When the daily report generation, the process ends abnormally, Wazuh generates notifications about it.
We discover that Wazhuh Manager was reversed by the puppet, despite the fact that the upgrade from v4.3.2 to v4.3.10 was performed manually. Therefore, after turning off puppet configuration management and restarting the services, we manually upgraded the Wazuh to version 4.3.10 once more. However, the same warning appears at the scheduled time for the generation of daily reports, as seen below.
G-pixel1918
commented
1 month ago
type=ANOM_ABEND msg=audit(1695074602.178:32667): auid=4294967295 uid=987 gid=985 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 pid=20766 comm="wazuh-monitord" reason="memory violation" sig=6 audit.type: ANOM_ABENDWhen the daily report generation, the process ends abnormally, Wazuh generates notifications about it. We discover that Wazhuh Manager was reversed by the puppet, despite the fact that the upgrade from v4.3.2 to v4.3.10 was performed manually. Therefore, after turning off puppet configuration management and restarting the services, we manually upgraded the Wazuh to version 4.3.10 once more. However, the same warning appears at the scheduled time for the generation of daily reports, as seen below.
wazuh->/var/log/audit/audit.log Rule: 80711 fired (level 10) -> "Auditd: Process ended abnormally." Portion of the log(s): type=ANOM_ABEND msg=audit([1695074602](tel:1695074602).178:32667): auid=4294967295 uid=987 gid=985 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 pid=20766 comm="wazuh-monitord" reason="memory violation" sig=6 audit.type: ANOM_ABEND audit.id: 32667 audit.pid: 20766 audit.auid: 4294967295 audit.uid: 987 audit.gid: 985 audit.session: 4294967295 audit.command: wazuh