fdalmaup
commented
1 week ago Issue Update
The related code fragment is in the src/config/wmodules-azure.c file and was not introduced in 4.8.0 as it can be checked in the v4.7.4 code fragments:
Also, a test of the module was carried out in Wazuh v4.7.4, showing the INFO messages when the ossec.conf configuration is read:
Wazuh version
```console root@d9b3863d6d59:/# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.7.4" WAZUH_REVISION="40717" WAZUH_TYPE="server" ```ossec.conf
```xmlossec.log
```log 2024/05/08 10:44:56 wazuh-modulesd: INFO: At module 'azure-logs': No request tag defined. Setting it randomly... 2024/05/08 10:44:56 wazuh-modulesd: INFO: At module 'azure-logs': No storage tag defined. Setting it randomly... 2024/05/08 10:45:02 wazuh-modulesd: INFO: At module 'azure-logs': No request tag defined. Setting it randomly... 2024/05/08 10:45:02 wazuh-modulesd: INFO: At module 'azure-logs': No storage tag defined. Setting it randomly... 2024/05/08 10:45:02 wazuh-modulesd:azure-logs: INFO: Module started. 2024/05/08 10:45:02 wazuh-modulesd:azure-logs: INFO: Starting fetching of logs. 2024/05/08 10:45:02 wazuh-modulesd:azure-logs: INFO: Starting Log Analytics collection for the domain 'TENANT'. 2024/05/08 10:45:03 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for request 'request_1408637460'. 2024/05/08 10:45:03 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for the domain 'TENANT'. 2024/05/08 10:45:03 wazuh-modulesd:azure-logs: INFO: Starting Storage log collection for 'storage_599859369'. 2024/05/08 10:45:08 wazuh-modulesd:azure-logs: INFO: Finished Storage log collection for container 'container'. 2024/05/08 10:45:08 wazuh-modulesd:azure-logs: INFO: Finished Storage log collection for 'storage_599859369'. 2024/05/08 10:55:02 wazuh-modulesd:azure-logs: INFO: Starting fetching of logs. 2024/05/08 10:55:02 wazuh-modulesd:azure-logs: INFO: Starting Log Analytics collection for the domain 'TENANT'. 2024/05/08 10:55:09 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for request 'request_1408637460'. 2024/05/08 10:55:09 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for the domain 'TENANT'. 2024/05/08 10:55:09 wazuh-modulesd:azure-logs: INFO: Starting Storage log collection for 'storage_599859369'. 2024/05/08 10:55:11 wazuh-modulesd:azure-logs: INFO: Finished Storage log collection for container 'container'. 2024/05/08 10:55:11 wazuh-modulesd:azure-logs: INFO: Finished Storage log collection for 'storage_599859369'. ```In conclusion, we will categorize it as a bug with a lower priority given it is not new to 4.8.0, and point the changes in the log level (debug=2) to the 5.0.0 version.
Wazuh version
```console root@29c3919c0341:/# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v5.0.0" WAZUH_REVISION="50000" WAZUH_TYPE="server" ```ossec.log without debug level 2
```log 2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Module started. 2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Starting fetching of logs. 2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Starting Log Analytics collection for the domain 'TENANT'. 2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for request 'request_1169087121'. 2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for the domain 'TENANT'. 2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Starting Storage log collection for 'storage_1431669653'. ```After setting wazuh_modules.debug=2 in the /var/ossec/etc/local_internal_options.conf file:
Description
We have been reported a problem where, in 4.8.0-rc1,
wazuh-modulesdservice is spamming azure-logs like the following:We need to review what might be happening and fix it, especially if this problem has been included in 4.8.0.
Checks
The following elements have been updated or reviewed (should also be checked if no modification is required):
api/test/integration/mapping/_test_mapping.py).