davidjiglesias commented 4 months ago

End-to-End (E2E) Testing Guideline

Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example https://github.com/wazuh/wazuh/issues/13994.
Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

🟢 All checks passed
🟡 Found a known issue
🔴 Found a new error

Issue delivery and completion

Initial delivery: The issue's assignee must complete the testing and deliver the results by Jun 01, 2024 and notify the @wazuh/devel-devops team via Slack using the c-release channel
Review: The @wazuh/devel-devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Jun 02, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
Auditor: The QA team must audit, validate the results, and close the issue by Jun 03, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer
Server
Dashboard		-
Agent		-

Test description

Test demo.wazuh.info environment:

Check that there are no errors in the manager, agent, cluster, indexer, and dashboard logs.
Check that the Wazuh daemons are running with the expected user.
Check that the status of the indexer cluster is the expected.
Check that there are no errors in the browser's developer console when browsing the App.
Check that there are alerts for each of the modules configured.
Check that no warning symbols appear in the browser's developer console when browsing the App
Generate an alert and check that this alert appears in the dashboard (end to end)
Check that the search engine works without specifying a field and using *

To access the demo environment, please contact @devel-devops.

Known issues

Conclusions :red_circle:

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure Type	Notes
:red_circle:	Check Agent, Dashboard, Indexer, and Manager Logs	Selected API is no longer available	https://github.com/wazuh/wazuh/issues/23850
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	https://github.com/wazuh/wazuh/issues/13253
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	https://github.com/wazuh/wazuh-packages/issues/2685
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4092
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4108
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5332
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5821
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6022
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6318
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320
🟡	Check that there are Alerts for each of the Modules Configured	Docker is not installed on the agents	None
🟡	Check that there are Alerts for each of the Modules Configured	Unnecessary ENV2 `Virus Total` Setting	https://github.com/wazuh/wazuh-automation/issues/1369

Feedback

We value your feedback. Please provide insights on your testing experience.

Was the testing guideline clear? Were there any ambiguities?

Several sections need to be clearer, and some lack essential instructions. For instance, it should be explicitly stated that Docker must be provisioned manually in certain environments and that agents must be configured to generate this kind of alert.

Additionally, the current structure is prone to errors. Take, for example, the instruction "Check that the Wazuh daemons are running with the expected user." If the expected users are not clearly specified, testers might use the previous stage or release as a reference point, which could lead to potential issues.

Did you face any challenges not covered by the guideline?

The number of known issues related to console errors is too vast, making it difficult to determine which errors are expected and which are not. Additionally, many errors originate from the client side, further complicating the task and making it time-consuming.

Suggestions for improvement:
- Ensure Docker is provisioned by default in the environment
- Split extensive tests, such as "check logs for the different components," into smaller, individual tests to enhance readability, editing, and troubleshooting for both testers and reviewers. - Incorporate warnings in the issue template to help avoid client-side errors during console error checks.
- Separate known issues into different test sections to facilitate easier error navigation.
- Clearly define the expected results for specific tests, such as specifying the expected user for each daemon

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

[ ] @davidjiglesias
[ ] @wazuh/devel-devops

Rebits commented 4 months ago

Requested access for Demo Environment: https://github.com/wazuh/internal-devel-requests/issues/1204

Rebits commented 4 months ago

The available machines are:

Agents

- Amazon - Centos - Debian - RHEL9 - Ubuntu - Windows

Dashboard

- WazuhDashboard

Indexers

- IndexerBootstrap - IndexerMasterB - IndexerMasterC - WazuhDashboard

Managers

- WazuhMasterEnv1 - WazuhMasterEnv2 - WazuhWorker

Rebits commented 4 months ago

Check Agent Logs :yellow_circle:

Amazon :green_circle:

### System information ```console [root@ip-10-0-1-187 bin]# cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Version ```console [root@ip-10-0-1-187 bin]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="agent" ``` ### Agent Status ```console [root@ip-10-0-1-187 bin]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:49:10 UTC; 6 days ago Process: 9640 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 9777 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-agent.service ├─11329 /var/ossec/bin/wazuh-execd ├─11341 /var/ossec/bin/wazuh-agentd ├─11356 /var/ossec/bin/wazuh-syscheckd ├─11372 /var/ossec/bin/wazuh-logcollector └─11390 /var/ossec/bin/wazuh-modulesd May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Starting Wazuh v4.8.0... May 28 07:49:04 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-execd... May 28 07:49:05 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-agentd... May 28 07:49:06 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-syscheckd... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-logcollector... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal crontab[9972]: (root) LIST (root) May 28 07:49:08 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-modulesd... May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Completed. May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` ### Module Status ```console [root@ip-10-0-1-187 bin]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console [root@ip-10-0-1-187 bin]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:49:10 UTC; 6 days ago Process: 9640 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 9777 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-agent.service ├─11329 /var/ossec/bin/wazuh-execd ├─11341 /var/ossec/bin/wazuh-agentd ├─11356 /var/ossec/bin/wazuh-syscheckd ├─11372 /var/ossec/bin/wazuh-logcollector └─11390 /var/ossec/bin/wazuh-modulesd May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Starting Wazuh v4.8.0... May 28 07:49:04 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-execd... May 28 07:49:05 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-agentd... May 28 07:49:06 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-syscheckd... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-logcollector... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal crontab[9972]: (root) LIST (root) May 28 07:49:08 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-modulesd... May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Completed. May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Started Wazuh agent. [root@ip-10-0-1-187 bin]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... [root@ip-10-0-1-187 bin]# journalctl -xe -u wazuh-agent.service May 28 07:48:55 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. May 28 07:48:59 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun shutting down. May 28 07:48:59 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Killing wazuh-modulesd... May 28 07:49:02 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Killing wazuh-logcollector... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Killing wazuh-syscheckd... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Killing wazuh-agentd... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Killing wazuh-execd... May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9640]: Wazuh v4.8.0 Stopped May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished shutting down. May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has begun starting up. May 28 07:49:03 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Starting Wazuh v4.8.0... May 28 07:49:04 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-execd... May 28 07:49:05 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-agentd... May 28 07:49:06 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-syscheckd... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-logcollector... May 28 07:49:07 ip-10-0-1-187.us-west-1.compute.internal crontab[9972]: (root) LIST (root) May 28 07:49:08 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Started wazuh-modulesd... May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal env[9777]: Completed. May 28 07:49:10 ip-10-0-1-187.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console [root@ip-10-0-1-187 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Centos :green_circle:

### System information ```console cat /etc/*release CentOS Linux release 8.4.2105 NAME="CentOS Linux" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" CentOS Linux release 8.4.2105 CentOS Linux release 8.4.2105 ``` ### Agent Version ```console /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="agent" ``` ### Agent Status ```console [root@ip-10-0-1-100 bin]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:50:43 UTC; 6 days ago Process: 7772 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 8161 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 32 (limit: 4668) Memory: 335.0M CGroup: /system.slice/wazuh-agent.service ├─9444 /var/ossec/bin/wazuh-execd ├─9456 /var/ossec/bin/wazuh-agentd ├─9471 /var/ossec/bin/wazuh-syscheckd ├─9486 /var/ossec/bin/wazuh-logcollector └─9503 /var/ossec/bin/wazuh-modulesd May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Starting Wazuh v4.8.0... May 28 07:50:38 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-execd... May 28 07:50:39 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-agentd... May 28 07:50:40 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-syscheckd... May 28 07:50:41 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-logcollector... May 28 07:50:41 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-modulesd... May 28 07:50:43 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Completed. May 28 07:50:43 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` ### Module Status ```console [root@ip-10-0-1-100 bin]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console [root@ip-10-0-1-100 bin]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... [root@ip-10-0-1-100 bin]# journalctl -xe -u wazuh-agent.service -- Unit wazuh-agent.service has finished starting up. -- -- The start-up result is done. May 28 07:50:33 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent... -- Subject: Unit wazuh-agent.service has begun shutting down -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has begun shutting down. May 28 07:50:33 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Killing wazuh-modulesd... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Killing wazuh-logcollector... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Killing wazuh-syscheckd... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Killing wazuh-agentd... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Killing wazuh-execd... May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[7772]: Wazuh v4.8.0 Stopped May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Succeeded. -- Subject: Unit succeeded -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- The unit wazuh-agent.service has successfully entered the 'dead' state. May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. -- Subject: Unit wazuh-agent.service has finished shutting down -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has finished shutting down. May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... -- Subject: Unit wazuh-agent.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has begun starting up. May 28 07:50:37 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Starting Wazuh v4.8.0... May 28 07:50:38 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-execd... May 28 07:50:39 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-agentd... May 28 07:50:40 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-syscheckd... May 28 07:50:41 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-logcollector... May 28 07:50:41 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Started wazuh-modulesd... May 28 07:50:43 ip-10-0-1-100.us-west-1.compute.internal env[8161]: Completed. May 28 07:50:43 ip-10-0-1-100.us-west-1.compute.internal systemd[1]: Started Wazuh agent. -- Subject: Unit wazuh-agent.service has finished start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit wazuh-agent.service has finished starting up. -- ``` ### Error Logs ```console [root@ip-10-0-1-100 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Debian :yellow_circle:

**Expected warnings due to unclean reboot**: ``` May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6203 (wazuh-syscheckd) in control group while starting unit. Ignoring. ``` ### System information ```console root@ip-10-0-1-37:/usr/bin# cat /etc/*release ID="ec2" VERSION="20220503-998" PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ``` ### Agent Version ```console root@ip-10-0-1-37:/usr/bin# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="agent" ``` ### Agent Status ```console root@ip-10-0-1-37:/usr/bin# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-05-28 07:49:24 UTC; 6 days ago Tasks: 32 (limit: 1123) Memory: 292.0M CPU: 9min 30.288s CGroup: /system.slice/wazuh-agent.service ├─8781 /var/ossec/bin/wazuh-execd ├─8792 /var/ossec/bin/wazuh-agentd ├─8806 /var/ossec/bin/wazuh-syscheckd ├─8821 /var/ossec/bin/wazuh-logcollector └─8840 /var/ossec/bin/wazuh-modulesd May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: Starting Wazuh agent... May 28 07:49:22 ip-10-0-1-37 env[6502]: Starting Wazuh v4.8.0... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-execd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-agentd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-syscheckd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-logcollector already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-modulesd already running... May 28 07:49:24 ip-10-0-1-37 env[6502]: Completed. May 28 07:49:24 ip-10-0-1-37 systemd[1]: Started Wazuh agent. ``` ### Module Status ```console root@ip-10-0-1-37:/usr/bin# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console root@ip-10-0-1-37:/usr/bin# journalctl -xe -u wazuh-agent.service ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6014 (restart.sh) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6018 (wazuh-control) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6170 (wazuh-execd) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6185 (wazuh-agentd) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6203 (wazuh-syscheckd) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6223 (wazuh-logcollec) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6247 (wazuh-modulesd) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6369 (sleep) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6498 (apt) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: wazuh-agent.service: Found left-over process 6501 (apt) in control group while starting unit. Ignoring. May 28 07:49:22 ip-10-0-1-37 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:49:22 ip-10-0-1-37 systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 3451. May 28 07:49:22 ip-10-0-1-37 env[6502]: Starting Wazuh v4.8.0... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-execd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-agentd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-syscheckd already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-logcollector already running... May 28 07:49:22 ip-10-0-1-37 env[6502]: wazuh-modulesd already running... May 28 07:49:24 ip-10-0-1-37 env[6502]: Completed. May 28 07:49:24 ip-10-0-1-37 systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://www.debian.org/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 3451. ``` ### Error Logs ```console egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

RHEL9 :green_circle:

### System information ```console sh-5.1$ cat /etc/*release NAME="Red Hat Enterprise Linux" VERSION="9.2 (Plow)" ID="rhel" ID_LIKE="fedora" VERSION_ID="9.2" PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)" ANSI_COLOR="0;31" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" REDHAT_BUGZILLA_PRODUCT_VERSION=9.2 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.2" Red Hat Enterprise Linux release 9.2 (Plow) Red Hat Enterprise Linux release 9.2 (Plow) ``` ### Agent Version ```console [root@ip-10-0-1-46 bin]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="agent" ``` ### Agent Status ```console [root@ip-10-0-1-46 bin]# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled) Active: active (running) since Tue 2024-05-28 08:27:59 UTC; 6 days ago Process: 61925 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) Tasks: 54 (limit: 22632) Memory: 891.9M CPU: 1h 1min 32.405s CGroup: /system.slice/wazuh-agent.service ├─61952 /var/ossec/bin/wazuh-execd ├─61961 /var/ossec/bin/wazuh-agentd ├─61976 /var/ossec/bin/wazuh-syscheckd ├─61990 /var/ossec/bin/wazuh-logcollector ├─61998 /var/ossec/bin/wazuh-modulesd ├─62009 python3 wodles/docker/DockerListener ├─62015 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf └─62024 /usr/bin/osqueryd May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Starting Wazuh v4.8.0... May 28 08:27:54 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-execd... May 28 08:27:55 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-agentd... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-syscheckd... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-logcollector... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal osqueryd[62015]: osqueryd started [version=4.4.0] May 28 08:27:57 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-modulesd... May 28 08:27:59 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Completed. May 28 08:27:59 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ``` ### Module Status ```console root@ip-10-0-1-46 bin]# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console [root@ip-10-0-1-46 bin]# journalctl -xe -u wazuh-agent.service May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal env[61857]: Wazuh v4.8.0 Stopped May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-agent.service has successfully entered the 'dead' state. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 59278 (osqueryd) remains running after unit stopped. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61886 (wazuh-modulesd) remains running after unit stopped. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61887 (wazuh-modulesd) remains running after unit stopped. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent. ░░ Subject: A stop job for unit wazuh-agent.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-agent.service has finished. ░░ ░░ The job identifier is 26894 and the job result is done. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 39.482s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 26894. May 28 08:27:53 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Starting Wazuh v4.8.0... May 28 08:27:54 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-execd... May 28 08:27:55 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-agentd... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-syscheckd... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-logcollector... May 28 08:27:56 ip-10-0-1-46.us-west-1.compute.internal osqueryd[62015]: osqueryd started [version=4.4.0] May 28 08:27:57 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Started wazuh-modulesd... May 28 08:27:59 ip-10-0-1-46.us-west-1.compute.internal env[61925]: Completed. May 28 08:27:59 ip-10-0-1-46.us-west-1.compute.internal systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 26894. ``` ### Error Logs ```console [root@ip-10-0-1-46 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Ubuntu :yellow_circle:

**Expected warnings due to unclean reboot**: ``` May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7659 (wazuh-execd) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. ``` ### System information ```console DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS" PRETTY_NAME="Ubuntu 22.04.2 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.2 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ``` ### Agent Version ```console root@ip-10-0-1-115:~# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="agent" ``` ### Agent Status ```console root@ip-10-0-1-115:~# systemctl status wazuh-agent -l ● wazuh-agent.service - Wazuh agent Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-05-28 07:50:20 UTC; 6 days ago Tasks: 32 (limit: 1116) Memory: 164.1M CPU: 9min 45.800s CGroup: /system.slice/wazuh-agent.service ├─8757 /var/ossec/bin/wazuh-execd ├─8768 /var/ossec/bin/wazuh-agentd ├─8782 /var/ossec/bin/wazuh-syscheckd ├─8796 /var/ossec/bin/wazuh-logcollector └─8816 /var/ossec/bin/wazuh-modulesd May 28 07:50:18 ip-10-0-1-115 systemd[1]: Starting Wazuh agent... May 28 07:50:18 ip-10-0-1-115 env[8180]: Starting Wazuh v4.8.0... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-execd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-agentd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-syscheckd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-logcollector already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-modulesd already running... May 28 07:50:20 ip-10-0-1-115 env[8180]: Completed. May 28 07:50:20 ip-10-0-1-115 systemd[1]: Started Wazuh agent. ``` ### Module Status ```console root@ip-10-0-1-115:~# /var/ossec/bin/wazuh-control status wazuh-modulesd is running... wazuh-logcollector is running... wazuh-syscheckd is running... wazuh-agentd is running... wazuh-execd is running... ``` ### Service Status ```console root@ip-10-0-1-115:~# journalctl -xe -u wazuh-agent.service ░░ Subject: A stop job for unit wazuh-agent.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-agent.service has finished. ░░ ░░ The job identifier is 6748 and the job result is done. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Consumed 13.358s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-agent.service completed and consumed the indicated resources. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7659 (wazuh-execd) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7674 (wazuh-agentd) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7692 (wazuh-syscheckd) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7710 (wazuh-logcollec) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 7731 (wazuh-modulesd) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: wazuh-agent.service: Found left-over process 8176 (sh) in control group while starting unit. Ignoring. May 28 07:50:18 ip-10-0-1-115 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. May 28 07:50:18 ip-10-0-1-115 systemd[1]: Starting Wazuh agent... ░░ Subject: A start job for unit wazuh-agent.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-agent.service has begun execution. ░░ ░░ The job identifier is 6748. May 28 07:50:18 ip-10-0-1-115 env[8180]: Starting Wazuh v4.8.0... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-execd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-agentd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-syscheckd already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-logcollector already running... May 28 07:50:18 ip-10-0-1-115 env[8180]: wazuh-modulesd already running... May 28 07:50:20 ip-10-0-1-115 env[8180]: Completed. May 28 07:50:20 ip-10-0-1-115 systemd[1]: Started Wazuh agent. ░░ Subject: A start job for unit wazuh-agent.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-agent.service has finished successfully. ░░ ░░ The job identifier is 6748. ``` ### Error Logs ```console root@ip-10-0-1-115:~# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 ```

Windows :yellow_circle:

**Known issues**: - https://github.com/wazuh/wazuh/issues/13253 ### System information ```console PS C:\Windows\system32> systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version" OS Name: Microsoft Windows Server 2019 Datacenter OS Version: 10.0.17763 N/A Build 17763 ``` ### Agent Version ```console PS C:\Program Files (x86)\ossec-agent> (Get-Command .\wazuh-agent.exe).FileVersionInfo ProductVersion FileVersion FileName -------------- ----------- -------- v4.8.0 v4.8.0 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe ``` ### Agent Status ```console PS C:\Program Files (x86)\ossec-agent> NET START wazuh The requested service has already been started. More help is available by typing NET HELPMSG 2182. ``` ### Error Logs ```console PS C:\Program Files (x86)\ossec-agent> Get-Content "C:\Program Files (x86)\ossec-agent\ossec.log" | Select-String -Pattern "ERR|WARN|CRIT|FAT" 2024/06/03 00:00:46 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240603.log' due to [(2)-(No such file or directory)]. 2024/06/03 01:39:04 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock. PS C:\Program Files (x86)\ossec-agent> ``` **Analysis**: Detected errors are expected, - Logcollector error it is a known issue: https://github.com/wazuh/wazuh/issues/13253 - Connection error seems to be a network issue.

Rebits commented 4 months ago

Check Dashboard Logs :red_circle:

Reported in https://github.com/wazuh/wazuh/issues/23850

WazuhDashboard :red_circle:

**Unexpected errors:** ``` [root@ip-10-0-0-64 bin]# egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l 17 [root@ip-10-0-0-64 bin]# egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log {"date":"2024-06-03T11:23:52.966Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.966Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.967Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.967Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:53.172Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:53.426Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:56.120Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.020Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.020Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.021Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.021Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.217Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.235Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.435Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} ``` ### System information ```console sh-4.2$ cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Dashboard Version ```console [root@ip-10-0-0-64 bin]# cat /usr/share/wazuh-dashboard/plugins/wazuh/package.json { "name": "wazuh", "version": "4.8.0", "revision": "11", "pluginPlatform": { "version": "2.10.0" }, "description": "Wazuh dashboard", "keywords": [ "opensearch_dashboards", "wazuh", "ossec" ], "node_build": "10.23.1", "author": "Wazuh, Inc", "license": "GPL-2.0", "repository": { "type": "git", "url": "https://github.com/wazuh/wazuh-dashboard-plugins.git" }, "bugs": { "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues" }, "homepage": "https://www.wazuh.com/", "scripts": { "lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}", "lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}", "lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}", "lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}", "lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'", "format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc", "kbn": "node ../../scripts/kbn", "es": "node ../../scripts/es", "start": "plugin-helpers start", "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION", "build:runner": "node scripts/runner build", "plugin-helpers": "node ../../scripts/plugin_helpers", "test:ui:runner": "node ../../scripts/functional_test_runner.js", "test:server": "plugin-helpers test:server", "test:browser": "plugin-helpers test:browser", "test:jest": "node scripts/jest --runInBand", "test:jest:runner": "node scripts/runner test", "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration", "prebuild": "node scripts/generate-build-version" }, "dependencies": { "angular-animate": "1.8.3", "angular-material": "1.2.5", "axios": "^1.6.1", "install": "^0.13.0", "js2xmlparser": "^5.0.0", "json2csv": "^4.1.2", "jwt-decode": "^3.1.2", "loglevel": "^1.7.1", "markdown-it-link-attributes": "^4.0.1", "md5": "^2.3.0", "needle": "^3.2.0", "node-cron": "^1.1.2", "pdfmake": "0.2.7", "querystring-browser": "1.0.4", "react-codemirror": "^1.0.0", "react-cookie": "^4.0.3", "read-last-lines": "^1.7.2", "timsort": "^0.3.0", "typescript": "^5.0.4", "winston": "3.9.0", "dompurify": "^3.1.3", "jsdom": "16.7.0" }, "devDependencies": { "@types/node-cron": "^2.0.3", "@typescript-eslint/eslint-plugin": "^6.2.1", "@typescript-eslint/parser": "^6.2.1", "eslint": "^8.46.0", "eslint-config-prettier": "^8.5.0", "eslint-import-resolver-typescript": "3.5.5", "eslint-plugin-async-await": "^0.0.0", "eslint-plugin-cypress": "^2.12.1", "eslint-plugin-filenames-simple": "^0.8.0", "eslint-plugin-import": "^2.28.0", "eslint-plugin-prettier": "^4.2.1", "eslint-plugin-react": "^7.31.8", "eslint-plugin-react-hooks": "^4.6.0", "prettier": "^2.7.1", "redux-mock-store": "^1.5.4", "swagger-client": "^3.19.11" }, "opensearchDashboards": { "version": "2.10.0" } }[ ``` ### Dashboard Status ```console [root@ip-10-0-0-64 bin]# systemctl status wazuh-dashboard -l ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:55:12 UTC; 6 days ago Main PID: 19931 (node) CGroup: /system.slice/wazuh-dashboard.service └─19931 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist Jun 03 13:55:01 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:01Z","tags":[],"pid":19931,"method":"put","statusCode":200,"req":{"url":"/hosts/update-hostname/wazuh1","method":"put","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"124","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","id":"wazuh2","pattern":"wazuh-alerts-*","content-type":"application/json","accept":"application/json, text/plain, */*","osd-xsrf":"kibana","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11;Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"PUT /hosts/update-hostname/wazuh1 200 8ms - 9.0B"} Jun 03 13:55:02 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:01Z","tags":[],"pid":19931,"method":"post","statusCode":200,"req":{"url":"/api/check-api","method":"post","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"130","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":938,"contentLength":9},"message":"POST /api/check-api 200 938ms - 9.0B"} Jun 03 13:55:02 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:02Z","tags":[],"pid":19931,"method":"put","statusCode":200,"req":{"url":"/hosts/update-hostname/wazuh2","method":"put","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"124","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","id":"wazuh2","pattern":"wazuh-alerts-*","content-type":"application/json","accept":"application/json, text/plain, */*","osd-xsrf":"kibana","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11;Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"PUT /hosts/update-hostname/wazuh2 200 6ms - 9.0B"} Jun 03 13:55:02 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:02Z","tags":[],"pid":19931,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","id":"wazuh2","pattern":"wazuh-alerts-*","accept":"application/json, text/plain, */*","osd-xsrf":"kibana","sec-ch-ua-platform":"\"Linux\"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /api/setup 200 5ms - 9.0B"} Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:02Z","tags":[],"pid":19931,"method":"post","statusCode":200,"req":{"url":"/api/check-api","method":"post","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"130","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":890,"contentLength":9},"message":"POST /api/check-api 200 890ms - 9.0B"} Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:03Z","tags":[],"pid":19931,"method":"put","statusCode":200,"req":{"url":"/hosts/update-hostname/wazuh2","method":"put","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"124","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","id":"wazuh2","pattern":"wazuh-alerts-*","content-type":"application/json","accept":"application/json, text/plain, */*","osd-xsrf":"kibana","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11;Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"PUT /hosts/update-hostname/wazuh2 200 7ms - 9.0B"} Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:03Z","tags":[],"pid":19931,"method":"get","statusCode":200,"req":{"url":"/elastic/samplealerts/security","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /elastic/samplealerts/security 200 11ms - 9.0B"} Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:03Z","tags":[],"pid":19931,"method":"get","statusCode":200,"req":{"url":"/elastic/samplealerts/threat-detection","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /elastic/samplealerts/threat-detection 200 10ms - 9.0B"} Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:03Z","tags":[],"pid":19931,"method":"get","statusCode":200,"req":{"url":"/elastic/samplealerts/auditing-policy-monitoring","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /elastic/samplealerts/auditing-policy-monitoring 200 10ms - 9.0B"} Jun 03 13:55:22 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:08Z","tags":[],"pid":19931,"method":"post","statusCode":200,"req":{"url":"/elastic/samplealerts/security","method":"post","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"100","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":13468,"contentLength":9},"message":"POST /elastic/samplealerts/security200 13468ms - 9.0B"} ``` ### Dashboard Service Status ```console [root@ip-10-0-0-64 bin]# journalctl -xe -u wazuh-dashboard.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 13:56:18 UTC. -- ... Jun 03 13:55:03 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:03Z","tags":[],"pid":19931,"method":"get","statusCode":200,"req":{"url":"/elastic/samplealerts/auditing-policy-monitoring","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /elastic/samplealerts/auditing-policy-monitoring 200 10ms - 9.0B"} Jun 03 13:55:22 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:55:08Z","tags":[],"pid":19931,"method":"post","statusCode":200,"req":{"url":"/elastic/samplealerts/security","method":"post","headers":{"host":"10.0.0.64:5601","connection":"close","content-length":"100","sec-ch-ua":"\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not.A/Brand\";v=\"24\"","accept":"application/json, text/plain, */*","content-type":"application/json","osd-xsrf":"kibana","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","origin":"https://demo.wazuh.info","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://demo.wazuh.info/app/sample-data","accept-encoding":"gzip, deflate, br, zstd","accept-language":"en-US,en;q=0.9,es;q=0.8"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","referer":"https://demo.wazuh.info/app/sample-data"},"res":{"statusCode":200,"responseTime":13468,"contentLength":9},"message":"POST /elastic/samplealerts/security200 13468ms - 9.0B"} Jun 03 13:56:18 ip-10-0-0-64.us-west-1.compute.internal opensearch-dashboards[19931]: {"type":"response","@timestamp":"2024-06-03T13:56:18Z","tags":[],"pid":19931,"method":"get","statusCode":302,"req":{"url":"/app/endpoints-summary","method":"get","headers":{"host":"10.0.0.64:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://us-west-1.console.aws.amazon.com/","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"cross-site"},"remoteAddress":"10.0.0.64","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0","referer":"https://us-west-1.console.aws.amazon.com/"},"res":{"statusCode":302,"responseTime":4,"contentLength":9},"message":"GET /app/endpoints-summary 302 4ms - 9.0B"} ``` ### Error Logs ```console [root@ip-10-0-0-64 bin]# egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l 17 [root@ip-10-0-0-64 bin]# egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log {"date":"2024-06-03T11:23:52.966Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.966Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.967Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:52.967Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:53.172Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:53.426Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:56.120Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.020Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.020Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.021Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.021Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:23:57.217Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.235Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"APIUserAllowRunAs:check","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.236Z","level":"error","location":"wazuh-api:getToken","message":"Selected API is no longer available in wazuh.yml"} {"date":"2024-06-03T11:24:08.435Z","level":"error","location":"manage-hosts:getHostById","message":"Selected API is no longer available in wazuh.yml"} ```

Rebits commented 4 months ago

Check Indexer Logs :yellow_circle:

IndexerBootstrap :yellow_circle:

- **Known errors**: https://github.com/wazuh/wazuh-packages/issues/2685 ### System information ```console [root@ip-10-0-2-231 bin]# cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console [root@ip-10-0-2-231 bin]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:31:30 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12372 (java) CGroup: /system.slice/wazuh-indexer.service └─12372 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10871260846136496416 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console [root@ip-10-0-2-231 bin]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:31:30 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12372 (java) CGroup: /system.slice/wazuh-indexer.service ... Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:37 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:04 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-231.us-west-1.compute.internal systemd-entrypoint[12372]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Error Logs ```console [root@ip-10-0-2-231 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

IndexerMasterB :yellow_circle:

- **Known warnings**: https://github.com/wazuh/wazuh-packages/issues/2685 ### System information ```console NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console [root@ip-10-0-2-51 bin]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:31:59 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12376 (java) CGroup: /system.slice/wazuh-indexer.service └─12376 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-13327547174649610103 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Service Status ```console [root@ip-10-0-2-51 bin]# systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:31:59 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12376 (java) CGroup: /system.slice/wazuh-indexer.service └─12376 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-13327547174649610103 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) [root@ip-10-0-2-51 bin]# journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:05 UTC, end at Mon 2024-06-03 14:01:01 UTC. -- May 28 07:29:55 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:29:57 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:29:57 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:29:57 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:29:57 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:29:59 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:29:59 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:29:59 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:29:59 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[10477]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:30:19 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 28 07:31:36 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 28 07:31:36 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 28 07:31:36 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:31:39 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:31:39 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:31:39 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:31:39 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:31:41 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:31:41 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:31:41 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:31:41 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:31:59 ip-10-0-2-51.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ... May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 31 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:00 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.indices.IndicesService.withTempIndexService(IndicesService.java:784) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexWithTemporaryService(MetadataCreateIndexService.java:480) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequestWithV1Templates(MetadataCreateIndexService.java:585) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:442) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:449) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:355) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.indices.IndicesService.withTempIndexService(IndicesService.java:784) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexWithTemporaryService(MetadataCreateIndexService.java:480) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequestWithV1Templates(MetadataCreateIndexService.java:585) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:442) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:449) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:355) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-51.us-west-1.compute.internal systemd-entrypoint[12376]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console [root@ip-10-0-2-51 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 2 [root@ip-10-0-2-51 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log [2024-06-03T07:32:15,822][ERROR][o.o.a.a.AlertIndices ] [node-3] info deleteOldIndices [2024-06-03T07:32:15,822][ERROR][o.o.a.a.AlertIndices ] [node-3] info deleteOldIndices ```

IndexerMasterC :yellow_circle:

- **Known warnings**: https://github.com/wazuh/wazuh-packages/issues/2685 ### System information ```console NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console sh-4.2$ systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:32:39 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12911 (java) CGroup: /system.slice/wazuh-indexer.service └─12911 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10771870303851840343 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet ``` ### Service Status ```console sh-4.2$ systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:32:39 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 12911 (java) CGroup: /system.slice/wazuh-indexer.service └─12911 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10771870303851840343 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet sh-4.2$ ^C sh-4.2$ ^C sh-4.2$ journalctl -xe -u wazuh-indexer.service --no-pager Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. sh-4.2$ sudo su [root@ip-10-0-2-104 bin]# journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 14:03:07 UTC. -- May 28 07:29:56 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:29:58 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:29:58 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:29:58 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:29:58 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:30:00 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:30:00 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:30:00 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:30:00 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[10487]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:30:19 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 28 07:32:15 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 28 07:32:15 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 28 07:32:15 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:32:18 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:32:18 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:32:18 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:32:18 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:32:20 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:32:20 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:32:20 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:32:20 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:32:39 ip-10-0-2-104.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 29 00:00:28 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 29 00:00:29 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 30 00:00:31 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) May 31 00:00:34 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 01 00:00:37 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 02 00:00:04 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-2-104.us-west-1.compute.internal systemd-entrypoint[12911]: at java.base/java.lang.Thread.run(Thread.java:833) ``` > **Analysis**: > The ERROR logs are expected, it is a known issue: https://github.com/wazuh/wazuh-packages/issues/2685 ### Error Logs ```console [root@ip-10-0-2-104 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 [root@ip-10-0-2-104 bin]# ```

WazuhDashboard :yellow_circle:

- **Known warnings**: https://github.com/wazuh/wazuh-packages/issues/2685 ### System information ```console sh-4.2$ cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Agent Status ```console sh-4.2$ systemctl status wazuh-indexer -l ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-05-28 07:38:47 UTC; 6 days ago Docs: https://documentation.wazuh.com Main PID: 14595 (java) CGroup: /system.slice/wazuh-indexer.service └─14595 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6733827076527898517 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet ``` ### Service Status ```console [root@ip-10-0-0-64 bin]# journalctl -xe -u wazuh-indexer.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 14:04:31 UTC. -- May 28 07:35:11 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:35:13 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:35:13 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:35:13 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:35:13 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:35:15 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:35:15 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:35:15 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:35:15 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[10460]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:35:33 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. May 28 07:38:20 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun shutting down. May 28 07:38:20 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished shutting down. May 28 07:38:20 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer... -- Subject: Unit wazuh-indexer.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has begun starting up. May 28 07:38:25 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:38:25 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:38:25 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch May 28 07:38:25 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:38:27 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: A terminally deprecated method in java.lang.System has been called May 28 07:38:27 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar) May 28 07:38:27 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security May 28 07:38:27 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: WARNING: System::setSecurityManager will be removed in a future release May 28 07:38:47 ip-10-0-0-64.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer. -- Subject: Unit wazuh-indexer.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-indexer.service has finished starting up. -- -- The start-up result is done. ... Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Jun 03 00:00:01 ip-10-0-0-64.us-west-1.compute.internal systemd-entrypoint[14595]: at java.base/java.lang.Thread.run(Thread.java:833) ``` ### Error Logs ```console [root@ip-10-0-0-64 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l 0 ```

Rebits commented 4 months ago

Check Manager Logs :yellow_circle:

WazuhMasterEnv1 :yellow_circle:

- **Known issue**: https://github.com/wazuh/wazuh/issues/21014 ``` 2024/06/03 01:39:04 wazuh-remoted: WARNING: Unexpected message (hex): '1e023e6004ffffff683effffffff210621ffff24ff5effff0eff34ffff27ff3cffffff4dffff5034ff56ffffffffffff0bffff493920713c63ffff74ff33ffffffff3d7a1dffffff672d18ffff40ffff0bff44ffff36ff12ffffff05ffff16ffff3d0619ffff09ff7d1cffff2fffffffff77ffffff004aff3dff2d5f05ffffff264fffff7232ffffff7d5b7b6e49751f6dffffffffff077cff393dffff4c674aff3aff33ff78ffff7b05ff380e57ffffffff1a63ffffff1215ff0577ffffffff4317ff2e6939ffffffffffffffffff62ffff5d7815ff786832ffffffffff1e023e6004ffffff683effffffff210621ffff24ff5effff0eff34ffff27ff3cffffff4dffff5034ff56ffffffffffff0bffff493920713c63ffff74ff33ffffffff3d7a1dffffff672d18ffff40ffff0bff44ffff36ff12ffffff05ffff16ffff3d0619ffff09ff7d1cffff2fffffffff77ffffff004aff3dff2d5f05ffffff264fffff7232ffffff7d5b7b6e49751f6dffffffffff077cff393dffff4c674aff3aff33ff78ffff7b05ff380e57ffffffff1a63ffffff1215ff0577ffffffff4317ff2e6939ffffffffffffffffff62ffff5d7815ff786832ffffffffff1e023e6004ffffff683effffffff210621ffff242d7fff23ff1cff2e6eff7a7a33ff45ffff387c2440385affffffff00ff24ff2dffffffffffffff75ffff19ff491bff5e5871121cff2e21ffff0a1fff72ff165a22ffff6b34ffff5d034e4aff18ff5344ffffffffff1eff63ffff73ffffffffffff250dff3fffff5fffffffff2fff0d2b086bff3effff4dffffff4a60ff62ffffffffff103bff42ff6effff6fff566f41794954ffff18ff7f39ff3f6049ffff56ffffff235bffffffff7a5458ff3c19ff0945ffff5f39ffff6bff275eff1d09ffff08ff33ffff17ffff42ffffff0429ffffffffff4246ffffffffff1bffffff29ff14ff2136ffffffff3b3122ff745affffff51ff501dff0b37ff25260e04ffff2c7a7bff24ffff52ff0bff0e0dffffff5cffff16166a174f436637406333ff3fff2d7c6502ff2e1a37ffff08ff61' 2024/06/03 01:39:04 wazuh-remoted: WARNING: Too big message size from socket [28]. ``` ### System information ```console sh-4.2$ cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console [root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="server" ``` ### Agent Status ```console [root@wazuh-manager-master-0 bin]# systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Tue 2024-05-28 07:43:45 UTC; 6 days ago Process: 15315 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15469 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 28 07:43:39 wazuh-manager-master-0 env[15469]: Started wazuh-remoted... May 28 07:43:40 wazuh-manager-master-0 env[15469]: Started wazuh-logcollector... May 28 07:43:40 wazuh-manager-master-0 env[15469]: Started wazuh-monitord... May 28 07:43:40 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:40 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:43:40 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:41 wazuh-manager-master-0 env[15469]: Started wazuh-modulesd... May 28 07:43:43 wazuh-manager-master-0 env[15469]: Started wazuh-clusterd... May 28 07:43:44 wazuh-manager-master-0 crontab[16049]: (root) LIST (root) May 28 07:43:45 wazuh-manager-master-0 env[15469]: Completed. May 28 07:43:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. ``` ### Module Status ```console [root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd is running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console [root@wazuh-manager-master-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 14:05:47 UTC. -- May 28 07:41:04 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:41:06 wazuh-manager-master-0 env[11361]: 2024/05/28 07:41:06 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:41:06 wazuh-manager-master-0 env[11361]: 2024/05/28 07:41:06 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:41:06 wazuh-manager-master-0 env[11361]: Starting Wazuh v4.8.0... May 28 07:41:09 wazuh-manager-master-0 env[11361]: Started wazuh-apid... May 28 07:41:09 wazuh-manager-master-0 env[11361]: Started wazuh-csyslogd... May 28 07:41:09 wazuh-manager-master-0 env[11361]: Started wazuh-dbd... May 28 07:41:09 wazuh-manager-master-0 env[11361]: 2024/05/28 07:41:09 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:41:09 wazuh-manager-master-0 env[11361]: Started wazuh-integratord... May 28 07:41:09 wazuh-manager-master-0 env[11361]: Started wazuh-agentlessd... May 28 07:41:10 wazuh-manager-master-0 env[11361]: Started wazuh-authd... May 28 07:41:11 wazuh-manager-master-0 env[11361]: Started wazuh-db... May 28 07:41:12 wazuh-manager-master-0 env[11361]: Started wazuh-execd... May 28 07:41:13 wazuh-manager-master-0 env[11361]: Started wazuh-analysisd... May 28 07:41:14 wazuh-manager-master-0 env[11361]: Started wazuh-syscheckd... May 28 07:41:15 wazuh-manager-master-0 env[11361]: Started wazuh-remoted... May 28 07:41:16 wazuh-manager-master-0 env[11361]: Started wazuh-logcollector... May 28 07:41:17 wazuh-manager-master-0 env[11361]: Started wazuh-monitord... May 28 07:41:17 wazuh-manager-master-0 env[11361]: 2024/05/28 07:41:17 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:41:17 wazuh-manager-master-0 env[11361]: 2024/05/28 07:41:17 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:41:18 wazuh-manager-master-0 env[11361]: Started wazuh-modulesd... May 28 07:41:20 wazuh-manager-master-0 env[11361]: Started wazuh-clusterd... May 28 07:41:21 wazuh-manager-master-0 crontab[11944]: (root) LIST (root) May 28 07:41:22 wazuh-manager-master-0 env[11361]: Completed. May 28 07:41:22 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 28 07:43:23 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 28 07:43:23 wazuh-manager-master-0 env[15315]: Killing wazuh-clusterd... May 28 07:43:24 wazuh-manager-master-0 env[15315]: Killing wazuh-modulesd... May 28 07:43:24 wazuh-manager-master-0 env[15315]: Killing wazuh-monitord... May 28 07:43:24 wazuh-manager-master-0 env[15315]: Killing wazuh-logcollector... May 28 07:43:24 wazuh-manager-master-0 env[15315]: Killing wazuh-remoted... May 28 07:43:24 wazuh-manager-master-0 env[15315]: Killing wazuh-syscheckd... May 28 07:43:25 wazuh-manager-master-0 env[15315]: Killing wazuh-analysisd... May 28 07:43:25 wazuh-manager-master-0 env[15315]: wazuh-maild not running... May 28 07:43:25 wazuh-manager-master-0 env[15315]: Killing wazuh-execd... May 28 07:43:25 wazuh-manager-master-0 env[15315]: Killing wazuh-db... May 28 07:43:26 wazuh-manager-master-0 env[15315]: Killing wazuh-authd... May 28 07:43:27 wazuh-manager-master-0 env[15315]: wazuh-agentlessd not running... May 28 07:43:27 wazuh-manager-master-0 env[15315]: wazuh-integratord not running... May 28 07:43:27 wazuh-manager-master-0 env[15315]: wazuh-dbd not running... May 28 07:43:27 wazuh-manager-master-0 env[15315]: wazuh-csyslogd not running... May 28 07:43:27 wazuh-manager-master-0 env[15315]: Killing wazuh-apid... May 28 07:43:27 wazuh-manager-master-0 env[15315]: Wazuh v4.8.0 Stopped May 28 07:43:27 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 28 07:43:27 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:43:29 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:29 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:43:29 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:29 wazuh-manager-master-0 env[15469]: Starting Wazuh v4.8.0... May 28 07:43:33 wazuh-manager-master-0 env[15469]: Started wazuh-apid... May 28 07:43:33 wazuh-manager-master-0 env[15469]: Started wazuh-csyslogd... May 28 07:43:33 wazuh-manager-master-0 env[15469]: Started wazuh-dbd... May 28 07:43:33 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:33 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:43:33 wazuh-manager-master-0 env[15469]: Started wazuh-integratord... May 28 07:43:33 wazuh-manager-master-0 env[15469]: Started wazuh-agentlessd... May 28 07:43:34 wazuh-manager-master-0 env[15469]: Started wazuh-authd... May 28 07:43:35 wazuh-manager-master-0 env[15469]: Started wazuh-db... May 28 07:43:36 wazuh-manager-master-0 env[15469]: Started wazuh-execd... May 28 07:43:37 wazuh-manager-master-0 env[15469]: Started wazuh-analysisd... May 28 07:43:38 wazuh-manager-master-0 env[15469]: Started wazuh-syscheckd... May 28 07:43:39 wazuh-manager-master-0 env[15469]: Started wazuh-remoted... May 28 07:43:40 wazuh-manager-master-0 env[15469]: Started wazuh-logcollector... May 28 07:43:40 wazuh-manager-master-0 env[15469]: Started wazuh-monitord... May 28 07:43:40 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:40 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:43:40 wazuh-manager-master-0 env[15469]: 2024/05/28 07:43:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:41 wazuh-manager-master-0 env[15469]: Started wazuh-modulesd... May 28 07:43:43 wazuh-manager-master-0 env[15469]: Started wazuh-clusterd... May 28 07:43:44 wazuh-manager-master-0 crontab[16049]: (root) LIST (root) May 28 07:43:45 wazuh-manager-master-0 env[15469]: Completed. May 28 07:43:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console [root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 2 [root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 2024/06/03 01:39:04 wazuh-remoted: WARNING: Unexpected message (hex): '1e023e6004ffffff683effffffff210621ffff24ff5effff0eff34ffff27ff3cffffff4dffff5034ff56ffffffffffff0bffff493920713c63ffff74ff33ffffffff3d7a1dffffff672d18ffff40ffff0bff44ffff36ff12ffffff05ffff16ffff3d0619ffff09ff7d1cffff2fffffffff77ffffff004aff3dff2d5f05ffffff264fffff7232ffffff7d5b7b6e49751f6dffffffffff077cff393dffff4c674aff3aff33ff78ffff7b05ff380e57ffffffff1a63ffffff1215ff0577ffffffff4317ff2e6939ffffffffffffffffff62ffff5d7815ff786832ffffffffff1e023e6004ffffff683effffffff210621ffff24ff5effff0eff34ffff27ff3cffffff4dffff5034ff56ffffffffffff0bffff493920713c63ffff74ff33ffffffff3d7a1dffffff672d18ffff40ffff0bff44ffff36ff12ffffff05ffff16ffff3d0619ffff09ff7d1cffff2fffffffff77ffffff004aff3dff2d5f05ffffff264fffff7232ffffff7d5b7b6e49751f6dffffffffff077cff393dffff4c674aff3aff33ff78ffff7b05ff380e57ffffffff1a63ffffff1215ff0577ffffffff4317ff2e6939ffffffffffffffffff62ffff5d7815ff786832ffffffffff1e023e6004ffffff683effffffff210621ffff242d7fff23ff1cff2e6eff7a7a33ff45ffff387c2440385affffffff00ff24ff2dffffffffffffff75ffff19ff491bff5e5871121cff2e21ffff0a1fff72ff165a22ffff6b34ffff5d034e4aff18ff5344ffffffffff1eff63ffff73ffffffffffff250dff3fffff5fffffffff2fff0d2b086bff3effff4dffffff4a60ff62ffffffffff103bff42ff6effff6fff566f41794954ffff18ff7f39ff3f6049ffff56ffffff235bffffffff7a5458ff3c19ff0945ffff5f39ffff6bff275eff1d09ffff08ff33ffff17ffff42ffffff0429ffffffffff4246ffffffffff1bffffff29ff14ff2136ffffffff3b3122ff745affffff51ff501dff0b37ff25260e04ffff2c7a7bff24ffff52ff0bff0e0dffffff5cffff16166a174f436637406333ff3fff2d7c6502ff2e1a37ffff08ff61' 2024/06/03 01:39:04 wazuh-remoted: WARNING: Too big message size from socket [28]. [root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 ``` ### Filebeat Output ```console [root@wazuh-manager-master-0 bin]# filebeat test output elasticsearch: https://10.0.2.231:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.231 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.104:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.104 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.51:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.51 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

WazuhMasterEnv2 :green_circle:

### System information ```console sh-4.2$ cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console [root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="server" ``` ### Agent Status ```console systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Tue 2024-05-28 07:43:15 UTC; 6 days ago Process: 15325 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15495 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 28 07:43:09 wazuh-manager-master-0 env[15495]: Started wazuh-remoted... May 28 07:43:10 wazuh-manager-master-0 env[15495]: Started wazuh-logcollector... May 28 07:43:11 wazuh-manager-master-0 env[15495]: Started wazuh-monitord... May 28 07:43:11 wazuh-manager-master-0 env[15495]: 2024/05/28 07:43:11 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:43:11 wazuh-manager-master-0 env[15495]: 2024/05/28 07:43:11 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:12 wazuh-manager-master-0 env[15495]: Started wazuh-modulesd... May 28 07:43:13 wazuh-manager-master-0 env[15495]: Started wazuh-clusterd... May 28 07:43:14 wazuh-manager-master-0 crontab[16077]: (root) LIST (root) May 28 07:43:15 wazuh-manager-master-0 env[15495]: Completed. May 28 07:43:15 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. ``` ### Module Status ```console /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd is running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console root@wazuh-manager-master-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 14:12:24 UTC. -- May 28 07:40:55 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:40:57 wazuh-manager-master-0 env[11367]: 2024/05/28 07:40:57 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:40:57 wazuh-manager-master-0 env[11367]: 2024/05/28 07:40:57 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:40:57 wazuh-manager-master-0 env[11367]: Starting Wazuh v4.8.0... May 28 07:41:00 wazuh-manager-master-0 env[11367]: Started wazuh-apid... May 28 07:41:00 wazuh-manager-master-0 env[11367]: Started wazuh-csyslogd... May 28 07:41:00 wazuh-manager-master-0 env[11367]: Started wazuh-dbd... May 28 07:41:00 wazuh-manager-master-0 env[11367]: 2024/05/28 07:41:00 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:41:00 wazuh-manager-master-0 env[11367]: Started wazuh-integratord... May 28 07:41:00 wazuh-manager-master-0 env[11367]: Started wazuh-agentlessd... May 28 07:41:01 wazuh-manager-master-0 env[11367]: Started wazuh-authd... May 28 07:41:02 wazuh-manager-master-0 env[11367]: Started wazuh-db... May 28 07:41:03 wazuh-manager-master-0 env[11367]: Started wazuh-execd... May 28 07:41:04 wazuh-manager-master-0 env[11367]: Started wazuh-analysisd... May 28 07:41:05 wazuh-manager-master-0 env[11367]: Started wazuh-syscheckd... May 28 07:41:06 wazuh-manager-master-0 env[11367]: Started wazuh-remoted... May 28 07:41:07 wazuh-manager-master-0 env[11367]: Started wazuh-logcollector... May 28 07:41:08 wazuh-manager-master-0 env[11367]: Started wazuh-monitord... May 28 07:41:08 wazuh-manager-master-0 env[11367]: 2024/05/28 07:41:08 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:41:08 wazuh-manager-master-0 env[11367]: 2024/05/28 07:41:08 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:41:10 wazuh-manager-master-0 env[11367]: Started wazuh-modulesd... May 28 07:41:11 wazuh-manager-master-0 env[11367]: Started wazuh-clusterd... May 28 07:41:12 wazuh-manager-master-0 crontab[11950]: (root) LIST (root) May 28 07:41:13 wazuh-manager-master-0 env[11367]: Completed. May 28 07:41:13 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 28 07:42:53 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 28 07:42:53 wazuh-manager-master-0 env[15325]: Killing wazuh-clusterd... May 28 07:42:53 wazuh-manager-master-0 env[15325]: Killing wazuh-modulesd... May 28 07:42:54 wazuh-manager-master-0 env[15325]: Killing wazuh-monitord... May 28 07:42:54 wazuh-manager-master-0 env[15325]: Killing wazuh-logcollector... May 28 07:42:54 wazuh-manager-master-0 env[15325]: Killing wazuh-remoted... May 28 07:42:54 wazuh-manager-master-0 env[15325]: Killing wazuh-syscheckd... May 28 07:42:55 wazuh-manager-master-0 env[15325]: Killing wazuh-analysisd... May 28 07:42:55 wazuh-manager-master-0 env[15325]: wazuh-maild not running... May 28 07:42:55 wazuh-manager-master-0 env[15325]: Killing wazuh-execd... May 28 07:42:55 wazuh-manager-master-0 env[15325]: Killing wazuh-db... May 28 07:42:56 wazuh-manager-master-0 env[15325]: Killing wazuh-authd... May 28 07:42:57 wazuh-manager-master-0 env[15325]: wazuh-agentlessd not running... May 28 07:42:57 wazuh-manager-master-0 env[15325]: wazuh-integratord not running... May 28 07:42:57 wazuh-manager-master-0 env[15325]: wazuh-dbd not running... May 28 07:42:57 wazuh-manager-master-0 env[15325]: wazuh-csyslogd not running... May 28 07:42:57 wazuh-manager-master-0 env[15325]: Killing wazuh-apid... May 28 07:42:57 wazuh-manager-master-0 env[15325]: Wazuh v4.8.0 Stopped May 28 07:42:57 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 28 07:42:57 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:42:59 wazuh-manager-master-0 env[15495]: 2024/05/28 07:42:59 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:42:59 wazuh-manager-master-0 env[15495]: 2024/05/28 07:42:59 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:00 wazuh-manager-master-0 env[15495]: Starting Wazuh v4.8.0... May 28 07:43:03 wazuh-manager-master-0 env[15495]: Started wazuh-apid... May 28 07:43:03 wazuh-manager-master-0 env[15495]: Started wazuh-csyslogd... May 28 07:43:03 wazuh-manager-master-0 env[15495]: Started wazuh-dbd... May 28 07:43:03 wazuh-manager-master-0 env[15495]: 2024/05/28 07:43:03 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:43:03 wazuh-manager-master-0 env[15495]: Started wazuh-integratord... May 28 07:43:03 wazuh-manager-master-0 env[15495]: Started wazuh-agentlessd... May 28 07:43:04 wazuh-manager-master-0 env[15495]: Started wazuh-authd... May 28 07:43:05 wazuh-manager-master-0 env[15495]: Started wazuh-db... May 28 07:43:06 wazuh-manager-master-0 env[15495]: Started wazuh-execd... May 28 07:43:07 wazuh-manager-master-0 env[15495]: Started wazuh-analysisd... May 28 07:43:08 wazuh-manager-master-0 env[15495]: Started wazuh-syscheckd... May 28 07:43:09 wazuh-manager-master-0 env[15495]: Started wazuh-remoted... May 28 07:43:10 wazuh-manager-master-0 env[15495]: Started wazuh-logcollector... May 28 07:43:11 wazuh-manager-master-0 env[15495]: Started wazuh-monitord... May 28 07:43:11 wazuh-manager-master-0 env[15495]: 2024/05/28 07:43:11 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:43:11 wazuh-manager-master-0 env[15495]: 2024/05/28 07:43:11 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:43:12 wazuh-manager-master-0 env[15495]: Started wazuh-modulesd... May 28 07:43:13 wazuh-manager-master-0 env[15495]: Started wazuh-clusterd... May 28 07:43:14 wazuh-manager-master-0 crontab[16077]: (root) LIST (root) May 28 07:43:15 wazuh-manager-master-0 env[15495]: Completed. May 28 07:43:15 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. ``` ### Error Logs ```console [root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 [root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 ``` ### Filebeat Output ```console [root@wazuh-manager-master-0 bin]# filebeat test output elasticsearch: https://10.0.2.231:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.231 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.104:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.104 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.51:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.51 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

WazuhWorker :green_circle:

### System information ```console sh-4.2$ cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" Amazon Linux release 2 (Karoo) ``` ### Manager Version ```console [root@wazuh-manager-worker-0 bin]# /var/ossec/bin/wazuh-control info WAZUH_VERSION="v4.8.0" WAZUH_REVISION="40811" WAZUH_TYPE="server" ``` ### Agent Status ```console [root@wazuh-manager-worker-0 bin]# systemctl status wazuh-manager -l ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (exited) since Tue 2024-05-28 07:48:07 UTC; 6 days ago Process: 15047 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS) Process: 15189 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) May 28 07:48:00 wazuh-manager-worker-0 env[15189]: Started wazuh-remoted... May 28 07:48:02 wazuh-manager-worker-0 env[15189]: Started wazuh-logcollector... May 28 07:48:03 wazuh-manager-worker-0 env[15189]: Started wazuh-monitord... May 28 07:48:03 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:48:03 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:48:03 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:48:03 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:48:04 wazuh-manager-worker-0 env[15189]: Started wazuh-modulesd... May 28 07:48:05 wazuh-manager-worker-0 env[15189]: Started wazuh-clusterd... May 28 07:48:07 wazuh-manager-worker-0 env[15189]: Completed. May 28 07:48:07 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. May 28 07:48:08 wazuh-manager-worker-0 crontab[15800]: (root) LIST (root) ``` ### Module Status ```console [root@wazuh-manager-worker-0 bin]# /var/ossec/bin/wazuh-control status wazuh-clusterd is running... wazuh-modulesd is running... wazuh-monitord is running... wazuh-logcollector is running... wazuh-remoted is running... wazuh-syscheckd is running... wazuh-analysisd is running... wazuh-maild not running... wazuh-execd is running... wazuh-db is running... wazuh-authd not running... wazuh-agentlessd not running... wazuh-integratord is running... wazuh-dbd not running... wazuh-csyslogd not running... wazuh-apid is running... ``` ### Service Status ```console [root@wazuh-manager-worker-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager -- Logs begin at Tue 2024-05-28 07:16:04 UTC, end at Mon 2024-06-03 14:14:11 UTC. -- May 28 07:45:46 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:45:48 wazuh-manager-worker-0 env[11147]: 2024/05/28 07:45:48 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:45:48 wazuh-manager-worker-0 env[11147]: 2024/05/28 07:45:48 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:45:48 wazuh-manager-worker-0 env[11147]: Starting Wazuh v4.8.0... May 28 07:45:51 wazuh-manager-worker-0 env[11147]: Started wazuh-apid... May 28 07:45:51 wazuh-manager-worker-0 env[11147]: Started wazuh-csyslogd... May 28 07:45:51 wazuh-manager-worker-0 env[11147]: Started wazuh-dbd... May 28 07:45:51 wazuh-manager-worker-0 env[11147]: 2024/05/28 07:45:51 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:45:51 wazuh-manager-worker-0 env[11147]: Started wazuh-integratord... May 28 07:45:51 wazuh-manager-worker-0 env[11147]: Started wazuh-agentlessd... May 28 07:45:52 wazuh-manager-worker-0 env[11147]: Started wazuh-db... May 28 07:45:53 wazuh-manager-worker-0 env[11147]: Started wazuh-execd... May 28 07:45:54 wazuh-manager-worker-0 env[11147]: Started wazuh-analysisd... May 28 07:45:55 wazuh-manager-worker-0 env[11147]: Started wazuh-syscheckd... May 28 07:45:56 wazuh-manager-worker-0 env[11147]: Started wazuh-remoted... May 28 07:45:57 wazuh-manager-worker-0 env[11147]: Started wazuh-logcollector... May 28 07:45:59 wazuh-manager-worker-0 env[11147]: Started wazuh-monitord... May 28 07:45:59 wazuh-manager-worker-0 env[11147]: 2024/05/28 07:45:59 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:45:59 wazuh-manager-worker-0 env[11147]: 2024/05/28 07:45:59 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:46:00 wazuh-manager-worker-0 env[11147]: Started wazuh-modulesd... May 28 07:46:01 wazuh-manager-worker-0 env[11147]: Started wazuh-clusterd... May 28 07:46:02 wazuh-manager-worker-0 crontab[11701]: (root) LIST (root) May 28 07:46:03 wazuh-manager-worker-0 env[11147]: Completed. May 28 07:46:03 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 28 07:47:46 wazuh-manager-worker-0 systemd[1]: Stopping Wazuh manager... -- Subject: Unit wazuh-manager.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun shutting down. May 28 07:47:46 wazuh-manager-worker-0 env[15047]: Killing wazuh-clusterd... May 28 07:47:46 wazuh-manager-worker-0 env[15047]: Killing wazuh-modulesd... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-monitord... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-logcollector... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-remoted... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-syscheckd... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-analysisd... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: wazuh-maild not running... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-execd... May 28 07:47:47 wazuh-manager-worker-0 env[15047]: Killing wazuh-db... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: wazuh-authd not running... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: wazuh-agentlessd not running... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: wazuh-integratord not running... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: wazuh-dbd not running... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: wazuh-csyslogd not running... May 28 07:47:48 wazuh-manager-worker-0 env[15047]: Killing wazuh-apid... May 28 07:47:49 wazuh-manager-worker-0 env[15047]: Wazuh v4.8.0 Stopped May 28 07:47:49 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager. -- Subject: Unit wazuh-manager.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished shutting down. May 28 07:47:49 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager... -- Subject: Unit wazuh-manager.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has begun starting up. May 28 07:47:51 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:47:51 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:47:51 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:47:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:47:52 wazuh-manager-worker-0 env[15189]: Starting Wazuh v4.8.0... May 28 07:47:55 wazuh-manager-worker-0 env[15189]: Started wazuh-apid... May 28 07:47:55 wazuh-manager-worker-0 env[15189]: Started wazuh-csyslogd... May 28 07:47:55 wazuh-manager-worker-0 env[15189]: Started wazuh-dbd... May 28 07:47:55 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:47:55 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. May 28 07:47:55 wazuh-manager-worker-0 env[15189]: Started wazuh-integratord... May 28 07:47:55 wazuh-manager-worker-0 env[15189]: Started wazuh-agentlessd... May 28 07:47:56 wazuh-manager-worker-0 env[15189]: Started wazuh-db... May 28 07:47:57 wazuh-manager-worker-0 env[15189]: Started wazuh-execd... May 28 07:47:58 wazuh-manager-worker-0 env[15189]: Started wazuh-analysisd... May 28 07:47:59 wazuh-manager-worker-0 env[15189]: Started wazuh-syscheckd... May 28 07:48:00 wazuh-manager-worker-0 env[15189]: Started wazuh-remoted... May 28 07:48:02 wazuh-manager-worker-0 env[15189]: Started wazuh-logcollector... May 28 07:48:03 wazuh-manager-worker-0 env[15189]: Started wazuh-monitord... May 28 07:48:03 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:48:03 wazuh-modulesd:router: INFO: Loaded router module. May 28 07:48:03 wazuh-manager-worker-0 env[15189]: 2024/05/28 07:48:03 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. May 28 07:48:04 wazuh-manager-worker-0 env[15189]: Started wazuh-modulesd... May 28 07:48:05 wazuh-manager-worker-0 env[15189]: Started wazuh-clusterd... May 28 07:48:07 wazuh-manager-worker-0 env[15189]: Completed. May 28 07:48:07 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. -- Subject: Unit wazuh-manager.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit wazuh-manager.service has finished starting up. -- -- The start-up result is done. May 28 07:48:08 wazuh-manager-worker-0 crontab[15800]: (root) LIST (root) ``` ### Error Logs ```console [root@wazuh-manager-worker-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l 0 [root@wazuh-manager-worker-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l 0 [root@wazuh-manager-worker-0 bin]# ``` ### Filebeat Output ```console [root@wazuh-manager-worker-0 bin]# filebeat test output elasticsearch: https://10.0.2.231:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.231 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.104:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.104 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 elasticsearch: https://10.0.2.51:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.0.2.51 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2 ```

Rebits commented 4 months ago

Check Wazuh Users and Processes :green_circle:

Agent

Amazon 🟢

```console sh-4.2$ ps -aux | grep wazuh ssm-user 10044 0.0 0.0 121272 928 pts/0 S+ 16:25 0:00 grep wazuh root 11329 0.0 0.3 40768 3396 ? Sl May28 0:20 /var/ossec/bin/wazuh-execd wazuh 11341 0.0 0.5 328224 5472 ? Sl May28 1:49 /var/ossec/bin/wazuh-agentd root 11356 0.0 0.9 298588 8720 ? SNl May28 3:09 /var/ossec/bin/wazuh-syscheckd root 11372 0.0 0.4 483212 4456 ? Sl May28 1:14 /var/ossec/bin/wazuh-logcollector root 11390 0.0 1.2 751764 11996 ? Sl May28 0:45 /var/ossec/bin/wazuh-modulesd ```

Centos 🟢

```console sh-4.4$ ps -aux | grep wazuh root 9444 0.0 0.2 45828 1712 ? Sl May28 0:14 /var/ossec/bin/wazuh-execd wazuh 9456 0.0 0.4 276768 3484 ? Sl May28 1:36 /var/ossec/bin/wazuh-agentd root 9471 0.0 1.0 244480 8444 ? SNl May28 3:41 /var/ossec/bin/wazuh-syscheckd root 9486 0.0 0.3 488372 3128 ? Sl May28 1:01 /var/ossec/bin/wazuh-logcollector root 9503 0.0 2.6 761852 21044 ? Sl May28 0:46 /var/ossec/bin/wazuh-modulesd ssm-user 53964 0.0 0.1 221928 1028 pts/0 S+ 16:25 0:00 grep wazuh ```

Debian 🟢

```console root@ip-10-0-1-37:/usr/bin# ps -aux | grep wazuh root 8781 0.0 0.1 26596 1520 ? Sl May28 0:23 /var/ossec/bin/wazuh-execd wazuh 8792 0.0 0.2 248676 2276 ? Sl May28 2:07 /var/ossec/bin/wazuh-agentd root 8806 0.0 0.5 345392 5820 ? SNl May28 3:05 /var/ossec/bin/wazuh-syscheckd root 8821 0.0 0.1 469148 1648 ? Sl May28 1:26 /var/ossec/bin/wazuh-logcollector root 8840 0.0 1.6 731556 15964 ? Sl May28 0:45 /var/ossec/bin/wazuh-modulesd root 82091 0.0 0.0 5264 644 pts/0 S+ 16:26 0:00 grep wazuh ```

RHEL9 🟢

```console [root@ip-10-0-1-46 bin]# ps -aux | grep wazuh root 61952 0.0 0.1 26384 5244 ? Sl May28 0:13 /var/ossec/bin/wazuh-execd wazuh 61961 0.0 0.2 313728 9160 ? Sl May28 3:14 /var/ossec/bin/wazuh-agentd root 61976 0.0 0.4 558532 14952 ? SNl May28 5:25 /var/ossec/bin/wazuh-syscheckd root 61990 0.0 0.2 468900 7524 ? Sl May28 1:39 /var/ossec/bin/wazuh-logcollector root 61998 0.0 1.2 1026016 45652 ? Sl May28 2:17 /var/ossec/bin/wazuh-modulesd wazuh-u+ 704436 0.0 0.3 23220 13836 ? Ss 14:55 0:00 /usr/lib/systemd/systemd --user wazuh-u+ 704439 0.0 0.2 184688 8820 ? S 14:55 0:00 (sd-pam) root 704485 0.0 0.3 19904 11828 ? Ss 14:55 0:00 sshd: wazuh-user [priv] wazuh-u+ 704490 0.0 0.1 20104 7220 ? S 14:55 0:00 sshd: wazuh-user@pts/0 wazuh-u+ 704491 0.0 0.1 7384 4216 pts/0 Ss+ 14:55 0:00 -bash root 709377 0.0 0.3 19904 11756 ? Ss 16:00 0:00 sshd: wazuh-user [priv] wazuh-u+ 709380 0.0 0.1 20104 7244 ? S 16:00 0:00 sshd: wazuh-user@pts/1 wazuh-u+ 709381 0.0 0.1 7384 4216 pts/1 Ss 16:00 0:00 -bash root 711270 0.0 0.0 6408 2208 pts/2 S+ 16:26 0:00 grep --color=auto wazuh ```

Ubuntu 🟢

```console root@ip-10-0-1-115:/var/snap/amazon-ssm-agent/8660# ps -aux | grep wazuh root 8757 0.0 0.2 26436 2588 ? Sl May28 0:26 /var/ossec/bin/wazuh-execd wazuh 8768 0.0 0.4 248372 4432 ? Sl May28 2:12 /var/ossec/bin/wazuh-agentd root 8782 0.0 0.6 214492 6012 ? SNl May28 3:44 /var/ossec/bin/wazuh-syscheckd root 8796 0.0 0.2 468904 2852 ? Sl May28 1:25 /var/ossec/bin/wazuh-logcollector root 8816 0.0 1.3 731348 13500 ? Sl May28 0:55 /var/ossec/bin/wazuh-modulesd root 112243 0.0 0.2 7008 2168 pts/1 S+ 16:27 0:00 grep --color=auto wazuh ```

Windows 🟢

```console PS C:\Windows\system32> tasklist /svc | Select-String "wazuh" wazuh-agent.exe 1948 WazuhSvc PS C:\Windows\system32> ```

Dashboard

WazuhDashboard 🟢

```console [root@ip-10-0-0-64 bin]# ps -aux | grep wazuh-dashboard wazuh-d+ 19931 0.2 3.2 1109964 264216 ? Ssl May28 22:02 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist root 31105 0.0 0.0 121272 924 pts/0 S+ 16:28 0:00 grep --color=auto wazuh-dashboard ```

Indexer

IndexerBootstrap 🟢

```console [root@ip-10-0-2-231 bin]# ps -aux | grep wazuh wazuh-i+ 12372 0.8 58.1 7282232 4674668 ? Ssl May28 81:01 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10871260846136496416 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet root 24002 0.0 0.0 121272 960 pts/0 R+ 16:28 0:00 grep --color=auto wazuh ```

IndexerMasterB 🟢

```console sh-4.2$ ps -aux | grep wazuh wazuh-i+ 12376 1.0 58.0 7269480 4672356 ? Ssl May28 97:36 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-13327547174649610103 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet ssm-user 22450 0.0 0.0 121272 1008 pts/0 R+ 16:29 0:00 grep wazuh ```

IndexerMasterC 🟢

```console sh-4.2$ ps -aux | grep wazuh wazuh-i+ 12911 0.8 57.8 7283704 4658076 ? Ssl May28 77:33 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10771870303851840343 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet ssm-user 23688 0.0 0.0 121272 964 pts/0 S+ 16:29 0:00 grep wazuh ```

WazuhDashboard 🟢

```console sh-4.2$ ps -aux | grep wazuh-indexer wazuh-i+ 14595 0.7 39.2 5720940 3156792 ? Ssl May28 69:59 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6733827076527898517 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet ssm-user 31130 0.0 0.0 121272 960 pts/1 S+ 16:30 0:00 grep wazuh-indexer ```

Manager

WazuhMasterEnv1 🟢

```console sh-4.2$ ps -aux | grep wazuh ssm-user 1344 0.0 0.0 121272 956 pts/0 S+ 16:30 0:00 grep wazuh wazuh 25420 0.0 2.9 1144496 118164 ? Sl May28 6:28 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25421 0.0 2.1 303804 85680 ? S May28 1:01 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25424 0.1 2.0 383164 82368 ? S May28 12:03 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25427 0.0 1.4 511868 58664 ? S May28 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 25453 0.0 0.1 41376 4676 ? Sl May28 0:58 /var/ossec/bin/wazuh-integratord root 25474 0.2 0.1 262820 7468 ? Sl May28 23:00 /var/ossec/bin/wazuh-authd wazuh 25491 0.1 0.7 945796 30940 ? Sl May28 15:20 /var/ossec/bin/wazuh-db root 25517 0.0 0.0 106980 3924 ? Sl May28 0:21 /var/ossec/bin/wazuh-execd wazuh 25532 0.5 3.6 1305664 145136 ? Sl May28 53:54 /var/ossec/bin/wazuh-analysisd root 25545 0.0 0.3 295024 13476 ? SNl May28 3:39 /var/ossec/bin/wazuh-syscheckd wazuh 25563 0.2 0.4 1242324 16260 ? Sl May28 27:01 /var/ossec/bin/wazuh-remoted root 25602 0.0 0.1 483836 5576 ? Sl May28 1:22 /var/ossec/bin/wazuh-logcollector wazuh 25621 0.0 0.1 41408 7616 ? Sl May28 3:27 /var/ossec/bin/wazuh-monitord root 25674 0.1 7.4 1208336 296272 ? Sl May28 17:08 /var/ossec/bin/wazuh-modulesd wazuh 26106 0.1 1.7 435568 67808 ? Sl May28 16:14 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 26110 0.0 1.3 278016 54896 ? S May28 2:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ```

WazuhMasterEnv2 🟢

```console sh-4.2$ ps -aux | grep wazuh wazuh 24907 0.0 2.9 1143696 117316 ? Sl May28 4:05 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24908 0.0 2.1 305096 85608 ? S May28 0:27 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24911 0.0 2.0 383240 82076 ? S May28 8:23 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24914 0.0 1.4 511876 58596 ? S May28 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 24940 0.0 0.0 41372 3856 ? Sl May28 0:52 /var/ossec/bin/wazuh-integratord root 24961 0.2 0.1 197280 7476 ? Sl May28 21:07 /var/ossec/bin/wazuh-authd wazuh 24978 0.1 0.7 945800 28176 ? Sl May28 13:10 /var/ossec/bin/wazuh-db root 25004 0.0 0.1 106976 3956 ? Sl May28 0:20 /var/ossec/bin/wazuh-execd wazuh 25019 0.3 3.4 1297056 136296 ? Sl May28 31:49 /var/ossec/bin/wazuh-analysisd root 25032 0.0 0.3 295028 13684 ? SNl May28 3:32 /var/ossec/bin/wazuh-syscheckd wazuh 25053 0.1 0.3 1241816 15308 ? Sl May28 15:51 /var/ossec/bin/wazuh-remoted root 25088 0.0 0.1 483836 5444 ? Sl May28 1:16 /var/ossec/bin/wazuh-logcollector wazuh 25108 0.0 0.1 41412 7376 ? Sl May28 3:03 /var/ossec/bin/wazuh-monitord root 25159 0.0 6.1 1025040 243180 ? Sl May28 8:14 /var/ossec/bin/wazuh-modulesd wazuh 25593 0.0 1.4 424508 58296 ? Sl May28 3:27 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 25597 0.0 1.3 276440 52624 ? S May28 2:08 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 25598 0.0 1.3 276440 52772 ? S May28 2:10 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ssm-user 29119 0.0 0.0 121272 972 pts/0 S+ 16:31 0:00 grep wazuh ```

WazuhWorker 🟢

```console sh-4.2$ ps -aux | grep wazuh wazuh 18867 0.0 2.5 860676 101008 ? Sl May28 0:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 18868 0.0 1.4 282480 58336 ? S May28 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 18871 0.0 1.4 364408 58772 ? S May28 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 18874 0.0 1.4 511872 58620 ? S May28 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py wazuh 18900 0.0 0.1 41332 4188 ? Sl May28 0:28 /var/ossec/bin/wazuh-integratord wazuh 18919 0.1 0.4 945664 18596 ? Sl May28 12:03 /var/ossec/bin/wazuh-db root 18945 0.0 0.1 106908 4052 ? Sl May28 0:20 /var/ossec/bin/wazuh-execd wazuh 18960 0.0 0.9 1296968 39236 ? Sl May28 1:13 /var/ossec/bin/wazuh-analysisd root 18973 0.0 0.3 229328 13884 ? SNl May28 3:18 /var/ossec/bin/wazuh-syscheckd wazuh 18992 0.1 0.2 774684 11048 ? Sl May28 16:12 /var/ossec/bin/wazuh-remoted root 19030 0.0 0.1 483768 5728 ? Sl May28 1:13 /var/ossec/bin/wazuh-logcollector wazuh 19049 0.0 0.1 41344 7780 ? Sl May28 0:30 /var/ossec/bin/wazuh-monitord root 19098 0.0 5.6 943608 223936 ? Sl May28 6:21 /var/ossec/bin/wazuh-modulesd wazuh 19515 0.1 1.6 577884 64864 ? Sl May28 16:25 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py wazuh 19588 0.0 1.3 277064 54352 ? S May28 5:57 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ssm-user 19700 0.0 0.0 121272 924 pts/0 S+ 16:32 0:00 grep wazuh wazuh 20612 0.0 1.3 429264 54412 ? S May28 0:02 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py ```

Rebits commented 4 months ago

Check the Status of the Indexer Cluster 🟢

curl -k -u ADMIN_USER:PASS https://indexer_IP:9200/_cat/nodes?v
ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
x.x.x.x            32          90   0    0.01    0.03     0.02 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-7
x.x.x.x           37          93   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1
x.x.x.x            19          92   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-3
x.x.x.x           24          93   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-2

Rebits commented 4 months ago

Check Browser's Developer Console for Errors While Browsing the App :yellow_circle:

Login/Logout Screen 🟡

- Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121 ```console login:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. wz-home:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5821 ```console core.entry.js:15 Detected an unhandled Promise rejection. TypeError: Cannot read properties of undefined (reading 'split') securityDashboards.plugin.js:15 Error: Unauthorized at fetch_Fetch.fetchResponse (core.entry.js:15:177501) at async interceptResponse (core.entry.js:15:172919) at async core.entry.js:15:175399 core.entry.js:15 Detected an unhandled Promise rejection. Error: Unauthorized core.entry.js:15 Uncaught (in promise) Error: Unauthorized at fetch_Fetch.fetchResponse (core.entry.js:15:177501) at async interceptResponse (core.entry.js:15:172919) at async core.entry.js:15:175399 ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5332 ```console reportsDashboards.plugin.js:24 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split') at checkURLParams (reportsDashboards.plugin.js:24:109539) at HTMLDocument. (reportsDashboards.plugin.js:24:109421) at u (osd-ui-shared-deps.js:411:26168) at l (osd-ui-shared-deps.js:411:26470) ``` - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4108 ```console /api/ism/apiCaller:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/restapiinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/configuration/account:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) /api/v1/auth/dashboardsinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/restapiinfo 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/auth/dashboardsinfo 401 (Unauthorized) GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized) POST https://demo.wazuh.info/api/ism/apiCaller 401 (Unauthorized) POST https://demo.wazuh.info/api/request 401 (Unauthorized) ```

Overview :yellow_circle:

- Reported https://github.com/wazuh/wazuh-dashboard-plugins/issues/5332 ``` Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split') ``` - Reported https://github.com/wazuh/wazuh-dashboard-plugins/issues/4121 ``` wz-home#/overview/?_…&tabView=panels:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution. bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! ```

Endpoints Summary 🟢

- No issues found here.

Configuration Assessment 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

Malware Detection 🟢

- Dashboard 🟢 - Events 🟢

File Integrity Monitoring 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

Threat Hunting :green_circle:

- Dashboard :green_circle: Error detected in the Threat Hunting menu. It was impossible to replicate after a browser update. ``` Detected an unhandled Promise rejection. Error: ScopedHistory instance has fell out of navigation scope for basePath: /app/data-explorer core.entry.js:15 Uncaught (in promise) Error: ScopedHistory instance has fell out of navigation scope for basePath: /app/data-explorer at ScopedHistory.verifyActive (core.entry.js:15:87043) at get location [as location] (core.entry.js:15:86356) at getCurrentUrl (opensearchDashboardsUtils.plugin.js:1:118850) at getPendingUrl (opensearchDashboardsUtils.plugin.js:1:122785) at flush (opensearchDashboardsUtils.plugin.js:1:122466) at opensearchDashboardsUtils.plugin.js:1:123211 ``` - Events 🟢

Vulnerability Detection 🟢

- Dashboard 🟢 - Inventory 🟢 - Events 🟢

MITRE ATT&CK 🟢

- Dashboard 🟢 - Intelligence 🟢 - Framework 🟢 - Events 🟢

VirusTotal 🟢

- Dashboard 🟢 - Events 🟢

PCI DSS 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

GDPR 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

NIST 800-53 :yellow_circle:

- Dashboard :green_circle: Error detected in the dashboard menu. It was impossible to replicate after a browser update. ``` visTypeTagcloud.chunk.2.js:1 Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently cloudSprite @ visTypeTagcloud.chunk.2.js:1 step @ visTypeTagcloud.chunk.2.js:1 cloud.start @ visTypeTagcloud.chunk.2.js:1 (anonymous) @ visTypeTagcloud.chunk.1.js:1 _updateLayout @ visTypeTagcloud.chunk.1.js:1 _processPendingJob @ visTypeTagcloud.chunk.1.js:1 await in _processPendingJob (async) _invalidate @ visTypeTagcloud.chunk.1.js:1 setData @ visTypeTagcloud.chunk.1.js:1 _updateData @ visTypeTagcloud.chunk.1.js:1 render @ visTypeTagcloud.chunk.1.js:1 (anonymous) @ visTypeTagcloud.chunk.1.js:1 is @ osd-ui-shared-deps.js:441 gc @ osd-ui-shared-deps.js:441 t.unstable_runWithPriority @ osd-ui-shared-deps.js:449 ji @ osd-ui-shared-deps.js:441 bc @ osd-ui-shared-deps.js:441 Qs @ osd-ui-shared-deps.js:441 (anonymous) @ osd-ui-shared-deps.js:441 t.unstable_runWithPriority @ osd-ui-shared-deps.js:449 ji @ osd-ui-shared-deps.js:441 Ui @ osd-ui-shared-deps.js:441 Hi @ osd-ui-shared-deps.js:441 Ys @ osd-ui-shared-deps.js:441 enqueueSetState @ osd-ui-shared-deps.js:441 O.setState @ osd-ui-shared-deps.js:419 (anonymous) @ osd-ui-shared-deps.@elastic.js:1 ``` - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

TSC 🟡

- Dashboard 🟢 - Controls 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console osd-ui-shared-deps.@elastic.js:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only buttons are screen-reader-inaccessible without them. ``` - Events 🟢

Amazon Web Services 🟡

- Dashboard 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/4092 ```console mapsLegacy.chunk.1.js:1 The "manifestServiceUrl" parameter is deprecated in v7.6.0. Consider using "tileApiUrl" and "fileApiUrl" instead. ``` - Events 🟢

Google Cloud 🟢

- Dashboard 🟢 - Events 🟢

Github 🟢

- Dashboard 🟢 - Panel 🟢 - Events 🟢

Office 365 🟡

- Dashboard 🟢 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6022 ```console osd-ui-shared-deps.js:364 Uncaught TypeError: Cannot read properties of null (reading 'top_left') at scaleBounds (tileMap.plugin.js:7:13685) at CoordinateMapsVisualization.updateGeohashAgg (tileMap.plugin.js:7:15150) at CoordinateMapsVisualization._updateData (tileMap.plugin.js:7:17884) at CoordinateMapsVisualization.render (mapsLegacy.plugin.js:1:60834) at async CoordinateMapsVisualization.render (tileMap.plugin.js:7:15901) ``` - Panel 🟢 - Events 🟢

Side Navbar 🟡

- Recently Viewed 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6318 ![image](https://github.com/wazuh/wazuh/assets/54536265/12719674-5a92-4108-ae8c-313ecb995504)

Alerting 🟡

- Alerts 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869 ```console alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: '[alerting_exception] Configured indices are not found: [.opendistro-alerting-config]'} ``` - Monitors 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/5869 ```console alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: {…}} ``` - Destinations 🟡 - Reported in https://github.com/wazuh/wazuh-dashboard-plugins/issues/6320 ```console alertingDashboards.chunk.3.js:1 Unable to get email groups [index_not_found_exception] no such index [.opendistro-alerting-config], with { index=".opendistro-alerting-config" & resource.id=".opendistro-alerting-config" & resource.type="index_or_alias" & index_uuid="_na_" } ```

Rebits commented 4 months ago

Check that there are Alerts for each of the Modules Configured :green_circle:

Modules in ENV-1

Check Activated Modules 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/2e95440e-966a-4a17-83e0-0a7dc99e52a8) ![image](https://github.com/wazuh/wazuh/assets/11089305/fb4d86ed-a81c-4336-89c2-94f2c0b82420) ![image](https://github.com/wazuh/wazuh/assets/11089305/6f6b68b8-33c3-490b-bf8d-8adf0db8e1c9)

Check Alerts from the Activated Modules :green_circle:

- AWS Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/46b9160a-986b-48c7-9839-0f63a21017c7) - VirusTotal Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/fe0c2d42-6c2a-47e0-b23c-2be941b84fda) - Docker Listener Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/4fb1092e-4b28-45eb-a18a-7638f79c733e) > Note: Docker is not installed on the agents - GDPR Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/24796880-4d34-41cd-a7f8-1dbf2b4eb98c) - HIPAA Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/c8ebb6f1-c76b-432a-9e9f-92b96a6d94af) - TSC Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/3f18b30f-9cfa-4322-87a2-377101c56903)

Modules in ENV-2 :green_circle:

Check Activated Modules :green_circle:

![image](https://github.com/wazuh/wazuh/assets/11089305/a5405fd0-7442-4644-be92-a19191ddd61e) ![image](https://github.com/wazuh/wazuh/assets/11089305/d715aeb1-a472-4d88-a451-fc1bbc401091) ![image](https://github.com/wazuh/wazuh/assets/11089305/a9cb6e6a-37df-4bed-bb86-7f4631ce2da3)

Check Alerts from the Activated Modules :green_circle:

- AWS Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/4362459a-bd8e-470f-95e8-4d529eb7976d) - VirusTotal Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/d92ea016-5372-49bc-a375-16d0263bfc4f) > Reported in Reported in https://github.com/wazuh/wazuh-automation/issues/1369 - Docker Listener Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/27811a44-bd9a-4922-b7f8-21b6a0bf6b31) > [!NOTE] > Docker was manually installed in the Ubuntu agent. This should be included in the issue template - GDPR Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/2e80ae10-e9ab-4568-a014-01d326a84621) - HIPAA Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/5c05bd9c-b391-462e-8d41-e1fa22982c17) - TSC Module :green_circle: ![image](https://github.com/wazuh/wazuh/assets/11089305/aee9d3b6-29ce-4551-82eb-d01c83780ceb)

Rebits commented 4 months ago

Generate an Alert and Check it appears in Wazuh Dashboard 🟢

Attempt an Invalid SSH Login into Any Agent 🟢

```console $ ssh invalid-user@debian.wazuh.info invalid-user@debian.wazuh.info's password: Permission denied, please try again. invalid-user@debian.wazuh.info's password: Permission denied, please try again. invalid-user@debian.wazuh.info's password: invalid-user@debian.wazuh.info: Permission denied (publickey,password). ```

Check the Alert in Wazuh Dashboard 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/318b29ca-9902-495e-9dc5-3afe0715161f) ![image](https://github.com/wazuh/wazuh/assets/11089305/ae380df6-9aa1-440e-a791-d01141717858)

Rebits commented 4 months ago

Check the search engine works using * 🟢

Case 1: Using * 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/3369430c-966d-4d11-8e09-87d6ee5b92f7)

Case 2: Using aw* 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/51a29e7f-f7e6-4809-ac98-2d841accfd06)

Case 3: Using *squer* 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/c6dfc935-4b78-443e-a2ac-bcd1183bf8fe)

Case 4: Using *shd 🟢

![image](https://github.com/wazuh/wazuh/assets/11089305/163dd257-64e8-4bf5-ac58-d1ab82bcc4dd)

wazuh / wazuh

Release 4.8.0 - RC 3 - E2E UX tests - Demo environment #23701

End-to-End (E2E) Testing Guideline

Issue delivery and completion

Deployment requirements

Test description

Known issues

Conclusions :red_circle:

Feedback

Reviewers validation

Check Agent Logs :yellow_circle:

Check Dashboard Logs :red_circle:

Check Indexer Logs :yellow_circle:

Check Manager Logs :yellow_circle:

Check Wazuh Users and Processes :green_circle:

Agent

Dashboard

Indexer

Manager

Check the Status of the Indexer Cluster 🟢

Check Browser's Developer Console for Errors While Browsing the App :yellow_circle:

Check that there are Alerts for each of the Modules Configured :green_circle:

Modules in ENV-1

Modules in ENV-2 :green_circle:

Generate an Alert and Check it appears in Wazuh Dashboard 🟢

Check the search engine works using * 🟢