search

wazuh / wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
https://wazuh.com/
Other
9.44k stars 1.49k forks source link

Release 4.8.0 - RC 2 - Footprint Metrics - LOGCOLLECTOR,SYSCOLLECTOR (2.5d) #23486

Closed wazuhci closed 2 weeks ago

wazuhci commented 2 weeks ago

Footprint metrics information
Main release stage issue # #23405
Main footprint metrics issue # #23406
Version 4.8.0
Release stage # RC 2
Tag https://github.com/wazuh/wazuh/tree/v4.8.0-rc2

Stress test documentation

Packages used

Manager +
Plots ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_CPU.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_Disk.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_Disk_Read.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_Disk_Written.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_FD.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_PSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_Read_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_RSS_MAXMIN.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_RSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_SWAP.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_USS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_VMS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/monitor-manager-Test_stress_B5133_manager-pre-release_Write_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_events_Decoded_events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_events_Dropped_events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_events_EDPS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_events_Written_stats.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_state_Number_Events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/plots/Test_stress_B5133_manager_analysisd_state_Queues_state.png)
  • Logs and configuration [ossec_Test_stress_B5133_manager_2024-05-17.zip](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/logs/ossec_Test_stress_B5133_manager_2024-05-17.zip)
  • CSV [monitor-manager-Test_stress_B5133_manager-pre-release.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/data/monitor-manager-Test_stress_B5133_manager-pre-release.csv) [Test_stress_B5133_manager_analysisd_events.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/data/Test_stress_B5133_manager_analysisd_events.csv) [Test_stress_B5133_manager_analysisd_state.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/data/Test_stress_B5133_manager_analysisd_state.csv) [Test_stress_B5133_manager_remoted_state.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_manager_centos/data/Test_stress_B5133_manager_remoted_state.csv)

Centos agent +
Plots ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_CPU.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_Disk.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_Disk_Read.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_Disk_Written.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_FD.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_PSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_Read_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_RSS_MAXMIN.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_RSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_SWAP.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_USS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_VMS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/monitor-agent-Test_stress_B5133_centos-pre-release_Write_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/Test_stress_B5133_centos_agentd_state_AgentD_Number_of_events_buffered.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/Test_stress_B5133_centos_agentd_state_AgentD_Number_of_generated_events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/Test_stress_B5133_centos_agentd_state_AgentD_Number_of_messages.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/plots/Test_stress_B5133_centos_agentd_state_AgentD_Status.png)
  • Logs and configuration [ossec_Test_stress_B5133_centos_2024-05-17.zip](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/logs/ossec_Test_stress_B5133_centos_2024-05-17.zip)
  • CSV [monitor-agent-Test_stress_B5133_centos-pre-release.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/data/monitor-agent-Test_stress_B5133_centos-pre-release.csv) [Test_stress_B5133_centos_agentd_state.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_centos/data/Test_stress_B5133_centos_agentd_state.csv)

Ubuntu agent +
Plots ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_CPU.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_Disk.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_Disk_Read.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_Disk_Written.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_FD.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_PSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_Read_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_RSS_MAXMIN.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_RSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_SWAP.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_USS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_VMS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/monitor-agent-Test_stress_B5133_ubuntu-pre-release_Write_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/Test_stress_B5133_ubuntu_agentd_state_AgentD_Number_of_events_buffered.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/Test_stress_B5133_ubuntu_agentd_state_AgentD_Number_of_generated_events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/Test_stress_B5133_ubuntu_agentd_state_AgentD_Number_of_messages.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/plots/Test_stress_B5133_ubuntu_agentd_state_AgentD_Status.png)
  • Logs and configuration [ossec_Test_stress_B5133_ubuntu_2024-05-17.zip](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/logs/ossec_Test_stress_B5133_ubuntu_2024-05-17.zip)
  • CSV [monitor-agent-Test_stress_B5133_ubuntu-pre-release.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/data/monitor-agent-Test_stress_B5133_ubuntu-pre-release.csv) [Test_stress_B5133_ubuntu_agentd_state.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_ubuntu/data/Test_stress_B5133_ubuntu_agentd_state.csv)

Windows agent +
Plots ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_CPU.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Disk.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Disk_Read.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Disk_Written.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Handles.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Read_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_RSS_MAXMIN.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_RSS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_USS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_VMS.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/monitor-winagent-Test_stress_B5133_windows-pre-release_Write_Ops.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/Test_stress_B5133_windows_agentd_state_AgentD_Number_of_events_buffered.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/Test_stress_B5133_windows_agentd_state_AgentD_Number_of_generated_events.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/Test_stress_B5133_windows_agentd_state_AgentD_Number_of_messages.png) ![](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/plots/Test_stress_B5133_windows_agentd_state_AgentD_Status.png)
  • Logs and configuration [ossec_Test_stress_B5133_windows_2024-05-17.zip](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/logs/ossec_Test_stress_B5133_windows_2024-05-17.zip)
  • CSV [monitor-winagent-Test_stress_B5133_windows-pre-release.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/data/monitor-winagent-Test_stress_B5133_windows-pre-release.csv) [Test_stress_B5133_windows_agentd_state.csv](https://ci.wazuh.com/data/Test_stress/pre-release/4.8.0/B5133-3600m/B5133_agent_windows/data/Test_stress_B5133_windows_agentd_state.csv)

macOS agent +
Plots
  • Logs and configuration
  • CSV

Solaris agent +
Plots
  • Logs and configuration
  • CSV

santipadilla commented 2 weeks ago

Analysis report :yellow_circle:

Logs :yellow_circle:

Manager - Expected in stress test ``` 2024/05/16 00:04:36 wazuh-logcollector WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files". 2024/05/15 01:12:50 wazuh-remoted WARNING: Message queue is full (10). Events may be lost. 2024/05/14 22:34:43 wazuh-analysisd WARNING: Input queue is full. 2024/05/14 22:34:43 wazuh-logcollector WARNING: Target 'agent' message queue is full (1024). Log lines may be lost. ``` - Reported: https://github.com/wazuh/wazuh/issues/22565 - Known issue ``` 2024/05/14 16:29:57 indexer-connector WARNING: No username and password found in the keystore, using default values. 2024/05/14 16:29:57 indexer-connector WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-5-95.ec2.internal', retrying until the connection is successful. ```
Centos - Expected in stress test ``` 2024/05/16 00:00:17 wazuh-agentd WARNING: Agent buffer is full: Events may be lost. 2024/05/16 00:05:32 wazuh-logcollector WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files". 2024/05/14 16:32:48 wazuh-modulesd WARNING: Process locked due to agent is offline. Waiting for connection... 2024/05/14 22:33:54 wazuh-logcollector WARNING: Target 'agent' message queue is full (1024). Log lines may be lost. ``` - Reported: https://github.com/wazuh/wazuh-jenkins/issues/4867 - Known issue ``` 2024/05/14 16:32:48 wazuh-agentd ERROR: (1137): Lost connection with manager. Setting lock. 2024/05/14 16:32:48 wazuh-agentd ERROR: (1216): Unable to connect to '[172.31.5.95]:1514/tcp': 'Connection refused'. ```
Windows - Expected in stress test ``` 2024/05/14 22:34:41 wazuh-agent WARNING: (1960): File limit has been reached (200). 2024/05/14 22:34:42 wazuh-agent WARNING: Agent buffer at 90 %. 2024/05/14 22:34:42 wazuh-agent WARNING: Target 'agent' message queue is full (1024). Log lines may be lost. 2024/05/14 22:34:52 wazuh-agent WARNING: Agent buffer is full: Events may be lost. ``` - Reported: https://github.com/wazuh/wazuh-jenkins/issues/4867 - Known issue ``` 2024/05/14 16:32:59 wazuh-agent ERROR: (1216): Unable to connect to '[172.31.5.95]:1514/tcp': 'No connection could be made because the target machine actively refused it.'. ```
Ubuntu - Expected in stress test ``` 2024/05/16 00:00:12 wazuh-agentd WARNING: Agent buffer is full: Events may be lost. 2024/05/16 00:06:13 wazuh-logcollector WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files". 2024/05/14 16:32:48 wazuh-modulesd WARNING: Process locked due to agent is offline. Waiting for connection... 2024/05/14 22:34:07 wazuh-logcollector WARNING: Target 'agent' message queue is full (1024). Log lines may be lost. ``` - Reported: https://github.com/wazuh/wazuh-jenkins/issues/4867 - Known issue ``` 2024/05/14 16:32:48 wazuh-agentd ERROR: (1137): Lost connection with manager. Setting lock. 2024/05/14 16:32:48 wazuh-agentd ERROR: (1216): Unable to connect to '[172.31.5.95]:1514/tcp': 'Connection refused'. ```