Release 4.8.0 - RC 2 - E2E UX tests - Demo environment

[davidjiglesias]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example https://github.com/wazuh/wazuh/issues/13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by May 15, 2024 and notify the @wazuh/devel-devops team via Slack using the c-release channel
• Review: The @wazuh/devel-devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by May 16, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by May 17, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer
Server
Dashboard		-
Agent		-

Test description

Test demo.wazuh.info environment:

• Check that there are no errors in the manager, agent, cluster, indexer, and dashboard logs.
• Check that the Wazuh daemons are running with the expected user.
• Check that the status of the indexer cluster is the expected.
• Check that there are no errors in the browser's developer console when browsing the App.
• Check that there are alerts for each of the modules configured.
• Check that no warning symbols appear in the browser's developer console when browsing the App
• Generate an alert and check that this alert appears in the dashboard (end to end)
• Check that the search engine works without specifying a field and using *

To access the demo environment, please contact @devel-devops.

Known issues

• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4108
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4092
• https://github.com/wazuh/wazuh-packages/issues/1749
• https://github.com/wazuh/wazuh/issues/13253
• https://github.com/wazuh/wazuh/issues/5214
• https://github.com/wazuh/wazuh/issues/8580
• https://github.com/wazuh/wazuh/issues/8581
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4406
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4407
• https://github.com/wazuh/wazuh/issues/14710
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4232
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/4074
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/5745
• https://github.com/wazuh/wazuh-packages/issues/2139
• https://github.com/wazuh/wazuh/issues/18593
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/5821
• https://github.com/wazuh/wazuh-automation/issues/1113
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/5749
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/5750
• https://github.com/wazuh/wazuh-dashboard-plugins/4121
• https://github.com/wazuh/wazuh-dashboard-plugins/5332
• https://github.com/wazuh/wazuh-dashboard-plugins/6022
• https://github.com/wazuh/wazuh-automation/issues/1369
• https://github.com/wazuh/wazuh-dashboard-plugins/6023
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/6182
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/6216
• https://github.com/wazuh/wazuh/issues/21829

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure Type	Notes
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	https://github.com/wazuh/wazuh/issues/13253
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	https://github.com/wazuh/wazuh-packages/issues/2685
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4092
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4108
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5332
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5821
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6022
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6318
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320
🟡	Check that there are Alerts for each of the Modules Configured	Docker is not installed on the agents	None
🟡	Check that there are Alerts for each of the Modules Configured	Unecessary ENV2 Virus Total Setting	https://github.com/wazuh/wazuh-automation/issues/1369

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Yes, the information has been clear enough.
• Did you face any challenges not covered by the guideline?
  • No
• Suggestions for improvement:
  • I have no suggestions, I think the steps are good and clear enough to follow.

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• [ ] @davidjiglesias
• [x] @wazuh/devel-devops

[rafabailon]

Note

Blocked until the environments are ready to start with the issue

[rafabailon]

The available machines are:

Agents

- Amazon - Centos - Debian - RHEL9 - Ubuntu - Windows

Dashboard

- WazuhDashboard

Indexers

- IndexerBootstrap - IndexerMasterB - IndexerMasterC - WazuhDashboard

Managers

- WazuhMasterEnv1 - WazuhMasterEnv2 - WazuhWorker

[rafabailon]

Check Agent, Dashboard, Indexer, and Manager Logs 🟡

Agent Logs

Amazon 🟢

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="agent" ``` ### Agent Status ```console systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 09:04:32 UTC; 22h ago Process: 9624 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 9762 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-agent.service ├─11195 /var/ossec/bin/wazuh-execd ├─11207 /var/ossec/bin/wazuh-agentd ├─11222 /var/ossec/bin/wazuh-syscheckd ├─11238 /var/ossec/bin/wazuh-logcollector └─11256 /var/ossec/bin/wazuh-modulesd May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0... May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd... May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd... May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd... May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector... May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd... May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed. May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent. May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root) ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console journalctl -xe -u wazuh-agent.service May 15 09:04:17 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun shutting down. May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-modulesd... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-logcollector... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-syscheckd... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-agentd... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-execd... May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Wazuh v4.8.0 Stopped May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished shutting down. May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun starting up. May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0... May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd... May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd... May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd... May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector... May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd... May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed. May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root) ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Centos 🟢

### System information ```console cat /etc/*release CentOS Linux release 8.4.2105 NAME="CentOS Linux" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" CentOS Linux release 8.4.2105 CentOS Linux release 8.4.2105 ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="agent" ``` ### Agent Status ```console systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 09:06:32 UTC; 22h ago Process: 7982 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 8375 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 32 (limit: 4668) Memory: 356.8M CGroup: /system.slice/wazuh-agent.service ├─9753 /var/ossec/bin/wazuh-execd ├─9765 /var/ossec/bin/wazuh-agentd ├─9780 /var/ossec/bin/wazuh-syscheckd ├─9795 /var/ossec/bin/wazuh-logcollector └─9812 /var/ossec/bin/wazuh-modulesd May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0... May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd... May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd... May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd... May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector... May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd... May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed. May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console journalctl -xe -u wazuh-agent.service -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. May 15 09:06:20 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has begun shutting down. May 15 09:06:21 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-modulesd... May 15 09:06:24 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-logcollector... May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-syscheckd... May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-agentd... May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-execd... May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Wazuh v4.8.0 Stopped May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Succeeded. -- Subject: Unit succeeded -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- The unit wazuh-agent.service has successfully entered the 'dead' state. May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has finished shutting down. May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has begun starting up. May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0... May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd... May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd... May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd... May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector... May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd... May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed. May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Debian 🟢

### System information ```console cat /etc/*release ID="ec2" VERSION="20220503-998" PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="agent" ``` ### Agent Status ```console systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-05-15 09:04:52 UTC; 22h ago Tasks: 32 (limit: 1123) Memory: 46.8M CPU: 1min 54.756s CGroup: /system.slice/wazuh-agent.service ├─9771 /var/ossec/bin/wazuh-execd ├─9782 /var/ossec/bin/wazuh-agentd ├─9796 /var/ossec/bin/wazuh-syscheckd ├─9811 /var/ossec/bin/wazuh-logcollector └─9830 /var/ossec/bin/wazuh-modulesd May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent... May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0... May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd... May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd... May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd... May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector... May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd... May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed. May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console journalctl -xe -u wazuh-agent.service May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-logcollector... May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-syscheckd... May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-agentd... May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-execd... May 15 09:04:45 ip-10-0-1-76 env[7226]: Wazuh v4.8.0 Stopped May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Succeeded. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ The unit wazuh-agent.service has successfully entered the 'dead' state. May 15 09:04:45 ip-10-0-1-76 systemd[1]: Stopped Wazuh agent. ░░ Subject: A stop job for unit wazuh-agent.service has finished ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ A stop job for unit wazuh-agent.service has finished. ░░ ░░ The job identifier is 3515 and the job result is done. May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Consumed 18.921s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 3515. May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0... May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd... May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd... May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd... May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector... May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd... May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed. May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 3515. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

RHEL9 🟢

### System information ```console cat /etc/*release NAME="Red Hat Enterprise Linux" VERSION="9.2 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.2" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.2 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.2" Red Hat Enterprise Linux release 9.2 (Plow) Red Hat Enterprise Linux release 9.2 (Plow) ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="agent" ``` ### Agent Status ```console systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled) Active: active (running) since Wed 2024-05-15 09:54:54 UTC; 22h ago Process: 62223 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 54 (limit: 22632) Memory: 527.6M CPU: 9min 28.962s CGroup: /system.slice/wazuh-agent.service ├─62250 /var/ossec/bin/wazuh-execd ├─62262 /var/ossec/bin/wazuh-agentd ├─62277 /var/ossec/bin/wazuh-syscheckd ├─62291 /var/ossec/bin/wazuh-logcollector ├─62314 /var/ossec/bin/wazuh-modulesd ├─62326 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf ├─62327 python3 wodles/docker/DockerListener └─62336 /usr/bin/osqueryd May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0... May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd... May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd... May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd... May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector... May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0] May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd... May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed. May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console journalctl -xe -u wazuh-agent.service May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62155]: Wazuh v4.8.0 Stopped May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-agent.service has successfully entered the 'dead' state. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 59551 (osqueryd) remains running after unit stopped. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62184 (wazuh-modulesd) remains running after unit stopped. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62185 (wazuh-modulesd) remains running after unit stopped. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. ░░ Subject: A stop job for unit wazuh-agent.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-agent.service has finished. ░░ ░░ The job identifier is 27242 and the job result is done. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 37.853s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 27242. May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0... May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd... May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd... May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd... May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector... May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0] May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd... May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed. May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 27242. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Ubuntu 🟢

### System information ```console cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS" PRETTY_NAME="Ubuntu 22.04.2 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.2 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="agent" ``` ### Agent Status ```console systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-05-15 09:05:48 UTC; 22h ago Tasks: 32 (limit: 1116) Memory: 32.2M CPU: 1min 40.086s CGroup: /system.slice/wazuh-agent.service ├─9671 /var/ossec/bin/wazuh-execd ├─9682 /var/ossec/bin/wazuh-agentd ├─9696 /var/ossec/bin/wazuh-syscheckd ├─9711 /var/ossec/bin/wazuh-logcollector └─9730 /var/ossec/bin/wazuh-modulesd May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent... May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running... May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed. May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console journalctl -xe -u wazuh-agent.service May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Unit process 8643 (wazuh-modulesd) remains running after unit stopped. May 15 09:05:46 ip-10-0-1-162 systemd[1]: Stopped Wazuh agent. ░░ Subject: A stop job for unit wazuh-agent.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-agent.service has finished. ░░ ░░ The job identifier is 6222 and the job result is done. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Consumed 15.219s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8571 (wazuh-execd) in control group while starting unit. Ignoring. May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8586 (wazuh-agentd) in control group while starting unit. Ignoring. May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8604 (wazuh-syscheckd) in control group while starting unit. Ignoring. May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8623 (wazuh-logcollec) in control group while starting unit. Ignoring. May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8643 (wazuh-modulesd) in control group while starting unit. Ignoring. May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 6222. May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running... May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running... May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed. May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 6222. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Windows 🟡

### System information ```console systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version" OS Name: Microsoft Windows Server 2019 Datacenter OS Version: 10.0.17763 N/A Build 17763 ``` ### Agent Version ```console cd 'C:\Program Files (x86)\ossec-agent\' (Get-Command .\wazuh-agent.exe).FileVersionInfo ProductVersion FileVersion FileName -------------- ----------- -------- v4.8.0 v4.8.0 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe ``` ### Agent Status ```console NET START wazuh The requested service has already been started. ``` ### Error Logs ```console Get-Content "C:\Program Files (x86)\ossec-agent\ossec.log" | Select-String -Pattern "ERR|WARN|CRIT|FAT" 2024/05/16 00:00:17 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240516.log' due to [(2)-(No such file or directory)]. ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh/issues/13253

Dashboard Logs

WazuhDashboard 🟢

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Dashboard Version ```console cat /usr/share/wazuh-dashboard/plugins/wazuh/package.json { "name": "wazuh", "version": "4.8.0", "revision": "10", "pluginPlatform": { "version": "2.10.0" }, "description": "Wazuh dashboard", "keywords": [ "opensearch_dashboards", "wazuh", "ossec" ], "node_build": "10.23.1", "author": "Wazuh, Inc", "license": "GPL-2.0", "repository": { "type": "git", "url": "https://github.com/wazuh/wazuh-dashboard-plugins.git" }, "bugs": { "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues" }, "homepage": "https://www.wazuh.com/", "scripts": { "lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}", "lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}", "lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}", "lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}", "lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'", "format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc", "kbn": "node ../../scripts/kbn", "es": "node ../../scripts/es", "start": "plugin-helpers start", "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION", "build:runner": "node scripts/runner build", "plugin-helpers": "node ../../scripts/plugin_helpers", "test:ui:runner": "node ../../scripts/functional_test_runner.js", "test:server": "plugin-helpers test:server", "test:browser": "plugin-helpers test:browser", "test:jest": "node scripts/jest --runInBand", "test:jest:runner": "node scripts/runner test", "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration", "prebuild": "node scripts/generate-build-version" }, "dependencies": { "angular-animate": "1.8.3", "angular-material": "1.2.5", "axios": "^1.6.1", "install": "^0.13.0", "js2xmlparser": "^5.0.0", "json2csv": "^4.1.2", "jwt-decode": "^3.1.2", "loglevel": "^1.7.1", "markdown-it-link-attributes": "^4.0.1", "md5": "^2.3.0", "needle": "^3.2.0", "node-cron": "^1.1.2", "pdfmake": "0.2.7", "querystring-browser": "1.0.4", "react-codemirror": "^1.0.0", "react-cookie": "^4.0.3", "read-last-lines": "^1.7.2", "timsort": "^0.3.0", "typescript": "^5.0.4", "winston": "3.9.0" }, "devDependencies": { "@types/node-cron": "^2.0.3", "@typescript-eslint/eslint-plugin": "^6.2.1", "@typescript-eslint/parser": "^6.2.1", "eslint": "^8.46.0", "eslint-config-prettier": "^8.5.0", "eslint-import-resolver-typescript": "3.5.5", "eslint-plugin-async-await": "^0.0.0", "eslint-plugin-cypress": "^2.12.1", "eslint-plugin-filenames-simple": "^0.8.0", "eslint-plugin-import": "^2.28.0", "eslint-plugin-prettier": "^4.2.1", "eslint-plugin-react": "^7.31.8", "eslint-plugin-react-hooks": "^4.6.0", "prettier": "^2.7.1", "redux-mock-store": "^1.5.4", "swagger-client": "^3.19.11" }, "opensearchDashboards": { "version": "2.10.0" } } ``` ### Dashboard Status ```console systemctl status wazuh-dashboard -l ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 09:11:05 UTC; 22h ago Main PID: 19828 (node) CGroup: /system.slice/wazuh-dashboard.service └─19828 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 401 1ms - 9.0B"} May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"} May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"} May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"} May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} ``` ### Dashboard Service Status ```console journalctl -xe -u wazuh-dashboard.service --no-pager May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"} May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"} May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"} May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"} May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} ``` ### Error Logs ```console egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l 0 ```

Indexer Logs

IndexerBootstrap 🟡

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 08:47:07 UTC; 23h ago Docs: https://documentation.wazuh.com Main PID: 12359 (java) CGroup: /system.slice/wazuh-indexer.service └─12359 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:10:01 UTC. -- May 15 08:45:23 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:45:49 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel ---- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:47:07 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

IndexerMasterB 🟡

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 08:47:33 UTC; 23h ago Docs: https://documentation.wazuh.com Main PID: 12303 (java) CGroup: /system.slice/wazuh-indexer.service └─12303 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:13:22 UTC. -- May 15 08:45:26 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:45:49 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel ---- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:47:33 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

IndexerMasterC 🟡

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 08:48:04 UTC; 23h ago Docs: https://documentation.wazuh.com Main PID: 12810 (java) CGroup: /system.slice/wazuh-indexer.service └─12810 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:16:01 UTC. -- May 15 08:45:35 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:45:58 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel ---- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:48:04 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

WazuhDashboard 🟡

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-05-15 08:54:17 UTC; 23h ago Docs: https://documentation.wazuh.com Main PID: 14580 (java) CGroup: /system.slice/wazuh-indexer.service └─14580 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:28 UTC, end at Thu 2024-05-16 08:20:19 UTC. -- May 15 08:50:38 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up.May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:51:01 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel ---- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release May 15 08:54:17 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

Manager Logs

WazuhMasterEnv1 🟢

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="server" ``` ### Agent Status ```console systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2024-05-15 08:58:46 UTC; 23h ago Process: 15268 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15437 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted... May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector... May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord... May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd... May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd... May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root) May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed. May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd is running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:22:12 UTC. -- May 15 08:56:27 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:56:29 wazuh-manager-master-0 env[11357]: Starting Wazuh v4.8.0... May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-apid... May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-csyslogd... May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-dbd... May 15 08:56:31 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:31 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-integratord... May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-agentlessd... May 15 08:56:32 wazuh-manager-master-0 env[11357]: Started wazuh-authd... May 15 08:56:33 wazuh-manager-master-0 env[11357]: Started wazuh-db... May 15 08:56:34 wazuh-manager-master-0 env[11357]: Started wazuh-execd... May 15 08:56:36 wazuh-manager-master-0 env[11357]: Started wazuh-analysisd... May 15 08:56:37 wazuh-manager-master-0 env[11357]: Started wazuh-syscheckd... May 15 08:56:38 wazuh-manager-master-0 env[11357]: Started wazuh-remoted... May 15 08:56:39 wazuh-manager-master-0 env[11357]: Started wazuh-logcollector... May 15 08:56:40 wazuh-manager-master-0 env[11357]: Started wazuh-monitord... May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:56:41 wazuh-manager-master-0 env[11357]: Started wazuh-modulesd... May 15 08:56:43 wazuh-manager-master-0 env[11357]: Started wazuh-clusterd... May 15 08:56:43 wazuh-manager-master-0 crontab[11939]: (root) LIST (root) May 15 08:56:45 wazuh-manager-master-0 env[11357]: Completed. May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 15 08:58:24 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-clusterd... May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-modulesd... May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-monitord... May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-logcollector... May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-remoted... May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-syscheckd... May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-analysisd... May 15 08:58:26 wazuh-manager-master-0 env[15268]: wazuh-maild not running... May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-execd... May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-db... May 15 08:58:27 wazuh-manager-master-0 env[15268]: Killing wazuh-authd... May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-agentlessd not running... May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-integratord not running... May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-dbd not running... May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-csyslogd not running... May 15 08:58:28 wazuh-manager-master-0 env[15268]: Killing wazuh-apid... May 15 08:58:28 wazuh-manager-master-0 env[15268]: Wazuh v4.8.0 Stopped May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:58:31 wazuh-manager-master-0 env[15437]: Starting Wazuh v4.8.0... May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-apid... May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-csyslogd... May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-dbd... May 15 08:58:34 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-integratord... May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-agentlessd... May 15 08:58:35 wazuh-manager-master-0 env[15437]: Started wazuh-authd... May 15 08:58:36 wazuh-manager-master-0 env[15437]: Started wazuh-db... May 15 08:58:37 wazuh-manager-master-0 env[15437]: Started wazuh-execd... May 15 08:58:38 wazuh-manager-master-0 env[15437]: Started wazuh-analysisd... May 15 08:58:39 wazuh-manager-master-0 env[15437]: Started wazuh-syscheckd... May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted... May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector... May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord... May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd... May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd... May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root) May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed. May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 ``` ### Filebeat Output ```console filebeat test output elasticsearch: https://10.0.2.249:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.249 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.123:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.123 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.62:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.62 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

WazuhMasterEnv2 🟢

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="server" ``` ### Agent Status ```console systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2024-05-15 08:59:14 UTC; 23h ago Process: 15239 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15387 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted... May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector... May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord... May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd... May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd... May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root) May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed. May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd is running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:24:14 UTC. -- May 15 08:56:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:56:30 wazuh-manager-master-0 env[11367]: Starting Wazuh v4.8.0... May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-apid... May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-csyslogd... May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-dbd... May 15 08:56:32 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-integratord... May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-agentlessd... May 15 08:56:34 wazuh-manager-master-0 env[11367]: Started wazuh-authd... May 15 08:56:35 wazuh-manager-master-0 env[11367]: Started wazuh-db... May 15 08:56:36 wazuh-manager-master-0 env[11367]: Started wazuh-execd... May 15 08:56:37 wazuh-manager-master-0 env[11367]: Started wazuh-analysisd... May 15 08:56:38 wazuh-manager-master-0 env[11367]: Started wazuh-syscheckd... May 15 08:56:39 wazuh-manager-master-0 env[11367]: Started wazuh-remoted... May 15 08:56:40 wazuh-manager-master-0 env[11367]: Started wazuh-logcollector... May 15 08:56:41 wazuh-manager-master-0 env[11367]: Started wazuh-monitord... May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:56:42 wazuh-manager-master-0 env[11367]: Started wazuh-modulesd... May 15 08:56:43 wazuh-manager-master-0 env[11367]: Started wazuh-clusterd... May 15 08:56:44 wazuh-manager-master-0 crontab[11945]: (root) LIST (root) May 15 08:56:45 wazuh-manager-master-0 env[11367]: Completed. May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 15 08:58:52 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-clusterd... May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-modulesd... May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-monitord... May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-logcollector... May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-remoted... May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-syscheckd... May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-analysisd... May 15 08:58:53 wazuh-manager-master-0 env[15239]: wazuh-maild not running... May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-execd... May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-db... May 15 08:58:54 wazuh-manager-master-0 env[15239]: Killing wazuh-authd... May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-agentlessd not running... May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-integratord not running... May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-dbd not running... May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-csyslogd not running... May 15 08:58:55 wazuh-manager-master-0 env[15239]: Killing wazuh-apid... May 15 08:58:55 wazuh-manager-master-0 env[15239]: Wazuh v4.8.0 Stopped May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:58:58 wazuh-manager-master-0 env[15387]: Starting Wazuh v4.8.0... May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-apid... May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-csyslogd... May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-dbd... May 15 08:59:01 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-integratord... May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-agentlessd... May 15 08:59:02 wazuh-manager-master-0 env[15387]: Started wazuh-authd... May 15 08:59:03 wazuh-manager-master-0 env[15387]: Started wazuh-db... May 15 08:59:04 wazuh-manager-master-0 env[15387]: Started wazuh-execd... May 15 08:59:05 wazuh-manager-master-0 env[15387]: Started wazuh-analysisd... May 15 08:59:06 wazuh-manager-master-0 env[15387]: Started wazuh-syscheckd... May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted... May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector... May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord... May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module. May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd... May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd... May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root) May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed. May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 ``` ### Filebeat Output ```console filebeat test output elasticsearch: https://10.0.2.249:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.249 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.123:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.123 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.62:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.62 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

WazuhWorker 🟢

### System information ```console cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40810" WAZUH_TYPE="server" ``` ### Agent Status ```console systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2024-05-15 09:03:28 UTC; 23h ago Process: 14921 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15063 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted... May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector... May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord... May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module. May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd... May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd... May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root) May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed. May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd not running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:27:47 UTC. -- May 15 09:01:14 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:router: INFO: Loaded router module. May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 09:01:17 wazuh-manager-worker-0 env[11130]: Starting Wazuh v4.8.0... May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-apid... May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-csyslogd... May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-dbd... May 15 09:01:19 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:19 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-integratord... May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-agentlessd... May 15 09:01:20 wazuh-manager-worker-0 env[11130]: Started wazuh-db... May 15 09:01:21 wazuh-manager-worker-0 env[11130]: Started wazuh-execd... May 15 09:01:22 wazuh-manager-worker-0 env[11130]: Started wazuh-analysisd... May 15 09:01:23 wazuh-manager-worker-0 env[11130]: Started wazuh-syscheckd... May 15 09:01:25 wazuh-manager-worker-0 env[11130]: Started wazuh-remoted... May 15 09:01:26 wazuh-manager-worker-0 env[11130]: Started wazuh-logcollector... May 15 09:01:27 wazuh-manager-worker-0 env[11130]: Started wazuh-monitord... May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:router: INFO: Loaded router module. May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 09:01:28 wazuh-manager-worker-0 env[11130]: Started wazuh-modulesd... May 15 09:01:29 wazuh-manager-worker-0 env[11130]: Started wazuh-clusterd... May 15 09:01:31 wazuh-manager-worker-0 crontab[11686]: (root) LIST (root) May 15 09:01:31 wazuh-manager-worker-0 env[11130]: Completed. May 15 09:01:31 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 15 09:03:08 wazuh-manager-worker-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-clusterd... May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-modulesd... May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-monitord... May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-logcollector... May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-remoted... May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-syscheckd... May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-analysisd... May 15 09:03:09 wazuh-manager-worker-0 env[14921]: wazuh-maild not running... May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-execd... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-db... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-authd not running... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-agentlessd not running... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-integratord not running... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-dbd not running... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-csyslogd not running... May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-apid... May 15 09:03:11 wazuh-manager-worker-0 env[14921]: Wazuh v4.8.0 Stopped May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:router: INFO: Loaded router module. May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 09:03:13 wazuh-manager-worker-0 env[15063]: Starting Wazuh v4.8.0... May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-apid... May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-csyslogd... May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-dbd... May 15 09:03:17 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-integratord... May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-agentlessd... May 15 09:03:18 wazuh-manager-worker-0 env[15063]: Started wazuh-db... May 15 09:03:19 wazuh-manager-worker-0 env[15063]: Started wazuh-execd... May 15 09:03:20 wazuh-manager-worker-0 env[15063]: Started wazuh-analysisd... May 15 09:03:21 wazuh-manager-worker-0 env[15063]: Started wazuh-syscheckd... May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted... May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector... May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord... May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module. May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd... May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd... May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root) May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed. May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 ``` ### Filebeat Output ```console filebeat test output elasticsearch: https://10.0.2.249:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.249 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.123:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.123 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.62:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.62 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

[rafabailon]

Check Wazuh Users and Processes 🟢

Agent

Amazon 🟢

```console ps -aux | grep wazuh root 11195 0.0 0.4 40768 3848 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd wazuh 11207 0.0 0.8 328220 8488 ? Sl May15 0:16 /var/ossec/bin/wazuh-agentd root 11222 0.0 1.4 298576 13972 ? SNl May15 0:30 /var/ossec/bin/wazuh-syscheckd root 11238 0.0 0.5 483212 5580 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector root 11256 0.0 1.8 751764 17992 ? Sl May15 0:07 /var/ossec/bin/wazuh-modulesd root 18065 0.0 0.0 121272 916 pts/0 S+ 08:45 0:00 grep --color=auto wazuh ```

Centos 🟢

```console ps -aux | grep wazuh root 9753 0.0 0.3 45828 2456 ? Sl May15 0:02 /var/ossec/bin/wazuh-execd wazuh 9765 0.0 0.7 276772 6020 ? Sl May15 0:16 /var/ossec/bin/wazuh-agentd root 9780 0.0 1.2 375552 10004 ? SNl May15 0:36 /var/ossec/bin/wazuh-syscheckd root 9795 0.0 0.5 488372 4724 ? Sl May15 0:10 /var/ossec/bin/wazuh-logcollector root 9812 0.0 3.1 761852 25028 ? Sl May15 0:07 /var/ossec/bin/wazuh-modulesd root 17236 0.0 0.1 221928 1124 pts/0 S+ 08:46 0:00 grep --color=auto wazuh ```

Debian 🟢

```console ps -aux | grep wazuh root 9771 0.0 0.2 26596 2544 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd wazuh 9782 0.0 0.6 248488 6280 ? Sl May15 0:20 /var/ossec/bin/wazuh-agentd root 9796 0.0 0.8 214192 8760 ? SNl May15 0:29 /var/ossec/bin/wazuh-syscheckd root 9811 0.0 1.3 469144 13316 ? Sl May15 0:12 /var/ossec/bin/wazuh-logcollector root 9830 0.0 1.5 731556 15532 ? Sl May15 0:06 /var/ossec/bin/wazuh-modulesd root 33476 0.0 0.0 5264 712 pts/0 S+ 08:46 0:00 grep wazuh ```

RHEL9 🟢

```console ps -aux | grep wazuh root 62250 0.0 0.1 26384 6612 ? Sl May15 0:02 /var/ossec/bin/wazuh-execd wazuh 62262 0.0 0.3 248152 12192 ? Sl May15 0:29 /var/ossec/bin/wazuh-agentd root 62277 0.0 0.4 427452 16636 ? SNl May15 1:15 /var/ossec/bin/wazuh-syscheckd root 62291 0.0 0.2 468896 7688 ? Sl May15 0:14 /var/ossec/bin/wazuh-logcollector root 62314 0.0 1.1 1026016 44284 ? Sl May15 0:22 /var/ossec/bin/wazuh-modulesd root 158408 0.0 0.0 6408 2204 pts/0 S+ 08:47 0:00 grep --color=auto wazuh ```

Ubuntu 🟢

```console ps -aux | grep wazuh root 9671 0.0 0.2 26436 2580 ? Sl May15 0:04 /var/ossec/bin/wazuh-execd wazuh 9682 0.0 0.4 313880 4436 ? Sl May15 0:21 /var/ossec/bin/wazuh-agentd root 9696 0.0 0.4 279908 4096 ? SNl May15 0:34 /var/ossec/bin/wazuh-syscheckd root 9711 0.0 0.2 468908 2692 ? Sl May15 0:13 /var/ossec/bin/wazuh-logcollector root 9730 0.0 1.3 731348 13292 ? Sl May15 0:09 /var/ossec/bin/wazuh-modulesd root 55978 0.0 0.2 7008 2260 pts/1 S+ 08:47 0:00 grep --color=auto wazuh ```

Windows 🟢

```console tasklist /svc | Select-String "wazuh" wazuh-agent.exe 3060 WazuhSvc ```

Dashboard

WazuhDashboard 🟢

```console ps -aux | grep wazuh-dashboard wazuh-d+ 19828 0.3 2.2 1039072 182636 ? Ssl May15 5:02 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist root 23750 0.0 0.0 121272 964 pts/0 S+ 08:49 0:00 grep --color=auto wazuh-dashboard ```

Indexer

IndexerBootstrap 🟢

```console ps -aux | grep wazuh wazuh-i+ 12359 1.3 57.1 7113252 4596332 ? Ssl May15 20:03 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet root 17617 0.0 0.0 121272 932 pts/0 S+ 08:50 0:00 grep --color=auto wazuh ```

IndexerMasterB 🟢

```console ps -aux | grep wazuh wazuh-i+ 12303 1.6 57.2 7114364 4602672 ? Ssl May15 23:07 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet root 16668 0.0 0.0 121272 928 pts/0 S+ 08:51 0:00 grep --color=auto wazuh ```

IndexerMasterC 🟢

```console ps -aux | grep wazuh wazuh-i+ 12810 1.3 56.9 7100820 4580160 ? Ssl May15 19:54 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet root 17073 0.0 0.0 121272 1008 pts/0 S+ 08:52 0:00 grep --color=auto wazuh ```

WazuhDashboard 🟢

```console ps -aux | grep wazuh-indexer wazuh-i+ 14580 1.0 38.5 5593400 3101244 ? Ssl May15 15:48 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet root 23792 0.0 0.0 121272 960 pts/1 S+ 08:52 0:00 grep --color=auto wazuh-indexer ```

Manager

WazuhMasterEnv1 🟢

```console ps -aux | grep wazuh root 9302 0.0 0.0 121272 964 pts/0 S+ 08:53 0:00 grep --color=auto wazuh wazuh 25420 0.1 3.0 1012880 119480 ? Sl May15 1:37 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25421 0.0 1.9 297124 78224 ? S May15 0:12 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25424 0.1 2.0 382980 82288 ? S May15 2:36 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25427 0.0 1.4 511872 58644 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25453 0.0 0.1 41372 4844 ? Sl May15 0:12 /var/ossec/bin/wazuh-integratord root 25474 0.2 0.2 262816 8556 ? Sl May15 3:34 /var/ossec/bin/wazuh-authd wazuh 25491 0.1 0.7 945660 31528 ? Sl May15 2:21 /var/ossec/bin/wazuh-db root 25517 0.0 0.1 41440 4180 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd wazuh 25531 1.7 3.9 1308580 157904 ? Sl May15 24:47 /var/ossec/bin/wazuh-analysisd root 25545 0.0 0.3 295032 14188 ? SNl May15 0:35 /var/ossec/bin/wazuh-syscheckd wazuh 25566 0.3 0.4 1242060 17188 ? Sl May15 4:16 /var/ossec/bin/wazuh-remoted root 25601 0.0 0.1 483832 5728 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector wazuh 25622 0.0 0.1 41412 7356 ? Sl May15 0:55 /var/ossec/bin/wazuh-monitord root 25672 0.1 3.0 697976 120048 ? Sl May15 1:43 /var/ossec/bin/wazuh-modulesd wazuh 26106 0.1 1.7 435568 68852 ? Sl May15 2:24 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 26110 0.0 1.3 278008 54916 ? S May15 0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 26111 0.0 1.3 276428 52600 ? S May15 0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ```

WazuhMasterEnv2 🟢

```console ps -aux | grep wazuh root 5977 0.0 0.0 121272 976 pts/0 S+ 08:53 0:00 grep --color=auto wazuh wazuh 24867 0.0 3.0 1013364 119128 ? Sl May15 1:02 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24868 0.0 1.9 296632 77956 ? S May15 0:07 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24871 0.1 2.0 383140 82204 ? S May15 1:52 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24874 0.0 1.4 512892 58572 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24899 0.0 0.1 41376 4204 ? Sl May15 0:11 /var/ossec/bin/wazuh-integratord root 24921 0.2 0.2 197280 8036 ? Sl May15 3:08 /var/ossec/bin/wazuh-authd wazuh 24938 0.1 0.6 945664 24932 ? Sl May15 2:01 /var/ossec/bin/wazuh-db root 24964 0.0 0.1 106976 4152 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd wazuh 24979 1.4 3.4 1297024 134784 ? Sl May15 20:45 /var/ossec/bin/wazuh-analysisd root 24992 0.0 0.3 295020 14192 ? SNl May15 0:35 /var/ossec/bin/wazuh-syscheckd wazuh 25013 0.1 0.3 1241824 15332 ? Sl May15 2:29 /var/ossec/bin/wazuh-remoted root 25048 0.0 0.1 483840 5768 ? Sl May15 0:12 /var/ossec/bin/wazuh-logcollector wazuh 25068 0.0 0.1 41412 7604 ? Sl May15 0:52 /var/ossec/bin/wazuh-monitord root 25119 0.0 2.0 626296 80636 ? Sl May15 0:38 /var/ossec/bin/wazuh-modulesd wazuh 25553 0.0 1.4 424332 58940 ? Sl May15 0:33 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 25557 0.0 1.3 276420 52960 ? S May15 0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 25558 0.0 1.3 276420 52672 ? S May15 0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ```

WazuhWorker 🟢

```console ps -aux | grep wazuh wazuh 15209 0.0 2.5 860676 101012 ? Sl May15 0:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 15210 0.0 1.4 282480 58332 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 15213 0.0 1.4 364408 58840 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 15216 0.0 1.4 511872 58644 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 15242 0.0 0.1 41332 4180 ? Sl May15 0:04 /var/ossec/bin/wazuh-integratord wazuh 15261 0.1 0.4 945596 18960 ? Sl May15 1:52 /var/ossec/bin/wazuh-db root 15287 0.0 0.1 41368 4088 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd wazuh 15302 0.0 0.8 1296972 32116 ? Sl May15 0:12 /var/ossec/bin/wazuh-analysisd root 15314 0.0 0.3 229336 13740 ? SNl May15 0:33 /var/ossec/bin/wazuh-syscheckd wazuh 15336 0.1 0.2 774680 11080 ? Sl May15 2:29 /var/ossec/bin/wazuh-remoted root 15371 0.0 0.1 483772 5572 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector wazuh 15391 0.0 0.1 41344 7764 ? Sl May15 0:04 /var/ossec/bin/wazuh-monitord root 15439 0.0 1.7 584296 67840 ? Sl May15 0:25 /var/ossec/bin/wazuh-modulesd wazuh 15906 0.1 1.6 577928 64736 ? Sl May15 2:32 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 15970 0.0 1.3 277112 54620 ? S May15 0:54 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 16948 0.0 1.3 429308 53364 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py root 26423 0.0 0.0 121272 964 pts/0 S+ 08:54 0:00 grep --color=auto wazuh ```

[rafabailon]

Check the Status of the Indexer Cluster 🟢

curl -k -u ADMIN_USER:PASS https://indexer_IP:9200/_cat/nodes?v
   ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
   xx.x.x.xx            36          88   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-3
   xx.x.x.xxx           52          91   0    0.04    0.05     0.01 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-7
   xx.x.x.xxx            5          89   0    0.04    0.01     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1
   xx.x.x.xxx           45          89   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-2

[rafabailon]

Check Browser's Developer Console for Errors While Browsing the App 🟡

Login/Logout Screen 🟡

- Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121 ```console login:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. wz-home:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5821 ```console core.entry.js:15 Detected an unhandled Promise rejection. TypeError: Cannot read properties of undefined (reading 'split') securityDashboards.plugin.js:15 Error: Unauthorized at fetch_Fetch.fetchResponse (core.entry.js:15:177501) at async interceptResponse (core.entry.js:15:172919) at async core.entry.js:15:175399 core.entry.js:15 Detected an unhandled Promise rejection. Error: Unauthorized core.entry.js:15 Uncaught (in promise) Error: Unauthorized at fetch_Fetch.fetchResponse (core.entry.js:15:177501) at async interceptResponse (core.entry.js:15:172919) at async core.entry.js:15:175399 ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5332 ```console reportsDashboards.plugin.js:24 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split') at checkURLParams (reportsDashboards.plugin.js:24:109539) at HTMLDocument. (reportsDashboards.plugin.js:24:109421) at u (osd-ui-shared-deps.js:411:26168) at l (osd-ui-shared-deps.js:411:26470) ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4108 ```console /api/ism/apiCaller:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/restapiinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/configuration/account:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/auth/dashboardsinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/restapiinfo 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/auth/dashboardsinfo 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized) POST https://demo.wazuh.info/api/ism/apiCaller 401 (Unauthorized) POST https://demo.wazuh.info/api/request 401 (Unauthorized) ```

Overview 🟡

- Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121 ```console wz-home#/overview/?_…&tabView=panels:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! ```

Endpoints Summary 🟢

- No issues found here.

Configuration Assessment 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

Malware Detection 🟢

- Dashboard 🟢 - Events 🟢

File Integrity Monitoring 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

Threat Hunting 🟢

- Dashboard 🟢 - Events 🟢

Vulnerability Detection 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

MITRE ATT&CK 🟢

- Dashboard 🟢 - Intelligence 🟢 - Framework 🟢 - Events 🟢

VirusTotal 🟢

- Dashboard 🟢 - Events 🟢

PCI DSS 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

GDPR 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

HIPAA 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

NIST 800-53 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

TSC 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

Docker 🟢

- Dashboard 🟢 - Events 🟢

Amazon Web Services 🟡

- Dashboard 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4092 ```console mapsLegacy.chunk.1.js:1 The "manifestServiceUrl" parameter is deprecated in v7.6.0. Consider using "tileApiUrl" and "fileApiUrl" instead. ``` - Events 🟢

Google Cloud 🟢

- Dashboard 🟢 - Events 🟢

Github 🟢

- Dashboard 🟢 - Panel 🟢 - Events 🟢

Office 365 🟡

- Dashboard 🟢 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6022 ```console osd-ui-shared-deps.js:364 Uncaught TypeError: Cannot read properties of null (reading 'top_left') at scaleBounds (tileMap.plugin.js:7:13685) at CoordinateMapsVisualization.updateGeohashAgg (tileMap.plugin.js:7:15150) at CoordinateMapsVisualization._updateData (tileMap.plugin.js:7:17884) at CoordinateMapsVisualization.render (mapsLegacy.plugin.js:1:60834) at async CoordinateMapsVisualization.render (tileMap.plugin.js:7:15901) ``` - Panel 🟢 - Events 🟢

Side Navbar 🟡

- Recently Viewed 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6318 

Alerting 🟡

- Alerts 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869 ```console alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: '[alerting_exception] Configured indices are not found: [.opendistro-alerting-config]'} ``` - Monitors 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869 ```console alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: {…}} ``` - Destinations 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console alertingDashboards.chunk.3.js:1 Unable to get email groups [index_not_found_exception] no such index [.opendistro-alerting-config], with { index=".opendistro-alerting-config" & resource.id=".opendistro-alerting-config" & resource.type="index_or_alias" & index_uuid="_na_" } ```

[rafabailon]

Check that there are Alerts for each of the Modules Configured 🟡

Modules in ENV-1

Check Activated Modules 🟢

  

Check Alerts from the Activated Modules 🟡

- AWS Module  - VirusTotal Module  - Docker Listener Module  > Note: Docker is not installed on the agents - GDPR Module  - HIPAA Module  - TSC Module 

Modules in ENV-2

Check Activated Modules 🟢

  

Check Alerts from the Activated Modules 🟡

- AWS Module  - VirusTotal Module  > Reported in Reported in https://github.com/wazuh/wazuh-automation/issues/1369 - Docker Listener Module  - GDPR Module  - HIPAA Module  - TSC Module 

[rafabailon]

Generate an Alert and Check it appears in Wazuh Dashboard 🟢

Attempt an Invalid SSH Login into Any Agent 🟢

```console $ ssh invalid-user@debian.wazuh.info invalid-user@debian.wazuh.info's password: Permission denied, please try again. invalid-user@debian.wazuh.info's password: Permission denied, please try again. invalid-user@debian.wazuh.info's password: invalid-user@debian.wazuh.info: Permission denied (publickey,password). ```

Check the Alert in Wazuh Dashboard 🟢

  

[rafabailon]

Check the search engine works using * 🟢

Case 1: Using * 🟢


Case 2: Using aw* 🟢


Case 3: Using *squer* 🟢


Case 4: Using *shd 🟢


[juliamagan]

LGTM