Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test.
Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the CICD team through this link.
External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the CICD team here.
Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing/publication objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues.
Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example https://github.com/wazuh/wazuh/issues/13994.
Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/binary-beasts team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.
For the conclusions and the issue testing and updates, use the following legend:
:green_circle: Add a new group
![image](https://github.com/wazuh/wazuh/assets/42900763/c1124806-7727-4b8c-82c6-a904e6801f0a)
:green_circle: Add agents to a group
![image](https://github.com/wazuh/wazuh/assets/42900763/9b897106-5b86-442a-9553-6e1fadb95041)
:green_circle: Remove agents from a group
![image](https://github.com/wazuh/wazuh/assets/42900763/10406860-a8c4-4b8e-b223-2f9f1af92606)
:green_circle: Apply a configuration to a group with several agents
```xml
/var/log/my.logsyslog
```
After applying the configuration, both agents automatically restarted and modified their `agent.conf` with the configuration.
:green_circle: Apply a configuration to a group with only one agent
```xml
/var/log/test2.logsyslog
```
After applying the configuration, only the correct agent restarted and modified its `agent.conf`
:green_circle: Apply configurations based on the OS
Applied the following configuration to a group with multiple agents
```xml
/var/log/windows.logsyslog/var/log/linux.logsyslog
```
After applying the configuration, both agents automatically restarted and modified their `agent.conf` with the configuration. The Windows agent only searched for `windows.log` and Linux agent only searched for `linux.log`
:green_circle: Apply configurations based on the agent name
Applied the following configuration to a group with multiple agents
```xml
/var/log/agentwindows.logsyslog/var/log/agentrhel.logsyslog
```
After applying the configuration, both agents automatically restarted and modified their `agent.conf` with the configuration. The Windows agent only searched for `agentwindows.log` and RHEL agent only searched for `agentrhel.log`
:green_circle: Apply configurations based on the agent profile
Applied the following configuration to a group with multiple agents
```xml
/var/log/profilewindows.logsyslog/var/log/profilerhel.logsyslog
```
After applying the configuration, both agents automatically restarted and modified their `agent.conf` with the configuration. The Windows agent only searched for `profilewindows.log` and RHEL agent only searched for `profilerhel.log`
:yellow_circle: Using an invalid configuration
Known issue: https://github.com/wazuh/wazuh-kibana-app/issues/5133
Will be fixed for 4.6.0
![image](https://github.com/wazuh/wazuh/assets/42900763/9b897106-5b86-442a-9553-6e1fadb95041)
🟢 Add 100M text file to `/var/ossec/etc/shared/agents/` from master
```console
[root@localhost commongroup]# pwd
/var/ossec/etc/shared/commongroup
[root@localhost commongroup]# yes this is a 100M text file | head -c 100M > 100Mfile.txt
[root@localhost commongroup]# chown wazuh:wazuh 100Mfile.txt
[root@localhost commongroup]# chmod 660 100Mfile.txt
[root@localhost commongroup]# ls -la
total 233412
drwx------. 2 wazuh wazuh 61 Sep 23 12:15 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 104857600 Sep 23 12:15 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:57 agent.conf
-rw-rw----. 1 wazuh wazuh 104858255 Sep 23 12:15 merged.mg
```
![image](https://github.com/wazuh/wazuh/assets/42900763/eceb0fbd-9a31-4b9e-a3c1-c69732265e9d)
### Worker's `/var/ossec/etc/shared/agents/` contents
```console
[root@server2 ~]# ls -la /var/ossec/etc/shared/commongroup/
total 204808
drwxrwx---. 2 wazuh wazuh 61 Sep 23 12:15 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 104857600 Sep 23 12:15 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:58 agent.conf
-rw-rw----. 1 wazuh wazuh 104858255 Sep 23 12:15 merged.mg
```
### Linux agent `/var/ossec/etc/shared/` contents
```console
[root@agent01 ~]# ls -la /var/ossec/etc/shared/
total 204812
drwxrwx---. 2 root wazuh 76 Sep 23 12:16 .
drwxrwx---. 3 wazuh wazuh 158 Sep 23 11:39 ..
-rw-r--r--. 1 wazuh wazuh 104857600 Sep 23 12:16 100Mfile.txt
-rw-r--r--. 1 wazuh wazuh 600 Sep 23 12:16 agent.conf
-rw-r--r--. 1 wazuh wazuh 228 Sep 23 12:16 ar.conf
-rw-r--r--. 1 wazuh wazuh 104858491 Sep 23 12:16 merged.mg
```
### Windows agent `C:\Program Files (x86)\ossec-agent\shared\` contents
![image](https://github.com/wazuh/wazuh/assets/42900763/acdd0e72-0e73-4ff2-812a-5fb7cc10b53a)
🟢 Add 100M text file to `/var/ossec/etc/shared/linux/` from worker
```console
[root@server2 commongroup]# yes this is a 100M text file | head -c 100M > 100Mfileworker.txt && ls -lah
total 301M
drwxrwx---. 2 wazuh wazuh 87 Sep 23 12:21 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 100M Sep 23 12:15 100Mfile.txt
-rw-r--r--. 1 root root 100M Sep 23 12:21 100Mfileworker.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:58 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 12:15 merged.mg
[root@server2 commongroup]# ls -lah
total 201M
drwxrwx---. 2 wazuh wazuh 61 Sep 23 12:21 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 100M Sep 23 12:15 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:58 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 12:15 merged.mg
```
ℹ️ File is deleted immediately.
:yellow_circle: Add 1G file to `/var/ossec/etc/shared/agents/` from master
Known issue: https://github.com/wazuh/wazuh/issues/18897
### Create file
```console
[root@localhost commongroup]# yes this is a 1G text file | head -c 1G > 1Gfile.txt
[root@localhost commongroup]# chown wazuh: 1Gfile.txt && chmod 660 1Gfile.txt
[root@localhost commongroup]# ls -lah
total 1.7G
drwx------. 2 wazuh wazuh 100 Sep 23 12:59 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 100M Sep 23 12:15 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 1.0G Sep 23 12:59 1Gfile.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:57 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 12:15 merged.mg
-rw-rw----. 1 wazuh wazuh 371M Sep 23 12:59 merged.mg.tmp
```
- Worker's contents
```console
[root@server2 commongroup]# ls -lah
total 1.2G
drwxrwx---. 2 wazuh wazuh 79 Sep 23 13:00 .
drwxrwx---. 7 root wazuh 133 Sep 23 12:05 ..
-rw-rw----. 1 wazuh wazuh 100M Sep 23 12:15 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 1.0G Sep 23 13:00 1Gfile.txt
-rw-rw----. 1 wazuh wazuh 361 Sep 23 11:58 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 12:15 merged.mg
```
- Logs
```console
[root@localhost commongroup]# tail /var/ossec/logs/cluster.log
2023/09/23 13:01:42 WARNING: [Local Server] [Main] File too large to be synced: /var/ossec/etc/shared/commongroup/merged.mg
```
### WUI
In the interface, a delay is detected when trying to load the group data, in some cases, it throws timeout errors with the API, and after a while it loads.
:yellow_circle: Adding a compressed file to `/var/ossec/etc/shared/agents/` from master
Known issue: https://github.com/wazuh/wazuh/issues/17204
### Create file
```console
[root@localhost commongroup]# tar cjvf 100Mfile.tar.bz2 100Mfile.txt && chmod 660 100Mfile.tar.bz2 && chown wazuh:wazuh 100Mfile.tar.bz2
100Mfile.txt
[root@localhost commongroup]# ls -lah
total 228M
drwx------. 2 wazuh wazuh 85 Sep 23 15:59 .
drwxrwx---. 7 root wazuh 133 Sep 23 13:41 ..
-rw-rw----. 1 wazuh wazuh 15K Sep 23 15:59 100Mfile.tar.bz2
-rw-rw----. 1 wazuh wazuh 100M Sep 23 15:44 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 76 Sep 21 17:45 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 15:59 merged.mg
```
- Worker's contents
```console
[root@server2 commongroup]# ls -lah
total 201M
drwxrwx---. 2 wazuh wazuh 85 Sep 23 16:00 .
drwxrwx---. 7 root wazuh 133 Sep 23 13:41 ..
-rw-rw----. 1 wazuh wazuh 15K Sep 23 16:00 100Mfile.tar.bz2
-rw-rw----. 1 wazuh wazuh 100M Sep 23 15:44 100Mfile.txt
-rw-rw----. 1 wazuh wazuh 76 Sep 23 13:39 agent.conf
-rw-rw----. 1 wazuh wazuh 101M Sep 23 15:59 merged.mg
```
- Logs
```console
2023/09/23 15:59:37 wazuh-remoted: ERROR: Invalid shared file 'etc/shared/commongroup/100Mfile.tar.bz2' in group 'commongroup'. Ignoring it.
```
ℹ️ Compressed file is recognized as invalid and ignored, but synced to worker anyways.
### Linux agent 1's shared directory
```console
[root@redhat-9-agent ~]# ls -lah /var/ossec/etc/shared/
total 2.2G
drwxrwx---. 2 root wazuh 4.0K Sep 7 19:01 .
drwxrwx---. 3 wazuh wazuh 4.0K Sep 7 15:21 ..
-rw-------. 1 wazuh wazuh 100M Sep 7 19:00 100Mfile.txt
-rw-------. 1 wazuh wazuh 1.0G Sep 7 19:01 1Gfile.txt
-rw-------. 1 wazuh wazuh 1.3K Sep 7 19:01 agent.conf
-rw-------. 1 wazuh wazuh 228 Sep 7 19:00 ar.conf
-rw-r--r--. 1 wazuh wazuh 1.1G Sep 7 19:00 merged.mg
```
### WUI
![Screenshot_20230907_161809](https://github.com/wazuh/wazuh/assets/64099752/2e4f8cdb-bf98-4bb0-bd6e-ae6ef8447b18)
File appears in 'Management->Groups->agents->Files' in the WUI.
⚠️ Results are the same as with single node cluster. Since the file is invalid and is not going to be synced to the group's agents, maybe it should not appear in this interface.
End-to-End (E2E) Testing Guideline
Release testing/publication
objective andVery high
priority. Communicate these to the team and QA via the c-release Slack channel.For the conclusions and the issue testing and updates, use the following legend:
Status legend
Deployment requirements
Test description
Test the functionality of agent groups for centralized configuration:
Known issues
Conclusions
Summarize the errors detected (Known Issues included). Illustrate using the table below, removing current examples:
/var/ossec/etc/shared/agents/
from master/var/ossec/etc/shared/agents/
from masterFeedback
We value your feedback. Please provide insights on your testing experience.
Was the testing guideline clear? Were there any ambiguities? The test was clear.
Did you face any challenges not covered by the guideline? No uncovered challenges faced
Suggestions for improvement: It would be good to have a list of the changelog entries related to the component.
Reviewers validation
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.