search

wazuh / wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
https://wazuh.com/
Other
9.34k stars 1.48k forks source link

Wazuh-db errors logs in Footprint tests #23301

Closed MARCOSD4 closed 5 days ago

MARCOSD4 commented 1 week ago
Wazuh version Component Install type Install method Platform
4.8.0-rc1 Wazuh component Manager Packages CentOS

Description

During testing in Release 4.8.0 - RC 1 - Footprint Metrics - ALL it has been detected this error logs related to wazuh-db:

2024/05/06 00:07:34 wazuh-db ERROR: Socket 56 error: Broken pipe (32)
2024/05/06 00:07:34 wazuh-db ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9)

Evidences: ossec_Test_stress_B5113_manager_2024-05-06.zip

vikman90 commented 1 week ago

Logs

ossec-05.log ``` 2024/05/05 01:58:22 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 01:58:22 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 01:58:22 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 01:58:22 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 04:02:17 wazuh-db: ERROR: Socket 57 error: Broken pipe (32) 2024/05/05 04:02:17 wazuh-db: ERROR: at run_worker(): wnotify_add(57): Bad file descriptor (9) 2024/05/05 05:16:47 wazuh-db: ERROR: Socket 42 error: Broken pipe (32) 2024/05/05 05:16:47 wazuh-db: ERROR: at run_worker(): wnotify_add(42): Bad file descriptor (9) 2024/05/05 05:31:52 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 05:31:52 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 06:01:53 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 06:01:53 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 06:07:16 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 06:07:16 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 06:16:54 wazuh-db: ERROR: Socket 56 error: Broken pipe (32) 2024/05/05 06:16:54 wazuh-db: ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9) 2024/05/05 07:26:50 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 07:26:50 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 08:06:58 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 08:06:58 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 08:57:00 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 08:57:00 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 09:02:01 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 09:02:01 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 09:02:01 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 09:02:01 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 09:22:02 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 09:22:02 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 09:22:02 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 09:22:02 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 09:42:07 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 09:42:07 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 09:42:07 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 09:42:07 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 09:51:59 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 09:51:59 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 09:51:59 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 09:51:59 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 10:21:14 wazuh-db: ERROR: Socket 56 error: Broken pipe (32) 2024/05/05 10:21:14 wazuh-db: ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9) 2024/05/05 10:21:14 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 10:21:14 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 11:17:09 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 11:17:09 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 11:17:09 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 11:17:09 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 11:37:09 wazuh-db: ERROR: Socket 56 error: Broken pipe (32) 2024/05/05 11:37:09 wazuh-db: ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9) 2024/05/05 11:37:09 wazuh-db: ERROR: Socket 42 error: Broken pipe (32) 2024/05/05 11:37:09 wazuh-db: ERROR: at run_worker(): wnotify_add(42): Bad file descriptor (9) 2024/05/05 12:47:13 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 12:47:13 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 12:47:13 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 12:47:13 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 13:17:14 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 13:17:14 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 13:17:14 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 13:17:14 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 13:42:17 wazuh-db: ERROR: Socket 56 error: Broken pipe (32) 2024/05/05 13:42:17 wazuh-db: ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9) 2024/05/05 13:42:17 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 13:42:17 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 13:52:07 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 13:52:07 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 13:52:07 wazuh-db: ERROR: Socket 42 error: Broken pipe (32) 2024/05/05 13:52:07 wazuh-db: ERROR: at run_worker(): wnotify_add(42): Bad file descriptor (9) 2024/05/05 14:11:57 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 14:11:57 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 14:27:19 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 14:27:19 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 14:27:19 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 14:27:19 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 14:32:06 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 14:32:06 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 14:39:52 wazuh-db: ERROR: Socket 53 error: Broken pipe (32) 2024/05/05 14:39:52 wazuh-db: ERROR: at run_worker(): wnotify_add(53): Bad file descriptor (9) 2024/05/05 14:39:52 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 14:39:52 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 14:52:30 wazuh-db: ERROR: Socket 56 error: Broken pipe (32) 2024/05/05 14:52:30 wazuh-db: ERROR: at run_worker(): wnotify_add(56): Bad file descriptor (9) 2024/05/05 15:02:22 wazuh-db: ERROR: Socket 52 error: Broken pipe (32) 2024/05/05 15:02:22 wazuh-db: ERROR: at run_worker(): wnotify_add(52): Bad file descriptor (9) 2024/05/05 15:02:22 wazuh-db: ERROR: Socket 54 error: Broken pipe (32) 2024/05/05 15:02:22 wazuh-db: ERROR: at run_worker(): wnotify_add(54): Bad file descriptor (9) 2024/05/05 15:12:32 wazuh-db: ERROR: Socket 55 error: Broken pipe (32) 2024/05/05 15:12:32 wazuh-db: ERROR: at run_worker(): wnotify_add(55): Bad file descriptor (9) 2024/05/05 15:17:05 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-05-05-15:17:05.gz" ```

This log makes me think that some new component is running queries on wazuh-db and then closing the connection before consuming the query's output. Maybe Vulnerability Detection?