at: Mon Mar 20 11:39:59 2023
Syscheck last ended at: Mon Mar 20 11:40:07 2023
```
Alerts :green_circle:
![image](https://user-images.githubusercontent.com/1791430/226335149-782ad500-ab4a-427f-b4bf-7ff7a0bb103f.png)
![image](https://user-images.githubusercontent.com/1791430/226335311-e4f1a642-c63b-404f-8b9b-8531acaba47e.png)
![image](https://user-images.githubusercontent.com/1791430/226335589-d44ecb25-0260-4335-8f69-779d509beef8.png)
```
[root@wazuh-server wazuh-user]# grep "1679313455.96078" /var/ossec/logs/alerts/alerts.json
{"timestamp":"2023-03-20T11:57:35.478+0000","rule":{"level":9,"description":"SCA summary: System audit for Unix based systems: Score less than 30% (0)","id":"19005","firedtimes":2,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"]},"agent":{"id":"001","name":"soaxp078"},"manager":{"name":"wazuh-server"},"id":"1679313455.96078","decoder":{"name":"sca"},"data":{"sca":{"type":"summary","scan_id":"20173","policy":"System audit for Unix based systems","description":"Guidance for establishing a secure configuration for Unix based systems.","policy_id":"unix_audit","passed":"0","failed":"10","invalid":"13","total_checks":"23","score":"0","file":"sca_unix_audit.yml"}},"location":"sca"}
```
- TCP connection OK
- UDP connection OK
```
bash-4.4# grep "tcp" /var/ossec/logs/ossec.log
2023/03/20 06:39:49 wazuh-agentd: INFO: Trying to connect to server ([xxx.xxx.xxx.xxx]:1514/tcp).
2023/03/20 06:39:49 wazuh-agentd: INFO: (4102): Connected to the server ([xxx.xxx.xxx.xxx]:1514/tcp).
bash-4.4# grep "udp" /var/ossec/logs/ossec.log
2023/03/20 07:03:12 wazuh-agentd: INFO: Trying to connect to server ([xxx.xxx.xxx.xxx]:1514/udp).
2023/03/20 07:03:12 wazuh-agentd: INFO: (4102): Connected to the server ([xxx.xxx.xxx.xxx]:1514/udp).
```
Remove :red_circle:
```
bash-4.4# rpm -e wazuh-agent
rmdir of /var/ossec/tmp/src/init failed: No such file or directory
rmdir of /var/ossec/tmp/etc/templates/config/generic/localfile-logs failed: No such file or directory
rmdir of /var/ossec/tmp/etc/templates/config/generic failed: No such file or directory
rmdir of /var/ossec/tmp/etc/templates/config failed: No such file or directory
rmdir of /var/ossec/tmp/etc/templates failed: No such file or directory
cannot remove /var/ossec/queue/syscollector/db - directory not empty
cannot remove /var/ossec/queue/syscollector - directory not empty
cannot remove /var/ossec/queue/logcollector - directory not empty
cannot remove /var/ossec/queue/fim/db - directory not empty
cannot remove /var/ossec/queue/fim - directory not empty
cannot remove /var/ossec/queue - directory not empty
removal of /var/ossec/logs/ossec.json failed: No such file or directory
cannot remove /var/ossec/etc/shared - directory not empty
cannot remove /var/ossec/etc - directory not empty
cannot remove /var/ossec - directory not empty
bash-4.4# ps -ef | grep wazuh
bash-4.4# ls -l /var/ossec/
total 182408
-rw------- 1 root system 93389432 Mar 20 06:39 core
drwxrwx--- 3 208 207 256 Mar 20 07:06 etc
drwxr-x--- 5 root 207 256 Mar 20 07:06 queue
bash-4.4# ls -la /var/ossec/core
-rw------- 1 root system 93389432 Mar 20 06:39 /var/ossec/core
```
ERROR:
It's seems to be that during uninstalling procedure, a core dump was generated by modulesd
Upgrade 4.3.10 -> 4.4.0 :green_circle:
```
bash-4.4# curl -k -LO WAZUH_MANAGER="xxx.xxx.xxx.xxx" rpm -ivh wazuh-agent-4.3.10-1.aix.ppc.rpm^C
bash-4.4# curl -k -LO https://packages.wazuh.com/4.x/aix/wazuh-agent-4.3.10-1.aix.ppc.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8080k 100 8080k 0 0 4739k 0 0:00:01 0:00:01 --:--:-- 4739k
bash-4.4# WAZUH_MANAGER="44.192.45.229" rpm -ivh wazuh-agent-4.3.10-1.aix.ppc.rpm
wazuh-agent ##################################################
bash-4.4# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.3.10"
WAZUH_REVISION="40323"
WAZUH_TYPE="agent"
bash-4.4# /var/ossec/bin/wazuh-control start
Starting Wazuh v4.3.10...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
bash-4.4# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
```
![image](https://user-images.githubusercontent.com/1791430/226356549-96077ed4-d892-464d-b295-d6bf679c2f70.png)
```
bash-4.4# curl -k -LO https://packages-dev.wazuh.com/pre-release/aix/wazuh-agent-4.4.0-1.aix.ppc.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8261k 100 8261k 0 0 4753k 0 0:00:01 0:00:01 --:--:-- 4753k
bash-4.4# rpm -U wazuh-agent-4.4.0-1.aix.ppc.rpm
bash-4.4# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.4.0"
WAZUH_REVISION="40404"
WAZUH_TYPE="agent"
bash-4.4# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...
bash-4.4# grep -Ei "ERROR|CRITICAL|FATAL|WARNING" /var/ossec/logs/ossec.log
bash-4.4#
```
![image](https://user-images.githubusercontent.com/1791430/226357649-afb1216e-c06c-497e-8074-3aa0260e7269.png)
![image](https://user-images.githubusercontent.com/1791430/226359168-4d4d1bc3-44d4-4fd2-b7d6-767f62a1ca64.png)
Wazuh indexer - journalctl
- Warnings reported at https://github.com/wazuh/wazuh-packages/issues/2046
```
[root@wazuh-server wazuh-user]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|critical|warning|fatal"
Mar 20 16:00:59 wazuh-server systemd-entrypoint[995]: WARNING: System::setSecurityManager will be removed in a future release
Mar 20 16:00:59 wazuh-server systemd-entrypoint[995]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Mar 20 16:00:59 wazuh-server systemd-entrypoint[995]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.4.1.jar)
Mar 20 16:00:59 wazuh-server systemd-entrypoint[995]: WARNING: A terminally deprecated method in java.lang.System has been called
Mar 20 16:00:58 wazuh-server systemd-entrypoint[995]: WARNING: System::setSecurityManager will be removed in a future release
Mar 20 16:00:58 wazuh-server systemd-entrypoint[995]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Mar 20 16:00:58 wazuh-server systemd-entrypoint[995]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.4.1.jar)
Mar 20 16:00:58 wazuh-server systemd-entrypoint[995]: WARNING: A terminally deprecated method in java.lang.System has been called
```
Wazuh indexer - /var/logs/wazuh-indexer
- Securityadmin errors reported at https://github.com/wazuh/wazuh-packages/issues/2095
```
[root@wazuh-server wazuh-user]# grep -R -i -E "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:00:59,672][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3990m, -Xmx3990m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-11617696194596619042, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2091909120, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:06,240][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:08,806][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:11,124][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:11,142][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:11,147][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:11,150][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:13,547][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:13,550][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:13,553][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:13,555][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:16,051][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:16,054][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:16,057][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:16,059][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:18,552][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:18,554][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:18,555][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:18,557][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:20,386][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:21,057][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:21,066][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:21,072][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T16:01:21,077][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:00:59,672Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3990m, -Xmx3990m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-11617696194596619042, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2091909120, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:06,240Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:08,806Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:11,124Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:11,142Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:11,147Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:11,150Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:13,547Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:13,550Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:13,553Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:13,555Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:16,051Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:16,054Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:16,057Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:16,059Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:18,552Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:18,554Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:18,555Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:18,557Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:20,386Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:21,057Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:21,066Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:21,072Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T16:01:21,077Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "7x_17bsSSkek6cVku7ZRqQ", "node.id": "WZ0TQIwoQpSxNkCa3O_FKQ" }
```
AMI - Agent connection and workload
This was tested as part of Special systems, since the AMI was the Wazuh manager
AMI - WUI
- Loading screen OK
- Login screen OK
- Light/dark mode OK
- Credentials: OK
AMI - Logs
+ Wazuh dashboard - journalctl
[dashboard.log](https://github.com/wazuh/wazuh/files/11022923/dashboard.log)
Errors reported at: https://github.com/wazuh/wazuh-packages/issues/2106
Wazuh indexer - journalctl
```
[root@wazuh-server wazuh-user]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|critical|fatal|warning"
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: 2023-03-20 11:13:20,570 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: 2023-03-20 11:13:20,564 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: WARNING: System::setSecurityManager will be removed in a future release
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.4.1.jar)
Mar 20 11:13:20 wazuh-server systemd-entrypoint[2408]: WARNING: A terminally deprecated method in java.lang.System has been called
Mar 20 11:13:15 wazuh-server systemd-entrypoint[2408]: WARNING: System::setSecurityManager will be removed in a future release
Mar 20 11:13:15 wazuh-server systemd-entrypoint[2408]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Mar 20 11:13:15 wazuh-server systemd-entrypoint[2408]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.4.1.jar)
Mar 20 11:13:15 wazuh-server systemd-entrypoint[2408]: WARNING: A terminally deprecated method in java.lang.System has been called
```
- Reported at https://github.com/wazuh/wazuh-jenkins/issues/4862
Wazuh indexer - /var/logs/wazuh-indexer
- `Default endpoint could not be created, auditlog will not work properly` error related to https://github.com/wazuh/wazuh-packages/issues/1968
- `Exception during establishing a SSL connection` error related to https://github.com/wazuh/wazuh-packages/issues/1489
```
[root@wazuh-server wazuh-user]# grep -R -i -E "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:13:20,572Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3936m, -Xmx3936m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-2372038918792075688, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2063597568, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:01,343Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:05,614Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:06,530Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:07,419Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:07,429Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:07,432Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:07,434Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:09,900Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:09,903Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:09,906Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:09,908Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:12,401Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:12,404Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:12,406Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:12,410Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:14,785Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:14,904Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:14,906Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:14,909Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:14,911Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:17,404Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:17,406Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:17,408Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T11:14:17,411Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T12:11:29,867Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T15:31:08,317Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T15:31:08,320Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T15:31:44,086Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T15:31:44,092Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T17:41:31,145Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-03-20T17:41:33,308Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: java.net.SocketException: Connection reset", "cluster.uuid": "qrCY2yLJQP-l0Y8UneoIQw", "node.id": "BllAiBMuQeWfGzXFZJOpIA" ,
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:13:20,572][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3936m, -Xmx3936m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-2372038918792075688, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2063597568, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:01,343][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:05,614][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Exception while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:06,530][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:07,419][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:07,429][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:07,432][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:07,434][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:09,900][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:09,903][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:09,906][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:09,908][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:12,401][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:12,404][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:12,406][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:12,410][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:14,785][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:14,904][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:14,906][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:14,909][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:14,911][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:17,404][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:17,406][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:17,408][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T11:14:17,411][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T12:11:29,867][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T15:31:08,317][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T15:31:08,320][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T15:31:44,086][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T15:31:44,092][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T17:41:31,145][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-03-20T17:41:33,308][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
```
Wazuh server - /var/ossec/logs
```
[root@wazuh-server wazuh-user]# grep -i -E "error|critical|fatal|warning" /var/ossec/logs/ossec.log | wc -l
3
[root@wazuh-server wazuh-user]# grep -i -E "error|critical|fatal|warning" /var/ossec/logs/ossec.log
2023/03/20 17:59:22 wazuh-authd: ERROR: SSL Error (-1)
2023/03/20 18:28:08 wazuh-db: ERROR: There was an error assigning the groups to agent '007'
2023/03/20 18:28:08 wazuh-db: WARNING: The groups were empty right after the set for agent '007'
```
SSL error:
- Related to Debian PPC64 agent (.152)
- Related https://github.com/wazuh/wazuh/issues/13936
```
2023/03/20 17:35:13 wazuh-remoted: INFO: (1410): Reading authentication keys file.
2023/03/20 17:59:22 wazuh-authd: INFO: New connection from xx.xx.xx.152
2023/03/20 17:59:22 wazuh-authd: ERROR: SSL Error (-1)
2023/03/20 18:03:18 wazuh-authd: INFO: Agent '004' (sossp166) deleted (requested locally)
```
Group error:
- Reported at https://github.com/wazuh/wazuh/issues/16464
```
2023/03/20 18:28:04 wazuh-authd: INFO: Agent '007' (17f9e740df7a) deleted (requested locally)
2023/03/20 18:28:08 wazuh-db: ERROR: There was an error assigning the groups to agent '007'
2023/03/20 18:28:08 wazuh-db: WARNING: The groups were empty right after the set for agent '007'
2023/03/20 18:28:13 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
```
Packages tests metrics information
Build packages
Test packages
PPC64EL packages
OVA/AMI specific tests
Status legend: :black_circle: - Pending/In progress :white_circle: - Skipped :red_circle: - Rejected :yellow_circle: - Ready to review :green_circle: - Approved
Auditor's validation
In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.