Release 4.9.0 - Beta 2 - Installation assistant

[davidcr01]

Installation assistant information

Main release candidate issue	https://github.com/wazuh/wazuh/issues/25126
Version	4.9.0
Release candidate	Beta 2
Tag	https://github.com/wazuh/wazuh/tree/v4.9.0-beta2
Previous Installation assistant	https://github.com/wazuh/wazuh/issues/25049

---

Description

• Test installation assistant with the -a option in the following OSs:
  • Amazon Linux 2023.
  • RHEL 9.
  • Ubuntu 22.04.
• Test installation assistant with the -dw option (Offline installation)

---

Checks

Status	OS	Check	Issues
:green_circle:	AL 2023	Installed packages
:green_circle:	AL 2023	Install logs
:yellow_circle:	AL 2023	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: wazuh/wazuh-indexer#71 - Known: opensearch-project/performance-analyzer#644 - Known: wazuh/wazuh-indexer#329 - Known: wazuh/wazuh-indexer#167
:yellow_circle:	AL 2023	Wazuh manager logs	Known: #21829
:green_circle:	AL 2023	Wazuh dashboard logs
:green_circle:	AL 2023	Wazuh dashboard
:green_circle:	RHEL 9	Installed packages
:green_circle:	RHEL 9	Install logs
:yellow_circle:	RHEL 9	Wazuh indexer logs	Known: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 - Known: https://github.com/wazuh/wazuh-indexer/issues/167 - Known: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 - Known: https://github.com/opensearch-project/performance-analyzer/issues/644 - Known: wazuh/wazuh-indexer#329 - Known: https://github.com/wazuh/wazuh-indexer/issues/71
:yellow_circle:	RHEL 9	Wazuh manager logs	Known: #21829
:green_circle:	RHEL 9	Wazuh dashboard logs
:green_circle:	RHEL 9	Wazuh dashboard
:green_circle:	Ubuntu 22.04	Installed packages
:green_circle:	Ubuntu 22.04	Install logs
:yellow_circle:	Ubuntu 22.04	Wazuh indexer logs	Known: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 - Known: https://github.com/wazuh/wazuh-indexer/issues/167 - Known: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923
:yellow_circle:	Ubuntu 22.04	Wazuh manager logs	Known: #21829
:green_circle:	Ubuntu 22.04	Wazuh dashboard logs
:green_circle:	Ubuntu 22.04	Wazuh dashboard
:green_circle:	AL 2023	Installed packages - Offline
:green_circle:	AL 2023	Install logs - Offline
:yellow_circle:	AL 2023	Wazuh indexer logs - Offline	Known: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 - Known: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 - Known: https://github.com/opensearch-project/performance-analyzer/issues/644 - Known: wazuh/wazuh-indexer#329 - Known: wazuh/wazuh-indexer#167 - Known: https://github.com/wazuh/wazuh-packages/issues/3056
:yellow_circle:	AL 2023	Wazuh manager logs - Offline	Known: #21829
:green_circle:	AL 2023	Wazuh dashboard logs - Offline
:green_circle:	AL 2023	Wazuh dashboard - Offline
:green_circle:	AL 2023 - v2	Installed packages - Offline
:red_circle:	AL 2023 - v2	Install logs - Offline	New: https://github.com/wazuh/wazuh-packages/issues/3072 New: https://github.com/wazuh/wazuh-documentation/issues/7670
:red_circle:	AL 2023 - v2	Wazuh indexer logs - Offline	Known: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 - Known: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 - Known: https://github.com/opensearch-project/performance-analyzer/issues/644 - Known: wazuh/wazuh-indexer#329 - Known: wazuh/wazuh-indexer#167 - Known: https://github.com/wazuh/wazuh-packages/issues/3056 - New: https://github.com/wazuh/wazuh-packages/issues/3072
:yellow_circle:	AL 2023 - v2	Wazuh manager logs - Offline	Known: #21829 - Known: https://github.com/wazuh/wazuh/issues/24300
:green_circle:	AL 2023 - v2	Wazuh dashboard logs - Offline
:green_circle:	AL 2023 - v2	Wazuh dashboard - Offline

---

Checks legend:

• Installed packages: the installed packages must match the ones specified in the documentation. If additional packages are installed by the installation assistant, the reason must be justified.
• Install logs: check that there are no errors in the WIA logs.
• Wazuh indexer logs: check that there are no errors in the indexer logs.
• Wazuh manager logs: check that there are no errors in the manager logs.
• Wazuh dashboard logs: check that there are no errors in the dashboard logs.

---

Status legend: :black_circle: - Pending/In progress :white_circle: - Skipped :red_circle: - Rejected :yellow_circle: - Known issue :green_circle: - Approved

---

Conclusion

Some issues were found and they were reported.

Auditor's validation

In order to close and proceed with the release or the next candidate version, the following auditors must give the black light to this RC.

• [x] @davidjiglesias
• [x] @teddytpc1

[CarlosALgit]

Environment

Amazon Linux 2023

[root@ip-172-31-37-24 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240805"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

Ubuntu 22

root@ip-172-31-40-250:/home/ubuntu# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

RHEL 9

[root@ip-172-31-38-175 ec2-user]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"

Amazon Linux 2023 - Offline

[root@ip-172-31-38-60 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240805"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

[CarlosALgit]

Install Logs

Amazon Linux 2023 :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-37-24 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 12/08/2024 09:52:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:52:06 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:52:06 INFO: Wazuh web interface port will be 443. 12/08/2024 09:52:07 INFO: Wazuh development repository added. 12/08/2024 09:52:07 INFO: --- Configuration files --- 12/08/2024 09:52:07 INFO: Generating configuration files. 12/08/2024 09:52:08 INFO: Generating the root certificate. 12/08/2024 09:52:08 INFO: Generating Admin certificates. 12/08/2024 09:52:10 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:52:10 INFO: Generating Filebeat certificates. 12/08/2024 09:52:11 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:52:12 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:52:12 INFO: --- Wazuh indexer --- 12/08/2024 09:52:12 INFO: Starting Wazuh indexer installation. 12/08/2024 09:53:18 INFO: Wazuh indexer installation finished. 12/08/2024 09:53:18 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:53:18 INFO: Starting service wazuh-indexer. 12/08/2024 09:53:44 INFO: wazuh-indexer service started. 12/08/2024 09:53:44 INFO: Initializing Wazuh indexer cluster security settings. 12/08/2024 09:53:52 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:53:52 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:53:52 INFO: --- Wazuh server --- 12/08/2024 09:53:52 INFO: Starting the Wazuh manager installation. 12/08/2024 09:55:13 INFO: Wazuh manager installation finished. 12/08/2024 09:55:13 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:55:13 INFO: Starting service wazuh-manager. 12/08/2024 09:55:32 INFO: wazuh-manager service started. 12/08/2024 09:55:32 INFO: Starting Filebeat installation. 12/08/2024 09:55:51 INFO: Filebeat installation finished. 12/08/2024 09:55:52 INFO: Filebeat post-install configuration finished. 12/08/2024 09:55:52 INFO: Starting service filebeat. 12/08/2024 09:55:53 INFO: filebeat service started. 12/08/2024 09:55:53 INFO: --- Wazuh dashboard --- 12/08/2024 09:55:53 INFO: Starting Wazuh dashboard installation. 12/08/2024 09:58:18 INFO: Wazuh dashboard installation finished. 12/08/2024 09:58:18 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 09:58:18 INFO: Starting service wazuh-dashboard. 12/08/2024 09:58:19 INFO: wazuh-dashboard service started. 12/08/2024 09:58:19 INFO: Updating the internal users. 12/08/2024 09:58:28 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/08/2024 09:58:46 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 09:59:30 INFO: Initializing Wazuh dashboard web application. 12/08/2024 09:59:31 INFO: Wazuh dashboard web application initialized. 12/08/2024 09:59:31 INFO: --- Summary --- 12/08/2024 09:59:31 INFO: You can access the web interface https://:443 User: admin Password: ZZBvLm55pdgWubUW5q5n.an13dO+MwJ? 12/08/2024 09:59:31 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession [root@ip-172-31-37-24 ec2-user]# cat /var/log/wazuh-install.log 12/08/2024 09:52:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:52:06 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:52:06 INFO: Wazuh web interface port will be 443. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/08/2024 09:52:07 INFO: Wazuh development repository added. 12/08/2024 09:52:07 INFO: --- Configuration files --- 12/08/2024 09:52:07 INFO: Generating configuration files. 12/08/2024 09:52:08 INFO: Generating the root certificate. 12/08/2024 09:52:08 INFO: Generating Admin certificates. 12/08/2024 09:52:10 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:52:10 INFO: Generating Filebeat certificates. 12/08/2024 09:52:11 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:52:12 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:52:12 INFO: --- Wazuh indexer --- 12/08/2024 09:52:12 INFO: Starting Wazuh indexer installation. EL-2023.5.20240805 - Wazuh 25 MB/s | 28 MB 00:01 Last metadata expiration check: 0:00:12 ago on Mon Aug 12 09:52:13 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.0-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.0-1.x86_64.rpm 35 MB/s | 813 MB 00:22 -------------------------------------------------------------------------------- Total 35 MB/s | 813 MB 00:22 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 Installing : wazuh-indexer-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1 Installed: wazuh-indexer-4.9.0-1.x86_64 Complete! 12/08/2024 09:53:18 INFO: Wazuh indexer installation finished. 12/08/2024 09:53:18 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:53:18 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/08/2024 09:53:44 INFO: wazuh-indexer service started. 12/08/2024 09:53:44 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/08/2024 09:53:52 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:53:52 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:53:52 INFO: --- Wazuh server --- 12/08/2024 09:53:52 INFO: Starting the Wazuh manager installation. Last metadata expiration check: 0:01:40 ago on Mon Aug 12 09:52:13 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.0-1 wazuh 304 M Transaction Summary ================================================================================ Install 1 Package Total download size: 304 M Installed size: 857 M Downloading Packages: wazuh-manager-4.9.0-1.x86_64.rpm 83 MB/s | 304 MB 00:03 -------------------------------------------------------------------------------- Total 83 MB/s | 304 MB 00:03 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Installing : wazuh-manager-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Verifying : wazuh-manager-4.9.0-1.x86_64 1/1 Installed: wazuh-manager-4.9.0-1.x86_64 Complete! 12/08/2024 09:55:13 INFO: Wazuh manager installation finished. 12/08/2024 09:55:13 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:55:13 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/08/2024 09:55:32 INFO: wazuh-manager service started. 12/08/2024 09:55:32 INFO: Starting Filebeat installation. Last metadata expiration check: 0:03:20 ago on Mon Aug 12 09:52:13 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 16 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 16 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat-7.10.2-1.x86_64 Complete! 12/08/2024 09:55:51 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/08/2024 09:55:52 INFO: Filebeat post-install configuration finished. 12/08/2024 09:55:52 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/08/2024 09:55:53 INFO: filebeat service started. 12/08/2024 09:55:53 INFO: --- Wazuh dashboard --- 12/08/2024 09:55:53 INFO: Starting Wazuh dashboard installation. Last metadata expiration check: 0:03:42 ago on Mon Aug 12 09:52:13 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.0-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.0-1.x86_64.rpm 57 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 57 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1 Installed: wazuh-dashboard-4.9.0-1.x86_64 Complete! 12/08/2024 09:58:18 INFO: Wazuh dashboard installation finished. 12/08/2024 09:58:18 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 09:58:18 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/08/2024 09:58:19 INFO: wazuh-dashboard service started. 12/08/2024 09:58:19 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/08/2024 09:58:28 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/08/2024 09:58:46 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/08/2024 09:59:30 INFO: Initializing Wazuh dashboard web application. 12/08/2024 09:59:31 INFO: Wazuh dashboard web application initialized. 12/08/2024 09:59:31 INFO: Installation finished. ```

Ubuntu 22 :green_circle:

Logs on the console:

```shellsession root@ip-172-31-40-250:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 12/08/2024 09:52:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:52:37 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:52:43 INFO: Wazuh web interface port will be 443. 12/08/2024 09:52:52 INFO: --- Dependencies ---- 12/08/2024 09:52:52 INFO: Installing apt-transport-https. 12/08/2024 09:53:02 INFO: Installing debhelper. 12/08/2024 09:53:49 INFO: Wazuh development repository added. 12/08/2024 09:53:49 INFO: --- Configuration files --- 12/08/2024 09:53:49 INFO: Generating configuration files. 12/08/2024 09:53:50 INFO: Generating the root certificate. 12/08/2024 09:53:50 INFO: Generating Admin certificates. 12/08/2024 09:53:51 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:53:51 INFO: Generating Filebeat certificates. 12/08/2024 09:53:52 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:53:53 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:53:53 INFO: --- Wazuh indexer --- 12/08/2024 09:53:53 INFO: Starting Wazuh indexer installation. 12/08/2024 09:54:53 INFO: Wazuh indexer installation finished. 12/08/2024 09:54:53 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:54:53 INFO: Starting service wazuh-indexer. 12/08/2024 09:55:16 INFO: wazuh-indexer service started. 12/08/2024 09:55:16 INFO: Initializing Wazuh indexer cluster security settings. 12/08/2024 09:55:24 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:55:24 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:55:24 INFO: --- Wazuh server --- 12/08/2024 09:55:24 INFO: Starting the Wazuh manager installation. 12/08/2024 09:57:07 INFO: Wazuh manager installation finished. 12/08/2024 09:57:07 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:57:07 INFO: Starting service wazuh-manager. 12/08/2024 09:57:30 INFO: wazuh-manager service started. 12/08/2024 09:57:30 INFO: Starting Filebeat installation. 12/08/2024 09:57:52 INFO: Filebeat installation finished. 12/08/2024 09:57:54 INFO: Filebeat post-install configuration finished. 12/08/2024 09:57:54 INFO: Starting service filebeat. 12/08/2024 09:57:56 INFO: filebeat service started. 12/08/2024 09:57:56 INFO: --- Wazuh dashboard --- 12/08/2024 09:57:56 INFO: Starting Wazuh dashboard installation. 12/08/2024 10:00:55 INFO: Wazuh dashboard installation finished. 12/08/2024 10:00:55 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 10:00:55 INFO: Starting service wazuh-dashboard. 12/08/2024 10:00:55 INFO: wazuh-dashboard service started. 12/08/2024 10:00:58 INFO: Updating the internal users. 12/08/2024 10:01:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/08/2024 10:01:22 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 10:02:02 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:02:03 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:02:03 INFO: --- Summary --- 12/08/2024 10:02:03 INFO: You can access the web interface https://:443 User: admin Password: 2c2zLxX+MFBGTPU9UjomXVDkJeXon9dw 12/08/2024 10:02:03 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession root@ip-172-31-40-250:/home/ubuntu# cat /var/log/wazuh-install.log 12/08/2024 09:52:14 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:14 INFO: Verbose logging redirected to /var/log/wazuh-install.log Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB] Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB] Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1712 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB] Get:8 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [283 kB] Get:9 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13.1 kB] Get:10 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2226 kB] Get:11 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [383 kB] Get:12 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [572 B] Get:13 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [888 kB] Get:14 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [174 kB] Get:15 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19.0 kB] Get:16 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB] Get:17 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B] Get:18 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [228 B] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1941 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [343 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [17.7 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2314 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [397 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [604 B] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1110 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [259 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [25.9 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [444 B] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.0 kB] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [672 B] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B] Fetched 33.1 MB in 5s (6112 kB/s) Reading package lists... 12/08/2024 09:52:37 INFO: Verifying that your system meets the recommended minimum hardware requirements. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 12/08/2024 09:52:43 INFO: Wazuh web interface port will be 443. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 12/08/2024 09:52:52 INFO: --- Dependencies ---- 12/08/2024 09:52:52 INFO: Installing apt-transport-https. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 205 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.12 [1510 B] Fetched 1510 B in 0s (109 kB/s) Selecting previously unselected p NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 12/08/2024 09:53:02 INFO: Installing debhelper. Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 201 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-118.128 [1342 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.9 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 kB] Preconfiguri NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [39.6 kB] Fetched 56.9 kB in 1s (48.4 kB/s) Reading package lists... 12/08/2024 09:53:49 INFO: Wazuh development repository added. 12/08/2024 09:53:49 INFO: --- Configuration files --- 12/08/2024 09:53:49 INFO: Generating configuration files. 12/08/2024 09:53:50 INFO: Generating the root certificate. 12/08/2024 09:53:50 INFO: Generating Admin certificates. 12/08/2024 09:53:51 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:53:51 INFO: Generating Filebeat certificates. 12/08/2024 09:53:52 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:53:53 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:53:53 INFO: --- Wazuh indexer --- 12/08/2024 09:53:53 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 201 not upgraded. Need to get 850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.9.0-1 [850 MB] Fetched 850 MB in 30s (28.2 MB/s) Selecting previously unselected package wazuh-in ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automa NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 12/08/2024 09:54:53 INFO: Wazuh indexer installation finished. 12/08/2024 09:54:53 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:54:53 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 12/08/2024 09:55:16 INFO: wazuh-indexer service started. 12/08/2024 09:55:16 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/08/2024 09:55:24 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:55:24 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:55:24 INFO: --- Wazuh server --- 12/08/2024 09:55:24 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 201 not upgraded. Need to get 322 MB of archives. After this operation, 891 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.9.0-1 [322 MB] Fetched 322 MB in 8s (38.8 MB/s) Selecting previously un NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 12/08/2024 09:57:07 INFO: Wazuh manager installation finished. 12/08/2024 09:57:07 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:57:07 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 12/08/2024 09:57:30 INFO: wazuh-manager service started. 12/08/2024 09:57:30 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 201 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd6 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 12/08/2024 09:57:52 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/08/2024 09:57:54 INFO: Filebeat post-install configuration finished. 12/08/2024 09:57:54 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 12/08/2024 09:57:56 INFO: filebeat service started. 12/08/2024 09:57:56 INFO: --- Wazuh dashboard --- 12/08/2024 09:57:56 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 201 not upgraded. Need to get 166 MB of archives. After this operation, 935 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.9.0-1 [166 MB] Fetched 166 MB in 7s (23.9 MB/s) Selecting previously unselected package wazuh- NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 12/08/2024 10:00:55 INFO: Wazuh dashboard installation finished. 12/08/2024 10:00:55 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 10:00:55 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/08/2024 10:00:55 INFO: wazuh-dashboard service started. 12/08/2024 10:00:58 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/08/2024 10:01:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/08/2024 10:01:22 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/08/2024 10:02:02 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:02:03 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:02:03 INFO: Installation finished. ```

RHEL 9 :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-38-175 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 12/08/2024 09:52:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:52:20 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:52:22 INFO: Wazuh web interface port will be 443. 12/08/2024 09:52:22 INFO: --- Dependencies --- 12/08/2024 09:52:22 INFO: Installing lsof. 12/08/2024 09:52:50 INFO: Wazuh development repository added. 12/08/2024 09:52:50 INFO: --- Configuration files --- 12/08/2024 09:52:50 INFO: Generating configuration files. 12/08/2024 09:52:50 INFO: Generating the root certificate. 12/08/2024 09:52:51 INFO: Generating Admin certificates. 12/08/2024 09:52:52 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:52:52 INFO: Generating Filebeat certificates. 12/08/2024 09:52:53 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:52:54 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:52:54 INFO: --- Wazuh indexer --- 12/08/2024 09:52:54 INFO: Starting Wazuh indexer installation. 12/08/2024 09:54:10 INFO: Wazuh indexer installation finished. 12/08/2024 09:54:10 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:54:10 INFO: Starting service wazuh-indexer. 12/08/2024 09:54:35 INFO: wazuh-indexer service started. 12/08/2024 09:54:35 INFO: Initializing Wazuh indexer cluster security settings. 12/08/2024 09:54:45 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:54:45 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:54:45 INFO: --- Wazuh server --- 12/08/2024 09:54:45 INFO: Starting the Wazuh manager installation. 12/08/2024 09:56:06 INFO: Wazuh manager installation finished. 12/08/2024 09:56:06 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:56:06 INFO: Starting service wazuh-manager. 12/08/2024 09:56:26 INFO: wazuh-manager service started. 12/08/2024 09:56:26 INFO: Starting Filebeat installation. 12/08/2024 09:57:04 INFO: Filebeat installation finished. 12/08/2024 09:57:06 INFO: Filebeat post-install configuration finished. 12/08/2024 09:57:06 INFO: Starting service filebeat. 12/08/2024 09:57:07 INFO: filebeat service started. 12/08/2024 09:57:07 INFO: --- Wazuh dashboard --- 12/08/2024 09:57:07 INFO: Starting Wazuh dashboard installation. 12/08/2024 09:59:35 INFO: Wazuh dashboard installation finished. 12/08/2024 09:59:35 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 09:59:35 INFO: Starting service wazuh-dashboard. 12/08/2024 09:59:36 INFO: wazuh-dashboard service started. 12/08/2024 09:59:36 INFO: Updating the internal users. 12/08/2024 09:59:45 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/08/2024 10:00:03 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 10:00:46 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:00:46 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:00:46 INFO: --- Summary --- 12/08/2024 10:00:46 INFO: You can access the web interface https://:443 User: admin Password: RDSAfTL7IpD2sMZuDDbYM*92TtsyqVKC 12/08/2024 10:00:46 INFO: --- Dependencies --- 12/08/2024 10:00:46 INFO: Removing lsof. 12/08/2024 10:00:48 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession [root@ip-172-31-38-175 ec2-user]# cat /var/log/wazuh-install.log 12/08/2024 09:52:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 25 files removed 12/08/2024 09:52:20 INFO: Verifying that your system meets the recommended minimum hardware requirements. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 0 files removed 12/08/2024 09:52:22 INFO: Wazuh web interface port will be 443. 12/08/2024 09:52:22 INFO: --- Dependencies --- 12/08/2024 09:52:22 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 34 MB/s | 38 MB 00:01 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 24 MB/s | 28 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 27 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.6 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 3.6 MB/s | 241 kB 00:00 -------------------------------------------------------------------------------- Total 3.4 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 34 MB/s | 38 MB 00:01 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 24 MB/s | 28 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 27 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.6 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 3.6 MB/s | 241 kB 00:00 -------------------------------------------------------------------------------- Total 3.4 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/08/2024 09:52:50 INFO: Wazuh development repository added. 12/08/2024 09:52:50 INFO: --- Configuration files --- 12/08/2024 09:52:50 INFO: Generating configuration files. 12/08/2024 09:52:50 INFO: Generating the root certificate. 12/08/2024 09:52:51 INFO: Generating Admin certificates. 12/08/2024 09:52:52 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:52:52 INFO: Generating Filebeat certificates. 12/08/2024 09:52:53 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:52:54 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/08/2024 09:52:54 INFO: --- Wazuh indexer --- 12/08/2024 09:52:54 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 38 MB/s | 28 MB 00:00 Last metadata expiration check: 0:00:10 ago on Mon 12 Aug 2024 09:52:56 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.0-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.0-1.x86_64.rpm 41 MB/s | 813 MB 00:19 -------------------------------------------------------------------------------- Total 41 MB/s | 813 MB 00:19 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 Installing : wazuh-indexer-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.9.0-1.x86_64 Complete! 12/08/2024 09:54:10 INFO: Wazuh indexer installation finished. 12/08/2024 09:54:10 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 09:54:10 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/08/2024 09:54:35 INFO: wazuh-indexer service started. 12/08/2024 09:54:35 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success 12/08/2024 09:54:45 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 09:54:45 INFO: Wazuh indexer cluster initialized. 12/08/2024 09:54:45 INFO: --- Wazuh server --- 12/08/2024 09:54:45 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:50 ago on Mon 12 Aug 2024 09:52:56 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.0-1 wazuh 304 M Transaction Summary ================================================================================ Install 1 Package Total download size: 304 M Installed size: 857 M Downloading Packages: wazuh-manager-4.9.0-1.x86_64.rpm 94 MB/s | 304 MB 00:03 -------------------------------------------------------------------------------- Total 94 MB/s | 304 MB 00:03 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Installing : wazuh-manager-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.0-1.x86_64 1/1 Verifying : wazuh-manager-4.9.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.9.0-1.x86_64 Complete! 12/08/2024 09:56:06 INFO: Wazuh manager installation finished. 12/08/2024 09:56:06 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 09:56:06 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/08/2024 09:56:26 INFO: wazuh-manager service started. 12/08/2024 09:56:26 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:31 ago on Mon 12 Aug 2024 09:52:56 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 35 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 35 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 12/08/2024 09:57:04 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/_meta/config.yml wazuh/alerts/ wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/module.yml wazuh/archives/ wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/08/2024 09:57:06 INFO: Filebeat post-install configuration finished. 12/08/2024 09:57:06 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/08/2024 09:57:07 INFO: filebeat service started. 12/08/2024 09:57:07 INFO: --- Wazuh dashboard --- 12/08/2024 09:57:07 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:04:16 ago on Mon 12 Aug 2024 09:52:56 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.0-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.0-1.x86_64.rpm 54 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 54 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.9.0-1.x86_64 Complete! 12/08/2024 09:59:35 INFO: Wazuh dashboard installation finished. 12/08/2024 09:59:35 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 09:59:35 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/08/2024 09:59:36 INFO: wazuh-dashboard service started. 12/08/2024 09:59:36 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/08/2024 09:59:45 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/08/2024 10:00:03 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.13.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/08/2024 10:00:46 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:00:46 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:00:46 INFO: --- Dependencies --- 12/08/2024 10:00:46 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @rhel-9-baseos-rhui-rpms 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/08/2024 10:00:48 INFO: Installation finished. ```

Amazon Linux 2023 - Offline :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-38-60 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh [root@ip-172-31-38-60 ec2-user]# chmod 744 wazuh-install.sh [root@ip-172-31-38-60 ec2-user]# ./wazuh-install.sh -dw rpm 12/08/2024 09:52:49 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:52:49 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:52:49 INFO: --- Dependencies --- 12/08/2024 09:52:49 INFO: Installing curl. 12/08/2024 09:52:50 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:52:50 INFO: --- Dependencies --- 12/08/2024 09:52:50 INFO: Installing curl. 12/08/2024 09:52:51 INFO: --- Download Packages --- 12/08/2024 09:52:51 INFO: Starting Wazuh packages download. 12/08/2024 09:52:51 INFO: Downloading Wazuh rpm packages for x86_64. 12/08/2024 09:52:59 INFO: The manager package was downloaded. 12/08/2024 09:53:01 INFO: The filebeat package was downloaded. 12/08/2024 09:53:15 INFO: The indexer package was downloaded. 12/08/2024 09:53:21 INFO: The dashboard package was downloaded. 12/08/2024 09:53:21 INFO: The packages are in wazuh-offline/wazuh-packages 12/08/2024 09:53:21 INFO: Downloading configuration files and assets. 12/08/2024 09:53:21 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded. 12/08/2024 09:53:22 INFO: The resource https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded. 12/08/2024 09:53:22 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.9.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded. 12/08/2024 09:53:22 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded. 12/08/2024 09:53:22 INFO: The configuration files and assets are in wazuh-offline.tar.gz 12/08/2024 09:54:28 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html [root@ip-172-31-38-60 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml [root@ip-172-31-38-60 ec2-user]# nano config.yml [root@ip-172-31-38-60 ec2-user]# ./wazuh-install.sh -g 12/08/2024 09:58:50 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 09:58:50 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 09:58:51 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 09:58:51 INFO: --- Configuration files --- 12/08/2024 09:58:51 INFO: Generating configuration files. 12/08/2024 09:58:51 INFO: Generating the root certificate. 12/08/2024 09:58:52 INFO: Generating Admin certificates. 12/08/2024 09:58:52 INFO: Generating Wazuh indexer certificates. 12/08/2024 09:58:53 INFO: Generating Filebeat certificates. 12/08/2024 09:58:53 INFO: Generating Wazuh dashboard certificates. 12/08/2024 09:58:54 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. [root@ip-172-31-38-60 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1 12/08/2024 10:00:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 10:00:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 10:00:27 INFO: Checking installed dependencies for Offline installation. 12/08/2024 10:00:29 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 10:00:29 INFO: Checking wazuh-offline.tar.gz file. 12/08/2024 10:00:42 INFO: --- Wazuh indexer --- 12/08/2024 10:00:42 INFO: Starting Wazuh indexer installation. 12/08/2024 10:01:06 INFO: Wazuh indexer installation finished. 12/08/2024 10:01:06 INFO: Wazuh indexer post-install configuration finished. 12/08/2024 10:01:06 INFO: Starting service wazuh-indexer. 12/08/2024 10:01:35 INFO: wazuh-indexer service started. 12/08/2024 10:01:35 INFO: Initializing Wazuh indexer cluster security settings. 12/08/2024 10:01:36 INFO: Wazuh indexer cluster initialized. 12/08/2024 10:01:36 INFO: Installation finished. [root@ip-172-31-38-60 ec2-user]# bash wazuh-install.sh --start-cluster 12/08/2024 10:02:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 10:02:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 10:02:06 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 10:02:14 INFO: Wazuh indexer cluster security configuration initialized. 12/08/2024 10:02:45 INFO: Updating the internal users. 12/08/2024 10:02:51 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/08/2024 10:03:10 INFO: Wazuh indexer cluster started. [root@ip-172-31-38-60 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: 'sd9hP2lQSt8+C3zeN5*0W?.YOU0Dz9M3' [root@ip-172-31-38-60 ec2-user]# curl -k -u admin:sd9hP2lQSt8+C3zeN5*0W?.YOU0Dz9M3 https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "ZAZ-D2NeSRi7nHanQZZUuw", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "521f27c3793bc1d0d250a81a237dce08b28d0ffc", "build_date" : "2024-08-09T09:30:38.857412Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@ip-172-31-38-60 ec2-user]# curl -k -u admin:sd9hP2lQSt8+C3zeN5*0W?.YOU0Dz9M3 https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 13 71 4 0.00 0.02 0.07 dimr data,ingest,master,remote_cluster_client * node-1 [root@ip-172-31-38-60 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 12/08/2024 10:21:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 10:21:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 10:21:31 INFO: Checking installed dependencies for Offline installation. 12/08/2024 10:21:33 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 10:21:34 INFO: Checking wazuh-offline.tar.gz file. 12/08/2024 10:21:34 INFO: --- Wazuh server --- 12/08/2024 10:21:34 INFO: Starting the Wazuh manager installation. 12/08/2024 10:22:43 INFO: Wazuh manager installation finished. 12/08/2024 10:22:43 INFO: Wazuh manager vulnerability detection configuration finished. 12/08/2024 10:22:43 INFO: Starting service wazuh-manager. 12/08/2024 10:23:01 INFO: wazuh-manager service started. 12/08/2024 10:23:01 INFO: Starting Filebeat installation. 12/08/2024 10:23:12 INFO: Filebeat installation finished. 12/08/2024 10:23:13 INFO: Filebeat post-install configuration finished. 12/08/2024 10:23:15 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 10:23:42 INFO: Starting service filebeat. 12/08/2024 10:23:43 INFO: filebeat service started. 12/08/2024 10:23:43 INFO: Installation finished. [root@ip-172-31-38-60 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard 12/08/2024 10:24:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 10:24:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 10:24:11 INFO: Checking installed dependencies for Offline installation. 12/08/2024 10:24:15 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 10:24:15 INFO: Wazuh web interface port will be 443. 12/08/2024 10:24:15 INFO: Checking wazuh-offline.tar.gz file. 12/08/2024 10:24:16 INFO: --- Wazuh dashboard ---- 12/08/2024 10:24:16 INFO: Starting Wazuh dashboard installation. 12/08/2024 10:26:25 INFO: Wazuh dashboard installation finished. 12/08/2024 10:26:25 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 10:26:25 INFO: Starting service wazuh-dashboard. 12/08/2024 10:26:26 INFO: wazuh-dashboard service started. 12/08/2024 10:26:27 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 10:27:14 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:27:15 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:27:15 INFO: --- Summary --- 12/08/2024 10:27:15 INFO: You can access the web interface https://:443 User: admin Password: sd9hP2lQSt8+C3zeN5*0W?.YOU0Dz9M3 12/08/2024 10:27:15 INFO: Installation finished. ```

Logs in wazuh-install.log

```shellsession [root@ip-172-31-38-60 ec2-user]# cat /var/log/wazuh-install.log 12/08/2024 10:24:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 12/08/2024 10:24:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/08/2024 10:24:11 INFO: Checking installed dependencies for Offline installation. 12/08/2024 10:24:15 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/08/2024 10:24:15 INFO: Wazuh web interface port will be 443. 12/08/2024 10:24:15 INFO: Checking wazuh-offline.tar.gz file. 12/08/2024 10:24:16 INFO: --- Wazuh dashboard ---- 12/08/2024 10:24:16 INFO: Starting Wazuh dashboard installation. warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.9.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.9.0-1 ######################################## 12/08/2024 10:26:25 INFO: Wazuh dashboard installation finished. 12/08/2024 10:26:25 INFO: Wazuh dashboard post-install configuration finished. 12/08/2024 10:26:25 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/08/2024 10:26:26 INFO: wazuh-dashboard service started. Successfully updated the keystore Successfully updated the keystore 12/08/2024 10:26:27 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/08/2024 10:27:14 INFO: Initializing Wazuh dashboard web application. 12/08/2024 10:27:15 INFO: Wazuh dashboard web application initialized. 12/08/2024 10:27:15 INFO: Installation finished. ```

[CarlosALgit]

Installed packages :green_circle:

Amazon Linux 2023 :green_circle:

[root@ip-172-31-37-24 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.0-1.x86_64                Mon Aug 12 09:58:13 2024
filebeat-7.10.2-1.x86_64                      Mon Aug 12 09:55:36 2024
wazuh-manager-4.9.0-1.x86_64                  Mon Aug 12 09:54:40 2024
wazuh-indexer-4.9.0-1.x86_64                  Mon Aug 12 09:53:12 2024
gpg-pubkey-29111145-591cd381                  Mon Aug 12 09:52:07 2024

The gpg package is installed as part of the dependencies of the Installation Assistant. It's used to import the Wazuh GPG keys.

Ubuntu 22 :green_circle:

root@ip-172-31-40-250:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-08-12 09:54:25 install wazuh-indexer:amd64 <none> 4.9.0-1
2024-08-12 09:55:34 install wazuh-manager:amd64 <none> 4.9.0-1
2024-08-12 09:57:34 install filebeat:amd64 <none> 7.10.2
2024-08-12 09:58:06 install wazuh-dashboard:amd64 <none> 4.9.0-1

RHEL 9 :green_circle:

[root@ip-172-31-38-175 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.0-1.x86_64                Mon 12 Aug 2024 09:59:25 AM UTC
filebeat-7.10.2-1.x86_64                      Mon 12 Aug 2024 09:56:30 AM UTC
wazuh-manager-4.9.0-1.x86_64                  Mon 12 Aug 2024 09:55:35 AM UTC
wazuh-indexer-4.9.0-1.x86_64                  Mon 12 Aug 2024 09:53:54 AM UTC
gpg-pubkey-29111145-591cd381                  Mon 12 Aug 2024 09:52:50 AM UTC

The gpg package is installed as part of the dependencies of the Installation Assistant. It's used to import the Wazuh GPG keys.

Amazon Linux 2023 - Offline :green_circle:

[root@ip-172-31-38-60 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.0-1.x86_64                Mon Aug 12 10:26:20 2024
filebeat-7.10.2-1.x86_64                      Mon Aug 12 10:23:03 2024
wazuh-manager-4.9.0-1.x86_64                  Mon Aug 12 10:22:12 2024
wazuh-indexer-4.9.0-1.x86_64                  Mon Aug 12 10:00:58 2024

[CarlosALgit]

Wazuh Indexer logs :yellow_circle:

Amazon Linux 2023 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-37-24 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 09:53:44 UTC; 54min ago Docs: https://documentation.wazuh.com Main PID: 3968 (java) Tasks: 74 (limit: 9373) Memory: 1.3G CPU: 2min 15.930s CGroup: /system.slice/wazuh-indexer.service └─3968 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch> Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager has been called b> Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: Please consider reporting this to the mainta> Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager will be removed i> Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: Aug 12, 2024 9:53:24 AM sun.util.locale.provider.Loca> Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: COMPAT locale provider will be removed in a > Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: A terminally deprecated method in java.lang.> Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager has been called b> Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: Please consider reporting this to the mainta> Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager will be removed i> Aug 12 09:53:44 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-37-24 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Aug 12 09:53:19 ip-172-31-37-24.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 3030. Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Aug 12 09:53:22 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: Aug 12, 2024 9:53:24 AM sun.util.locale.provider.LocaleProviderAdapter Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: COMPAT locale provider will be removed in a future release Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Aug 12 09:53:24 ip-172-31-37-24.ec2.internal systemd-entrypoint[3968]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:53:44 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 3030. ```

Errors

:yellow_circle: `Normal errors of uninitialized indexes.` Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 :yellow_circle: `Failure no such index.` Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 `Fail to read queue capacity via reflection` Related: https://github.com/wazuh/wazuh-indexer/issues/71 🟡 `Json Mapping Error: Cannot invoke "java.lang.Long.longValue()` Related: https://github.com/opensearch-project/performance-analyzer/issues/644 Related: https://github.com/wazuh/wazuh-indexer/issues/329 🟡 `Authentication finally failed for admin` Related: https://github.com/wazuh/wazuh-indexer/issues/167 ```shellsession [root@ip-172-31-37-24 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-08-12T09:53:24,993][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-08-12T09:53:35,264][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-08-12T09:53:37,612][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-08-12T09:53:37,659][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-08-12T09:53:37,661][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-08-12T09:53:39,240][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-08-12T09:53:40,246][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:53:40,250][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:53:40,250][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:53:40,251][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:53:40,251][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:53:41,591][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-08-12T09:53:44,183][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-08-12T09:53:44,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:53:44,295][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:53:44,295][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:53:44,296][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:53:44,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:53:44,657][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T09:53:45,365][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:53:50,253][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:53:52,800][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-08-12T09:53:55,266][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:00,264][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:05,266][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:10,276][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:15,259][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:59:00,430][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:59:05,429][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:59:08,844][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:57396 [2024-08-12T09:59:09,345][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:57410 [2024-08-12T09:59:10,430][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:59:11,098][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:57396 [2024-08-12T09:59:12,009][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:57420 [2024-08-12T10:49:50,930][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:49:55,933][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:50:00,932][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) ```

Ubuntu 22 :yellow_circle:

Agent status

```shellsession root@ip-172-31-40-250:/home/ubuntu# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-08-12 09:55:16 UTC; 1h 0min ago Docs: https://documentation.wazuh.com Main PID: 5890 (java) Tasks: 69 (limit: 9425) Memory: 1.3G CPU: 1min 43.733s CGroup: /system.slice/wazuh-indexer.service └─5890 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch> Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager has been called by org.opense> Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: Please consider reporting this to the maintainers of org> Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager will be removed in a future r> Aug 12 09:54:58 ip-172-31-40-250 systemd-entrypoint[5890]: Aug 12, 2024 9:54:58 AM sun.util.locale.provider.LocaleProviderAd> Aug 12 09:54:58 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: COMPAT locale provider will be removed in a future relea> Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: A terminally deprecated method in java.lang.System has b> Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager has been called by org.opense> Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: Please consider reporting this to the maintainers of org> Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager will be removed in a future r> Aug 12 09:55:16 ip-172-31-40-250 systemd[1]: Started wazuh-indexer. ```

Service status

```shellsession root@ip-172-31-40-250:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager Aug 12 09:54:54 ip-172-31-40-250 systemd[1]: Starting wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 2808. Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Aug 12 09:54:57 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:54:58 ip-172-31-40-250 systemd-entrypoint[5890]: Aug 12, 2024 9:54:58 AM sun.util.locale.provider.LocaleProviderAdapter Aug 12 09:54:58 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: COMPAT locale provider will be removed in a future release Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Aug 12 09:54:59 ip-172-31-40-250 systemd-entrypoint[5890]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:55:16 ip-172-31-40-250 systemd[1]: Started wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 2808. ```

Errors

:yellow_circle: `Normal errors of uninitialized indexes.` Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 :yellow_circle: `Failure no such index.` Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 `Authentication finally failed for admin` Related: https://github.com/wazuh/wazuh-indexer/issues/167 ```shellsession root@ip-172-31-40-250:/home/ubuntu# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-08-12T09:54:59,422][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true] [2024-08-12T09:55:10,988][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-08-12T09:55:11,029][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-08-12T09:55:11,031][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-08-12T09:55:12,552][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-08-12T09:55:14,587][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-08-12T09:55:16,894][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-08-12T09:55:16,976][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,977][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,977][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,977][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,977][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,991][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,991][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,992][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,993][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:16,993][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:55:17,274][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T09:55:24,356][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-08-12T10:01:42,584][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:38028 [2024-08-12T10:01:44,087][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:51884 [2024-08-12T10:01:45,190][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:51890 [2024-08-12T10:01:46,013][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:51884 [2024-08-12T10:01:49,685][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:51910 [2024-08-12T10:01:49,726][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:51884 ```

RHEL 9 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-38-175 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 09:54:35 UTC; 1h 9min ago Docs: https://documentation.wazuh.com Main PID: 14927 (java) Tasks: 73 (limit: 48194) Memory: 1.3G CPU: 2min 24.469s CGroup: /system.slice/wazuh-indexer.service └─14927 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearc> Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager has been called> Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: Please consider reporting this to the main> Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager will be removed> Aug 12 09:54:14 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: Aug 12, 2024 9:54:14 AM sun.util.locale.provider.Lo> Aug 12 09:54:14 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: COMPAT locale provider will be removed in > Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: A terminally deprecated method in java.lan> Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager has been called> Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: Please consider reporting this to the main> Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager will be removed> Aug 12 09:54:35 ip-172-31-38-175.ec2.internal systemd[1]: Started wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-38-175 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Aug 12 09:54:11 ip-172-31-38-175.ec2.internal systemd[1]: Starting wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 2902. Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Aug 12 09:54:13 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:54:14 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: Aug 12, 2024 9:54:14 AM sun.util.locale.provider.LocaleProviderAdapter Aug 12 09:54:14 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: COMPAT locale provider will be removed in a future release Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Aug 12 09:54:15 ip-172-31-38-175.ec2.internal systemd-entrypoint[14927]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 09:54:35 ip-172-31-38-175.ec2.internal systemd[1]: Started wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 2902. ```

Errors

🟡 `Normal errors of uninitialized indexes.` Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 `Failure no such index.` Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 `Fail to read queue capacity via reflection` Related: https://github.com/wazuh/wazuh-indexer/issues/71 🟡 `Json Mapping Error: Cannot invoke "java.lang.Long.longValue()` Related: https://github.com/opensearch-project/performance-analyzer/issues/644 Related: https://github.com/wazuh/wazuh-indexer/issues/329 🟡 `Authentication finally failed for admin` Related: https://github.com/wazuh/wazuh-indexer/issues/167 ```shellsession [root@ip-172-31-38-175 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-08-12T09:54:15,914][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-08-12T09:54:26,466][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-08-12T09:54:28,731][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-08-12T09:54:28,784][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-08-12T09:54:28,786][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-08-12T09:54:30,529][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-08-12T09:54:31,480][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,487][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,487][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,497][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,497][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,498][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,498][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,498][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,499][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,499][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,499][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,500][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,500][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,509][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:31,510][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-08-12T09:54:32,902][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-08-12T09:54:35,322][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-08-12T09:54:35,459][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:54:35,472][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:54:35,472][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:54:35,472][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:54:35,472][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T09:54:35,785][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T09:54:36,606][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:41,475][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:45,179][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-08-12T09:54:46,469][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:51,470][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:54:56,478][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T09:55:01,479][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:00:23,915][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:42196 [2024-08-12T10:00:26,519][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:33244 [2024-08-12T10:00:26,603][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:00:31,624][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:00:31,714][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:33254 [2024-08-12T10:00:35,754][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53672 [2024-08-12T10:00:36,606][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) ```

Amazon Linux 2023 - Offline :yellow_circle:

Agent status

```shellsession [root@ip-172-31-38-60 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 10:01:35 UTC; 1h 21min ago Docs: https://documentation.wazuh.com Main PID: 4393 (java) Tasks: 73 (limit: 9373) Memory: 1.3G CPU: 2min 43.141s CGroup: /system.slice/wazuh-indexer.service └─4393 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch> Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager has been called b> Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: Please consider reporting this to the mainta> Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager will be removed i> Aug 12 10:01:12 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: Aug 12, 2024 10:01:12 AM sun.util.locale.provider.Loc> Aug 12 10:01:12 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: COMPAT locale provider will be removed in a > Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: A terminally deprecated method in java.lang.> Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager has been called b> Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: Please consider reporting this to the mainta> Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager will be removed i> Aug 12 10:01:35 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-38-60 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Aug 12 10:01:07 ip-172-31-38-60.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 3399. Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Aug 12 10:01:10 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 10:01:12 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: Aug 12, 2024 10:01:12 AM sun.util.locale.provider.LocaleProviderAdapter Aug 12 10:01:12 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: COMPAT locale provider will be removed in a future release Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Aug 12 10:01:13 ip-172-31-38-60.ec2.internal systemd-entrypoint[4393]: WARNING: System::setSecurityManager will be removed in a future release Aug 12 10:01:35 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 3399. ```

Errors

🟡 `Normal errors of uninitialized indexes.` Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 `Failure no such index.` Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 `Json Mapping Error: Cannot invoke "java.lang.Long.longValue()` Related: https://github.com/opensearch-project/performance-analyzer/issues/644 Related: https://github.com/wazuh/wazuh-indexer/issues/329 🟡 `Authentication finally failed for admin` Related: https://github.com/wazuh/wazuh-indexer/issues/167 🟡 `Authentication finally failed for kibanaserver` Related: https://github.com/wazuh/wazuh-packages/issues/3056 ```shellsession [root@ip-172-31-38-60 ec2-user]# cat /var/log/wazuh-indexer/wazuh-indexer-cluster.log | grep -i -E "error|warn" [2024-08-12T10:01:13,386][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-08-12T10:01:24,418][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-08-12T10:01:27,667][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-08-12T10:01:27,730][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-08-12T10:01:27,732][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-08-12T10:01:29,494][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-08-12T10:01:32,851][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-08-12T10:01:34,438][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:01:35,731][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-08-12T10:01:35,846][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:35,847][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:35,847][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:35,847][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:35,847][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:35,848][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:36,211][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T10:01:39,386][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:01:44,369][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:01:48,854][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:01:48,855][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) [2024-08-12T10:02:04,373][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:02:07,533][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T10:02:09,376][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:02:14,376][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:02:14,786][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-08-12T10:02:15,123][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-08-12T10:02:19,386][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:23:09,595][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:23:13,778][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:37710 [2024-08-12T10:23:14,578][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:26:34,630][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:26:38,074][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for kibanaserver from 127.0.0.1:51056 [2024-08-12T10:26:39,636][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) [2024-08-12T10:26:40,546][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for kibanaserver from 127.0.0.1:51056 [2024-08-12T10:26:43,077][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for kibanaserver from 127.0.0.1:51056 [2024-08-12T10:26:44,635][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) ```

[CarlosALgit]

Wazuh Manager logs :yellow_circle:

Amazon Linux 2023 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-37-24 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 09:59:11 UTC; 1h 55min ago Tasks: 153 (limit: 9373) Memory: 336.8M CPU: 2min 7.444s CGroup: /system.slice/wazuh-manager.service ├─8619 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8620 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8623 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8626 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8670 /var/ossec/bin/wazuh-authd ├─8687 /var/ossec/bin/wazuh-db ├─8713 /var/ossec/bin/wazuh-execd ├─8728 /var/ossec/bin/wazuh-analysisd ├─8741 /var/ossec/bin/wazuh-syscheckd ├─8789 /var/ossec/bin/wazuh-remoted ├─8825 /var/ossec/bin/wazuh-logcollector ├─8845 /var/ossec/bin/wazuh-monitord └─8866 /var/ossec/bin/wazuh-modulesd Aug 12 09:59:03 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-analysisd... Aug 12 09:59:04 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-syscheckd... Aug 12 09:59:05 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-remoted... Aug 12 09:59:06 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-logcollector... Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-monitord... Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8862]: 2024/08/12 09:59:07 wazuh-modulesd:router: INFO: Loaded router modul> Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8862]: 2024/08/12 09:59:07 wazuh-modulesd:content_manager: INFO: Loaded con> Aug 12 09:59:09 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-modulesd... ```

Service status

```shellsession [root@ip-172-31-37-24 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Aug 12 09:55:14 ip-172-31-37-24.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3256. Aug 12 09:55:16 ip-172-31-37-24.ec2.internal env[5613]: 2024/08/12 09:55:16 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:55:16 ip-172-31-37-24.ec2.internal env[5613]: 2024/08/12 09:55:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:55:17 ip-172-31-37-24.ec2.internal env[5580]: Starting Wazuh v4.9.0... Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-apid... Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-csyslogd... Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-dbd... Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5662]: 2024/08/12 09:55:20 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-integratord... Aug 12 09:55:20 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-agentlessd... Aug 12 09:55:21 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-authd... Aug 12 09:55:22 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-db... Aug 12 09:55:23 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-execd... Aug 12 09:55:25 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-analysisd... Aug 12 09:55:26 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-syscheckd... Aug 12 09:55:27 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-remoted... Aug 12 09:55:28 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-logcollector... Aug 12 09:55:29 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-monitord... Aug 12 09:55:29 ip-172-31-37-24.ec2.internal env[5885]: 2024/08/12 09:55:29 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:55:29 ip-172-31-37-24.ec2.internal env[5885]: 2024/08/12 09:55:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:55:30 ip-172-31-37-24.ec2.internal env[5580]: Started wazuh-modulesd... Aug 12 09:55:32 ip-172-31-37-24.ec2.internal env[5580]: Completed. Aug 12 09:55:32 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3256. Aug 12 09:58:47 ip-172-31-37-24.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3711. Aug 12 09:58:47 ip-172-31-37-24.ec2.internal env[8400]: wazuh-clusterd not running... Aug 12 09:58:47 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-modulesd... Aug 12 09:58:47 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-monitord... Aug 12 09:58:48 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-logcollector... Aug 12 09:58:48 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-remoted... Aug 12 09:58:48 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-syscheckd... Aug 12 09:58:49 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-analysisd... Aug 12 09:58:49 ip-172-31-37-24.ec2.internal env[8400]: wazuh-maild not running... Aug 12 09:58:49 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-execd... Aug 12 09:58:49 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-db... Aug 12 09:58:50 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-authd... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: wazuh-agentlessd not running... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: wazuh-integratord not running... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: wazuh-dbd not running... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: wazuh-csyslogd not running... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: Killing wazuh-apid... Aug 12 09:58:51 ip-172-31-37-24.ec2.internal env[8400]: Wazuh v4.9.0 Stopped Aug 12 09:58:51 ip-172-31-37-24.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 12 09:58:51 ip-172-31-37-24.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 3711 and the job result is done. Aug 12 09:58:51 ip-172-31-37-24.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 41.270s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 12 09:58:51 ip-172-31-37-24.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3711. Aug 12 09:58:54 ip-172-31-37-24.ec2.internal env[8590]: 2024/08/12 09:58:54 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:58:54 ip-172-31-37-24.ec2.internal env[8590]: 2024/08/12 09:58:54 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:58:55 ip-172-31-37-24.ec2.internal env[8557]: Starting Wazuh v4.9.0... Aug 12 09:58:58 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-apid... Aug 12 09:58:59 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-csyslogd... Aug 12 09:58:59 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-dbd... Aug 12 09:58:59 ip-172-31-37-24.ec2.internal env[8648]: 2024/08/12 09:58:59 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 09:58:59 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-integratord... Aug 12 09:58:59 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-agentlessd... Aug 12 09:59:00 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-authd... Aug 12 09:59:01 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-db... Aug 12 09:59:02 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-execd... Aug 12 09:59:03 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-analysisd... Aug 12 09:59:04 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-syscheckd... Aug 12 09:59:05 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-remoted... Aug 12 09:59:06 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-logcollector... Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-monitord... Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8862]: 2024/08/12 09:59:07 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:59:07 ip-172-31-37-24.ec2.internal env[8862]: 2024/08/12 09:59:07 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:59:09 ip-172-31-37-24.ec2.internal env[8557]: Started wazuh-modulesd... Aug 12 09:59:11 ip-172-31-37-24.ec2.internal env[8557]: Completed. Aug 12 09:59:11 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3711. ```

Errors

🟡 `IndexerConnector initialization failed for index` Related: https://github.com/wazuh/wazuh/issues/21829 ```shellsession [root@ip-172-31-37-24 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/08/12 09:55:30 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-37-24.ec2.internal', retrying until the connection is successful. 2024/08/12 09:59:09 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-37-24.ec2.internal', retrying until the connection is successful. ```

Ubuntu 22 :yellow_circle:

Agent status

```shellsession root@ip-172-31-40-250:/home/ubuntu# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-08-12 10:01:44 UTC; 1h 54min ago Tasks: 153 (limit: 9425) Memory: 366.2M CPU: 1min 26.694s CGroup: /system.slice/wazuh-manager.service ├─58239 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─58240 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─58243 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─58246 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─58288 /var/ossec/bin/wazuh-authd ├─58304 /var/ossec/bin/wazuh-db ├─58329 /var/ossec/bin/wazuh-execd ├─58343 /var/ossec/bin/wazuh-analysisd ├─58355 /var/ossec/bin/wazuh-syscheckd ├─58404 /var/ossec/bin/wazuh-remoted ├─58438 /var/ossec/bin/wazuh-logcollector ├─58457 /var/ossec/bin/wazuh-monitord └─58479 /var/ossec/bin/wazuh-modulesd Aug 12 10:01:37 ip-172-31-40-250 env[58177]: Started wazuh-analysisd... Aug 12 10:01:38 ip-172-31-40-250 env[58177]: Started wazuh-syscheckd... Aug 12 10:01:39 ip-172-31-40-250 env[58177]: Started wazuh-remoted... Aug 12 10:01:40 ip-172-31-40-250 env[58177]: Started wazuh-logcollector... Aug 12 10:01:41 ip-172-31-40-250 env[58177]: Started wazuh-monitord... Aug 12 10:01:41 ip-172-31-40-250 env[58476]: 2024/08/12 10:01:41 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:01:41 ip-172-31-40-250 env[58476]: 2024/08/12 10:01:41 wazuh-modulesd:content_manager: INFO: Loaded content_manage> Aug 12 10:01:42 ip-172-31-40-250 env[58177]: Started wazuh-modulesd... ```

Service status

```shellsession root@ip-172-31-40-250:/home/ubuntu# journalctl -xe -u wazuh-manager.service --no-pager Aug 12 09:57:08 ip-172-31-40-250 systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3070. Aug 12 09:57:13 ip-172-31-40-250 env[54993]: 2024/08/12 09:57:13 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:57:13 ip-172-31-40-250 env[54993]: 2024/08/12 09:57:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:57:14 ip-172-31-40-250 env[54960]: Starting Wazuh v4.9.0... Aug 12 09:57:18 ip-172-31-40-250 env[54960]: Started wazuh-apid... Aug 12 09:57:18 ip-172-31-40-250 env[54960]: Started wazuh-csyslogd... Aug 12 09:57:18 ip-172-31-40-250 env[54960]: Started wazuh-dbd... Aug 12 09:57:18 ip-172-31-40-250 env[55042]: 2024/08/12 09:57:18 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 09:57:18 ip-172-31-40-250 env[54960]: Started wazuh-integratord... Aug 12 09:57:18 ip-172-31-40-250 env[54960]: Started wazuh-agentlessd... Aug 12 09:57:19 ip-172-31-40-250 env[54960]: Started wazuh-authd... Aug 12 09:57:20 ip-172-31-40-250 env[54960]: Started wazuh-db... Aug 12 09:57:21 ip-172-31-40-250 env[54960]: Started wazuh-execd... Aug 12 09:57:22 ip-172-31-40-250 env[54960]: Started wazuh-analysisd... Aug 12 09:57:24 ip-172-31-40-250 env[54960]: Started wazuh-syscheckd... Aug 12 09:57:25 ip-172-31-40-250 env[54960]: Started wazuh-remoted... Aug 12 09:57:26 ip-172-31-40-250 env[54960]: Started wazuh-logcollector... Aug 12 09:57:27 ip-172-31-40-250 env[54960]: Started wazuh-monitord... Aug 12 09:57:27 ip-172-31-40-250 env[55259]: 2024/08/12 09:57:27 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:57:27 ip-172-31-40-250 env[55259]: 2024/08/12 09:57:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:57:28 ip-172-31-40-250 env[54960]: Started wazuh-modulesd... Aug 12 09:57:30 ip-172-31-40-250 env[54960]: Completed. Aug 12 09:57:30 ip-172-31-40-250 systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3070. Aug 12 10:01:22 ip-172-31-40-250 systemd[1]: Stopping Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4206. Aug 12 10:01:22 ip-172-31-40-250 env[58051]: wazuh-clusterd not running... Aug 12 10:01:22 ip-172-31-40-250 env[58051]: Killing wazuh-modulesd... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-monitord... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-logcollector... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-remoted... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-syscheckd... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-analysisd... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: wazuh-maild not running... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-execd... Aug 12 10:01:23 ip-172-31-40-250 env[58051]: Killing wazuh-db... Aug 12 10:01:24 ip-172-31-40-250 env[58051]: Killing wazuh-authd... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: wazuh-agentlessd not running... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: wazuh-integratord not running... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: wazuh-dbd not running... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: wazuh-csyslogd not running... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: Killing wazuh-apid... Aug 12 10:01:25 ip-172-31-40-250 env[58051]: Wazuh v4.9.0 Stopped Aug 12 10:01:25 ip-172-31-40-250 systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 12 10:01:25 ip-172-31-40-250 systemd[1]: Stopped Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 4206 and the job result is done. Aug 12 10:01:25 ip-172-31-40-250 systemd[1]: wazuh-manager.service: Consumed 1min 32.627s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 12 10:01:25 ip-172-31-40-250 systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4206. Aug 12 10:01:28 ip-172-31-40-250 env[58210]: 2024/08/12 10:01:28 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:01:28 ip-172-31-40-250 env[58210]: 2024/08/12 10:01:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:01:29 ip-172-31-40-250 env[58177]: Starting Wazuh v4.9.0... Aug 12 10:01:32 ip-172-31-40-250 env[58177]: Started wazuh-apid... Aug 12 10:01:32 ip-172-31-40-250 env[58177]: Started wazuh-csyslogd... Aug 12 10:01:32 ip-172-31-40-250 env[58177]: Started wazuh-dbd... Aug 12 10:01:32 ip-172-31-40-250 env[58267]: 2024/08/12 10:01:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 10:01:32 ip-172-31-40-250 env[58177]: Started wazuh-integratord... Aug 12 10:01:32 ip-172-31-40-250 env[58177]: Started wazuh-agentlessd... Aug 12 10:01:34 ip-172-31-40-250 env[58177]: Started wazuh-authd... Aug 12 10:01:35 ip-172-31-40-250 env[58177]: Started wazuh-db... Aug 12 10:01:36 ip-172-31-40-250 env[58177]: Started wazuh-execd... Aug 12 10:01:37 ip-172-31-40-250 env[58177]: Started wazuh-analysisd... Aug 12 10:01:38 ip-172-31-40-250 env[58177]: Started wazuh-syscheckd... Aug 12 10:01:39 ip-172-31-40-250 env[58177]: Started wazuh-remoted... Aug 12 10:01:40 ip-172-31-40-250 env[58177]: Started wazuh-logcollector... Aug 12 10:01:41 ip-172-31-40-250 env[58177]: Started wazuh-monitord... Aug 12 10:01:41 ip-172-31-40-250 env[58476]: 2024/08/12 10:01:41 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:01:41 ip-172-31-40-250 env[58476]: 2024/08/12 10:01:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:01:42 ip-172-31-40-250 env[58177]: Started wazuh-modulesd... Aug 12 10:01:44 ip-172-31-40-250 env[58177]: Completed. Aug 12 10:01:44 ip-172-31-40-250 systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 4206. ```

Errors

🟡 `IndexerConnector initialization failed for index` Related: https://github.com/wazuh/wazuh/issues/21829 ```shellsession root@ip-172-31-40-250:/home/ubuntu# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/08/12 09:57:27 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-40-250', retrying until the connection is successful. 2024/08/12 10:01:42 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-40-250', retrying until the connection is successful. ```

RHEL 9 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-38-175 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 10:00:26 UTC; 2h 10min ago Tasks: 153 (limit: 48194) Memory: 713.8M CPU: 1min 20.120s CGroup: /system.slice/wazuh-manager.service ├─19448 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19449 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19452 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19455 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19498 /var/ossec/bin/wazuh-authd ├─19515 /var/ossec/bin/wazuh-db ├─19542 /var/ossec/bin/wazuh-execd ├─19557 /var/ossec/bin/wazuh-analysisd ├─19569 /var/ossec/bin/wazuh-syscheckd ├─19616 /var/ossec/bin/wazuh-remoted ├─19649 /var/ossec/bin/wazuh-logcollector ├─19669 /var/ossec/bin/wazuh-monitord └─19692 /var/ossec/bin/wazuh-modulesd Aug 12 10:00:19 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-analysisd... Aug 12 10:00:20 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-syscheckd... Aug 12 10:00:20 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-remoted... Aug 12 10:00:21 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-logcollector... Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-monitord... Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19688]: 2024/08/12 10:00:23 wazuh-modulesd:router: INFO: Loaded router mod> Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19688]: 2024/08/12 10:00:23 wazuh-modulesd:content_manager: INFO: Loaded c> Aug 12 10:00:24 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-modulesd... ```

Service status

```shellsession [root@ip-172-31-38-175 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Aug 12 09:56:07 ip-172-31-38-175.ec2.internal systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 2993. Aug 12 09:56:09 ip-172-31-38-175.ec2.internal env[16488]: 2024/08/12 09:56:09 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:56:09 ip-172-31-38-175.ec2.internal env[16488]: 2024/08/12 09:56:09 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:56:11 ip-172-31-38-175.ec2.internal env[16455]: Starting Wazuh v4.9.0... Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-apid... Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-csyslogd... Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-dbd... Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16537]: 2024/08/12 09:56:14 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-integratord... Aug 12 09:56:14 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-agentlessd... Aug 12 09:56:15 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-authd... Aug 12 09:56:16 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-db... Aug 12 09:56:17 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-execd... Aug 12 09:56:18 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-analysisd... Aug 12 09:56:19 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-syscheckd... Aug 12 09:56:20 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-remoted... Aug 12 09:56:22 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-logcollector... Aug 12 09:56:23 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-monitord... Aug 12 09:56:23 ip-172-31-38-175.ec2.internal env[16760]: 2024/08/12 09:56:23 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 09:56:23 ip-172-31-38-175.ec2.internal env[16760]: 2024/08/12 09:56:23 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 09:56:24 ip-172-31-38-175.ec2.internal env[16455]: Started wazuh-modulesd... Aug 12 09:56:26 ip-172-31-38-175.ec2.internal env[16455]: Completed. Aug 12 09:56:26 ip-172-31-38-175.ec2.internal systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 2993. Aug 12 10:00:04 ip-172-31-38-175.ec2.internal systemd[1]: Stopping Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3436. Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: wazuh-clusterd not running... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-modulesd... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-monitord... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-logcollector... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-remoted... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-syscheckd... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-analysisd... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: wazuh-maild not running... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-execd... Aug 12 10:00:04 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-db... Aug 12 10:00:05 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-authd... Aug 12 10:00:06 ip-172-31-38-175.ec2.internal env[19243]: wazuh-agentlessd not running... Aug 12 10:00:06 ip-172-31-38-175.ec2.internal env[19243]: wazuh-integratord not running... Aug 12 10:00:06 ip-172-31-38-175.ec2.internal env[19243]: wazuh-dbd not running... Aug 12 10:00:06 ip-172-31-38-175.ec2.internal env[19243]: wazuh-csyslogd not running... Aug 12 10:00:06 ip-172-31-38-175.ec2.internal env[19243]: Killing wazuh-apid... Aug 12 10:00:07 ip-172-31-38-175.ec2.internal env[19243]: Wazuh v4.9.0 Stopped Aug 12 10:00:07 ip-172-31-38-175.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 12 10:00:07 ip-172-31-38-175.ec2.internal systemd[1]: Stopped Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 3436 and the job result is done. Aug 12 10:00:07 ip-172-31-38-175.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 33.047s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 12 10:00:07 ip-172-31-38-175.ec2.internal systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3436. Aug 12 10:00:09 ip-172-31-38-175.ec2.internal env[19419]: 2024/08/12 10:00:09 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:00:09 ip-172-31-38-175.ec2.internal env[19419]: 2024/08/12 10:00:09 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:00:11 ip-172-31-38-175.ec2.internal env[19386]: Starting Wazuh v4.9.0... Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-apid... Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-csyslogd... Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-dbd... Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19477]: 2024/08/12 10:00:15 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-integratord... Aug 12 10:00:15 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-agentlessd... Aug 12 10:00:16 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-authd... Aug 12 10:00:17 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-db... Aug 12 10:00:18 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-execd... Aug 12 10:00:19 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-analysisd... Aug 12 10:00:20 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-syscheckd... Aug 12 10:00:20 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-remoted... Aug 12 10:00:21 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-logcollector... Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-monitord... Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19688]: 2024/08/12 10:00:23 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:00:23 ip-172-31-38-175.ec2.internal env[19688]: 2024/08/12 10:00:23 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:00:24 ip-172-31-38-175.ec2.internal env[19386]: Started wazuh-modulesd... Aug 12 10:00:26 ip-172-31-38-175.ec2.internal env[19386]: Completed. Aug 12 10:00:26 ip-172-31-38-175.ec2.internal systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3436. ```

Errors

🟡 `IndexerConnector initialization failed for index` Related: https://github.com/wazuh/wazuh/issues/21829 ```shellsession [root@ip-172-31-38-175 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/08/12 09:56:23 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-38-175.ec2.internal', retrying until the connection is successful. 2024/08/12 10:00:23 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-38-175.ec2.internal', retrying until the connection is successful. ```

Amazon Linux 2023 - Offline :yellow_circle:

Agent status

```shellsession [root@ip-172-31-38-60 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 10:26:51 UTC; 1h 45min ago Tasks: 153 (limit: 9373) Memory: 340.8M CPU: 1min 59.703s CGroup: /system.slice/wazuh-manager.service ├─11794 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─11795 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─11798 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─11801 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─11845 /var/ossec/bin/wazuh-authd ├─11862 /var/ossec/bin/wazuh-db ├─11887 /var/ossec/bin/wazuh-execd ├─11902 /var/ossec/bin/wazuh-analysisd ├─11916 /var/ossec/bin/wazuh-syscheckd ├─11964 /var/ossec/bin/wazuh-remoted ├─11999 /var/ossec/bin/wazuh-logcollector ├─12019 /var/ossec/bin/wazuh-monitord └─12042 /var/ossec/bin/wazuh-modulesd Aug 12 10:26:43 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-analysisd... Aug 12 10:26:44 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-syscheckd... Aug 12 10:26:46 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-remoted... Aug 12 10:26:47 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-logcollector... Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-monitord... Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[12038]: 2024/08/12 10:26:48 wazuh-modulesd:router: INFO: Loaded router modu> Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[12038]: 2024/08/12 10:26:48 wazuh-modulesd:content_manager: INFO: Loaded co> Aug 12 10:26:49 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-modulesd... ```

Service status

```shellsession [root@ip-172-31-38-60 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Aug 12 10:22:44 ip-172-31-38-60.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4511. Aug 12 10:22:46 ip-172-31-38-60.ec2.internal env[7644]: 2024/08/12 10:22:46 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:22:46 ip-172-31-38-60.ec2.internal env[7644]: 2024/08/12 10:22:46 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:22:47 ip-172-31-38-60.ec2.internal env[7611]: Starting Wazuh v4.9.0... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-apid... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-csyslogd... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-dbd... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7693]: 2024/08/12 10:22:50 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-integratord... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-agentlessd... Aug 12 10:22:50 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-authd... Aug 12 10:22:51 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-db... Aug 12 10:22:52 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-execd... Aug 12 10:22:53 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-analysisd... Aug 12 10:22:55 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-syscheckd... Aug 12 10:22:56 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-remoted... Aug 12 10:22:57 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-logcollector... Aug 12 10:22:58 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-monitord... Aug 12 10:22:58 ip-172-31-38-60.ec2.internal env[7913]: 2024/08/12 10:22:58 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:22:58 ip-172-31-38-60.ec2.internal env[7913]: 2024/08/12 10:22:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:22:59 ip-172-31-38-60.ec2.internal env[7611]: Started wazuh-modulesd... Aug 12 10:23:01 ip-172-31-38-60.ec2.internal env[7611]: Completed. Aug 12 10:23:01 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 4511. Aug 12 10:23:17 ip-172-31-38-60.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4741. Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: wazuh-clusterd not running... Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-modulesd... Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-monitord... Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-logcollector... Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-remoted... Aug 12 10:23:17 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-syscheckd... Aug 12 10:23:18 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-analysisd... Aug 12 10:23:18 ip-172-31-38-60.ec2.internal env[8784]: wazuh-maild not running... Aug 12 10:23:18 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-execd... Aug 12 10:23:18 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-db... Aug 12 10:23:19 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-authd... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: wazuh-agentlessd not running... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: wazuh-integratord not running... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: wazuh-dbd not running... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: wazuh-csyslogd not running... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: Killing wazuh-apid... Aug 12 10:23:20 ip-172-31-38-60.ec2.internal env[8784]: Wazuh v4.9.0 Stopped Aug 12 10:23:20 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 12 10:23:20 ip-172-31-38-60.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 4741 and the job result is done. Aug 12 10:23:20 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-manager.service: Consumed 46.437s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 12 10:23:20 ip-172-31-38-60.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4741. Aug 12 10:23:23 ip-172-31-38-60.ec2.internal env[8965]: 2024/08/12 10:23:23 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:23:23 ip-172-31-38-60.ec2.internal env[8965]: 2024/08/12 10:23:23 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:23:24 ip-172-31-38-60.ec2.internal env[8931]: Starting Wazuh v4.9.0... Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-apid... Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-csyslogd... Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-dbd... Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[9024]: 2024/08/12 10:23:27 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-integratord... Aug 12 10:23:27 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-agentlessd... Aug 12 10:23:28 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-authd... Aug 12 10:23:29 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-db... Aug 12 10:23:30 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-execd... Aug 12 10:23:31 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-analysisd... Aug 12 10:23:32 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-syscheckd... Aug 12 10:23:33 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-remoted... Aug 12 10:23:34 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-logcollector... Aug 12 10:23:35 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-monitord... Aug 12 10:23:36 ip-172-31-38-60.ec2.internal env[9238]: 2024/08/12 10:23:35 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:23:36 ip-172-31-38-60.ec2.internal env[9238]: 2024/08/12 10:23:36 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:23:37 ip-172-31-38-60.ec2.internal env[8931]: Started wazuh-modulesd... Aug 12 10:23:39 ip-172-31-38-60.ec2.internal env[8931]: Completed. Aug 12 10:23:39 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 4741. Aug 12 10:26:28 ip-172-31-38-60.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 5196. Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: wazuh-clusterd not running... Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-modulesd... Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-monitord... Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-logcollector... Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-remoted... Aug 12 10:26:28 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-syscheckd... Aug 12 10:26:29 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-analysisd... Aug 12 10:26:29 ip-172-31-38-60.ec2.internal env[11585]: wazuh-maild not running... Aug 12 10:26:29 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-execd... Aug 12 10:26:29 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-db... Aug 12 10:26:30 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-authd... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: wazuh-agentlessd not running... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: wazuh-integratord not running... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: wazuh-dbd not running... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: wazuh-csyslogd not running... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: Killing wazuh-apid... Aug 12 10:26:31 ip-172-31-38-60.ec2.internal env[11585]: Wazuh v4.9.0 Stopped Aug 12 10:26:31 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 12 10:26:31 ip-172-31-38-60.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 5196 and the job result is done. Aug 12 10:26:31 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 37.027s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 12 10:26:31 ip-172-31-38-60.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 5196. Aug 12 10:26:34 ip-172-31-38-60.ec2.internal env[11765]: 2024/08/12 10:26:34 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:26:34 ip-172-31-38-60.ec2.internal env[11765]: 2024/08/12 10:26:34 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:26:36 ip-172-31-38-60.ec2.internal env[11732]: Starting Wazuh v4.9.0... Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-apid... Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-csyslogd... Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-dbd... Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11823]: 2024/08/12 10:26:39 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-integratord... Aug 12 10:26:39 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-agentlessd... Aug 12 10:26:40 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-authd... Aug 12 10:26:41 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-db... Aug 12 10:26:42 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-execd... Aug 12 10:26:43 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-analysisd... Aug 12 10:26:44 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-syscheckd... Aug 12 10:26:46 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-remoted... Aug 12 10:26:47 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-logcollector... Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-monitord... Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[12038]: 2024/08/12 10:26:48 wazuh-modulesd:router: INFO: Loaded router module. Aug 12 10:26:48 ip-172-31-38-60.ec2.internal env[12038]: 2024/08/12 10:26:48 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 12 10:26:49 ip-172-31-38-60.ec2.internal env[11732]: Started wazuh-modulesd... Aug 12 10:26:51 ip-172-31-38-60.ec2.internal env[11732]: Completed. Aug 12 10:26:51 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 5196. ```

Errors

🟡 `IndexerConnector initialization failed for index` Related: https://github.com/wazuh/wazuh/issues/21829 ```shellsession [root@ip-172-31-38-60 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/08/12 10:22:58 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-38-60.ec2.internal', retrying until the connection is successful. ```

[CarlosALgit]

Wazuh Dashboard logs :green_circle:

Amazon Linux 2023 :green_circle:

Agent status

```shellsession [root@ip-172-31-37-24 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 09:59:13 UTC; 2h 16min ago Main PID: 9564 (node) Tasks: 11 (limit: 9373) Memory: 186.4M CPU: 26.295s CGroup: /system.slice/wazuh-dashboard.service └─9564 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard> Aug 12 11:09:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:09:> Aug 12 11:10:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:10:> Aug 12 11:11:04 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:11:> Aug 12 11:11:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:11:> Aug 12 11:13:06 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:13:> Aug 12 11:15:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:15:01Z",> Aug 12 11:30:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z",> Aug 12 11:45:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:45:00Z",> Aug 12 12:00:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T12:00:00Z",> Aug 12 12:15:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z",> ```

Service status

```shellsession [root@ip-172-31-37-24 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager Aug 12 09:58:19 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3560. Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-service"],"pid":7835,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-service"],"pid":7835,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-service"],"pid":7835,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-service"],"pid":7835,"message":"Plugin \"dataSource\" is disabled."} Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-service"],"pid":7835,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:32 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:32Z","tags":["info","plugins-system"],"pid":7835,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:33 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:58:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:34Z","tags":["info","savedobjects-service"],"pid":7835,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 09:58:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:34Z","tags":["info","savedobjects-service"],"pid":7835,"message":"Starting saved objects migrations"} Aug 12 09:58:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:34Z","tags":["info","savedobjects-service"],"pid":7835,"message":"Creating index .kibana_1."} Aug 12 09:58:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:35Z","tags":["info","savedobjects-service"],"pid":7835,"message":"Pointing alias .kibana to .kibana_1."} Aug 12 09:58:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:35Z","tags":["info","savedobjects-service"],"pid":7835,"message":"Finished in 650ms."} Aug 12 09:58:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:35Z","tags":["warning","cross-compatibility-service"],"pid":7835,"message":"Starting cross compatibility service"} Aug 12 09:58:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:35Z","tags":["info","plugins-system"],"pid":7835,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:58:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:35Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":7835,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Aug 12 09:58:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:36Z","tags":["info","plugins","wazuh","initialize"],"pid":7835,"message":"dashboard index: .kibana"} Aug 12 09:58:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:36Z","tags":["info","plugins","wazuh","initialize"],"pid":7835,"message":"App revision: 05"} Aug 12 09:58:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:36Z","tags":["info","plugins","wazuh","initialize"],"pid":7835,"message":"Total RAM: 7834MB"} Aug 12 09:58:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:36Z","tags":["error","opensearch","data"],"pid":7835,"message":"[ResponseError]: Response Error"} Aug 12 09:58:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:36Z","tags":["error","opensearch","data"],"pid":7835,"message":"[ResponseError]: Response Error"} Aug 12 09:58:37 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:37Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":7835,"message":"Updated the wazuh-statistics template"} Aug 12 09:58:37 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:37Z","tags":["info","plugins","wazuh","monitoring"],"pid":7835,"message":"Updated the wazuh-agent template"} Aug 12 09:58:37 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:37Z","tags":["listening","info"],"pid":7835,"message":"Server running at https://0.0.0.0:443"} Aug 12 09:58:37 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:37Z","tags":["info","http","server","OpenSearchDashboards"],"pid":7835,"message":"http server running at https://0.0.0.0:443"} Aug 12 09:58:38 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:38Z","tags":["info","plugins","wazuh","monitoring"],"pid":7835,"message":"wazuh-monitoring-2024.33w index created"} Aug 12 09:58:38 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:58:38Z","tags":["info","plugins","wazuh","monitoring"],"pid":7835,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 09:59:13 ip-172-31-37-24.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 3789. Aug 12 09:59:13 ip-172-31-37-24.ec2.internal opensearch-dashboards[7835]: {"type":"log","@timestamp":"2024-08-12T09:59:13Z","tags":["info","plugins-system"],"pid":7835,"message":"Stopping all plugins."} Aug 12 09:59:13 ip-172-31-37-24.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Aug 12 09:59:13 ip-172-31-37-24.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 3789 and the job result is done. Aug 12 09:59:13 ip-172-31-37-24.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 13.068s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Aug 12 09:59:13 ip-172-31-37-24.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3789. Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-service"],"pid":9564,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-service"],"pid":9564,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-service"],"pid":9564,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-service"],"pid":9564,"message":"Plugin \"dataSource\" is disabled."} Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-service"],"pid":9564,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:26 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:26Z","tags":["info","plugins-system"],"pid":9564,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:27Z","tags":["info","savedobjects-service"],"pid":9564,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 09:59:28 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:28Z","tags":["info","savedobjects-service"],"pid":9564,"message":"Starting saved objects migrations"} Aug 12 09:59:28 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:28Z","tags":["warning","cross-compatibility-service"],"pid":9564,"message":"Starting cross compatibility service"} Aug 12 09:59:28 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:28Z","tags":["info","plugins-system"],"pid":9564,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","plugins","wazuh","initialize"],"pid":9564,"message":"dashboard index: .kibana"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","plugins","wazuh","initialize"],"pid":9564,"message":"App revision: 05"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","plugins","wazuh","initialize"],"pid":9564,"message":"Total RAM: 7834MB"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9564,"message":"Updated the wazuh-statistics template"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["listening","info"],"pid":9564,"message":"Server running at https://0.0.0.0:443"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","http","server","OpenSearchDashboards"],"pid":9564,"message":"http server running at https://0.0.0.0:443"} Aug 12 09:59:29 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:29Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Updated the wazuh-agent template"} Aug 12 09:59:30 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T09:59:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 09:59:30 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:31 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T09:59:30Z","tags":[],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":994,"contentLength":9},"message":"GET /status 200 994ms - 9.0B"} Aug 12 10:00:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:00:00Z","tags":["error","opensearch","data"],"pid":9564,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.33w/nSvxYP_xQG2JPwWvW6PFbQ] already exists"} Aug 12 10:00:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:00:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9564,"message":"wazuh-statistics-2024.33w index created"} Aug 12 10:00:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:15:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:30:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:45:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:58:52 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T10:58:52Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"},"res":{"statusCode":302,"responseTime":9,"contentLength":9},"message":"GET / 302 9ms - 9.0B"} Aug 12 11:00:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:02:44 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:02:44Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"00F8F063FD7E0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:03:11 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:03:11Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Aug 12 11:05:23 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:05:23Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Aug 12 11:05:25 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:05:25Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00F8F063FD7E0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:05:25 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:05:25Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8F063FD7E0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Aug 12 11:05:25 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:05:25Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"00F8F063FD7E0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} Aug 12 11:06:27 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:06:27Z","tags":[],"pid":9564,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /favicon.ico 401 4ms - 9.0B"} Aug 12 11:07:50 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:07:50Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57:443","user-agent":"curl/7.64.1","accept":"*/*"},"remoteAddress":"123.160.221.140","userAgent":"curl/7.64.1"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Aug 12 11:08:31 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:08:31Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"} Aug 12 11:08:31 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:08:31Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"} Aug 12 11:08:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:34Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Aug 12 11:08:39 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:39Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-language":"en;q=0.9","cache-control":"max-age=0","dnt":"1","sec-gpc":"1","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"45.15.18.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Aug 12 11:08:41 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"error","@timestamp":"2024-08-12T11:08:41Z","tags":["connection","client","error"],"pid":9564,"level":"error","error":{"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: 00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"00F8F063FD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"} Aug 12 11:08:42 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:42Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"4lixeksa6wusdnx6089.simplifycloudlab.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-language":"en;q=0.9","cache-control":"max-age=0","dnt":"1","sec-gpc":"1","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"123.160.223.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Aug 12 11:08:43 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:43Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"en","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"45.15.18.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Aug 12 11:08:43 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:43Z","tags":[],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"4lixeksa6wusdnx6089.simplifycloudlab.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-language":"en;q=0.9","cache-control":"max-age=0","dnt":"1","referer":"https://4lixeksa6wusdnx6089.simplifycloudlab.com","sec-gpc":"1","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"123.160.223.73","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","referer":"https://4lixeksa6wusdnx6089.simplifycloudlab.com"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /app/login 200 35ms - 9.0B"} Aug 12 11:08:44 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:44Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"4lixeksa6wusdnx6089.simplifycloudlab.com","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"en","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"123.160.223.74","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"},"res":{"statusCode":302,"responseTime":4,"contentLength":9},"message":"GET / 302 4ms - 9.0B"} Aug 12 11:08:46 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:46Z","tags":[],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"en","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"45.15.18.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /app/login 200 17ms - 9.0B"} Aug 12 11:08:50 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:50Z","tags":["api"],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","accept":"*/*","accept-language":"en","referer":"https://18.234.229.57/app/login?","accept-encoding":"gzip"},"remoteAddress":"45.15.18.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","referer":"https://18.234.229.57/app/login?"},"res":{"statusCode":200,"responseTime":40,"contentLength":9},"message":"GET /bootstrap.js 200 40ms - 9.0B"} Aug 12 11:08:56 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:08:56Z","tags":[],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-language":"en;q=0.9","cache-control":"max-age=0","dnt":"1","sec-gpc":"1","upgrade-insecure-requests":"1","accept-encoding":"gzip"},"remoteAddress":"123.160.223.72","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 18ms - 9.0B"} Aug 12 11:09:35 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:09:35Z","tags":[],"pid":9564,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Aug 12 11:09:36 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:09:35Z","tags":[],"pid":9564,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36","accept":"*/*","referer":"https://18.234.229.57/","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36","referer":"https://18.234.229.57/"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /app/login 200 20ms - 9.0B"} Aug 12 11:10:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:10:34Z","tags":[],"pid":9564,"method":"get","statusCode":401,"req":{"url":"/remote/logincheck","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /remote/logincheck 401 2ms - 9.0B"} Aug 12 11:11:04 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:11:04Z","tags":[],"pid":9564,"method":"get","statusCode":401,"req":{"url":"/fonts/ftnt-icons.woff","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /fonts/ftnt-icons.woff 401 3ms - 9.0B"} Aug 12 11:11:34 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:11:34Z","tags":[],"pid":9564,"method":"get","statusCode":401,"req":{"url":"/vpn/index.html","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vpn/index.html 401 3ms - 9.0B"} Aug 12 11:13:06 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"response","@timestamp":"2024-08-12T11:13:06Z","tags":[],"pid":9564,"method":"get","statusCode":401,"req":{"url":"/geoserver/web/","method":"get","headers":{"host":"18.234.229.57","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"184.105.247.194","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /geoserver/web/ 401 3ms - 9.0B"} Aug 12 11:15:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:30:01 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:45:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:00:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:15:00 ip-172-31-37-24.ec2.internal opensearch-dashboards[9564]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9564,"message":"Settings added to wazuh-monitoring-2024.33w index"} ```

Ubuntu 22 :green_circle:

Agent status

```shellsession root@ip-172-31-40-250:/home/ubuntu# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-08-12 10:01:47 UTC; 2h 14min ago Main PID: 59318 (node) Tasks: 11 (limit: 9425) Memory: 184.5M CPU: 25.260s CGroup: /system.slice/wazuh-dashboard.service └─59318 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboar> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags"> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags"> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags"> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:51Z","tags":["> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:51Z","tags":["> Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags"> Aug 12 11:30:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:30:00Z","tags":["in> Aug 12 11:45:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:45:01Z","tags":["in> Aug 12 12:00:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T12:00:01Z","tags":["in> Aug 12 12:15:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z","tags":["in> ```

Service status

```shellsession root@ip-172-31-40-250:/home/ubuntu# journalctl -xe -u wazuh-dashboard.service --no-pager Aug 12 10:00:55 ip-172-31-40-250 systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3858. Aug 12 10:01:06 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:06Z","tags":["info","plugins-service"],"pid":57468,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 10:01:06 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:06Z","tags":["info","plugins-service"],"pid":57468,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 10:01:06 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:06Z","tags":["info","plugins-service"],"pid":57468,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 10:01:06 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:06Z","tags":["info","plugins-service"],"pid":57468,"message":"Plugin \"dataSource\" is disabled."} Aug 12 10:01:06 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:06Z","tags":["info","plugins-service"],"pid":57468,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:07Z","tags":["info","plugins-system"],"pid":57468,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,management,indexPatternManagement,advancedSettings,console,notificationsDashboards,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:07 ip-172-31-40-250 opensearch-dashboards[57468]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:08 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:08Z","tags":["info","savedobjects-service"],"pid":57468,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","savedobjects-service"],"pid":57468,"message":"Starting saved objects migrations"} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","savedobjects-service"],"pid":57468,"message":"Creating index .kibana_1."} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","savedobjects-service"],"pid":57468,"message":"Pointing alias .kibana to .kibana_1."} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","savedobjects-service"],"pid":57468,"message":"Finished in 447ms."} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["warning","cross-compatibility-service"],"pid":57468,"message":"Starting cross compatibility service"} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","plugins-system"],"pid":57468,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,management,indexPatternManagement,advancedSettings,console,notificationsDashboards,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:01:09 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:09Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":57468,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Aug 12 10:01:10 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:10Z","tags":["info","plugins","wazuh","initialize"],"pid":57468,"message":"dashboard index: .kibana"} Aug 12 10:01:10 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:10Z","tags":["info","plugins","wazuh","initialize"],"pid":57468,"message":"App revision: 05"} Aug 12 10:01:10 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:10Z","tags":["info","plugins","wazuh","initialize"],"pid":57468,"message":"Total RAM: 7870MB"} Aug 12 10:01:10 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:10Z","tags":["error","opensearch","data"],"pid":57468,"message":"[ResponseError]: Response Error"} Aug 12 10:01:10 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:10Z","tags":["error","opensearch","data"],"pid":57468,"message":"[ResponseError]: Response Error"} Aug 12 10:01:11 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:11Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":57468,"message":"Updated the wazuh-statistics template"} Aug 12 10:01:11 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:11Z","tags":["info","plugins","wazuh","monitoring"],"pid":57468,"message":"Updated the wazuh-agent template"} Aug 12 10:01:11 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:11Z","tags":["listening","info"],"pid":57468,"message":"Server running at https://0.0.0.0:443"} Aug 12 10:01:11 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:11Z","tags":["info","http","server","OpenSearchDashboards"],"pid":57468,"message":"http server running at https://0.0.0.0:443"} Aug 12 10:01:12 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:12Z","tags":["info","plugins","wazuh","monitoring"],"pid":57468,"message":"wazuh-monitoring-2024.33w index created"} Aug 12 10:01:12 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:12Z","tags":["info","plugins","wazuh","monitoring"],"pid":57468,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:01:46 ip-172-31-40-250 opensearch-dashboards[57468]: {"type":"log","@timestamp":"2024-08-12T10:01:46Z","tags":["info","plugins-system"],"pid":57468,"message":"Stopping all plugins."} Aug 12 10:01:46 ip-172-31-40-250 systemd[1]: Stopping wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 4380. Aug 12 10:01:47 ip-172-31-40-250 systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Aug 12 10:01:47 ip-172-31-40-250 systemd[1]: Stopped wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 4380 and the job result is done. Aug 12 10:01:47 ip-172-31-40-250 systemd[1]: wazuh-dashboard.service: Consumed 12.572s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Aug 12 10:01:47 ip-172-31-40-250 systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 4380. Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-service"],"pid":59318,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-service"],"pid":59318,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-service"],"pid":59318,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-service"],"pid":59318,"message":"Plugin \"dataSource\" is disabled."} Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-service"],"pid":59318,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:58 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:58Z","tags":["info","plugins-system"],"pid":59318,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:01:59 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:01:59Z","tags":["info","savedobjects-service"],"pid":59318,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 10:02:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:00Z","tags":["info","savedobjects-service"],"pid":59318,"message":"Starting saved objects migrations"} Aug 12 10:02:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:00Z","tags":["warning","cross-compatibility-service"],"pid":59318,"message":"Starting cross compatibility service"} Aug 12 10:02:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:00Z","tags":["info","plugins-system"],"pid":59318,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","initialize"],"pid":59318,"message":"dashboard index: .kibana"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","initialize"],"pid":59318,"message":"App revision: 05"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","initialize"],"pid":59318,"message":"Total RAM: 7870MB"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":59318,"message":"Updated the wazuh-statistics template"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Updated the wazuh-agent template"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["listening","info"],"pid":59318,"message":"Server running at https://0.0.0.0:443"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","http","server","OpenSearchDashboards"],"pid":59318,"message":"http server running at https://0.0.0.0:443"} Aug 12 10:02:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:02:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:02:02 ip-172-31-40-250 opensearch-dashboards[59318]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:02:03 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:02:02Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.81.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.81.0"},"res":{"statusCode":200,"responseTime":732,"contentLength":9},"message":"GET /status 200 732ms - 9.0B"} Aug 12 10:05:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:05:00Z","tags":["error","opensearch","data"],"pid":59318,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.33w/aKtCoCo2Q7SJcyFGbE1Zsw] already exists"} Aug 12 10:05:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:05:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":59318,"message":"wazuh-statistics-2024.33w index created"} Aug 12 10:15:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:30:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:45:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:58:08 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:08Z","tags":[],"pid":59318,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.233","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":302,"responseTime":8,"contentLength":9},"message":"GET / 302 8ms - 9.0B"} Aug 12 10:58:09 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:09Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","accept":"*/*","referer":"https://54.162.159.198","accept-encoding":"gzip","connection":"close"},"remoteAddress":"87.236.176.233","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","referer":"https://54.162.159.198"},"res":{"statusCode":200,"responseTime":26,"contentLength":9},"message":"GET /app/login 200 26ms - 9.0B"} Aug 12 10:58:28 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:28Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.37","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":88,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 88ms - 9.0B"} Aug 12 10:58:28 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:28Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.79","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":66,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 66ms - 9.0B"} Aug 12 10:58:28 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:28Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.17","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 58ms - 9.0B"} Aug 12 10:58:28 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T10:58:28Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.149","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 13ms - 9.0B"} Aug 12 10:59:34 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T10:59:34Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00C82790457F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Aug 12 11:00:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:01:14 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:01:14Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:02:53 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:02:53Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00C82790457F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Aug 12 11:03:27 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:03:27Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"00C82790457F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} Aug 12 11:15:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:25:42 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:42Z","tags":[],"pid":59318,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Aug 12 11:25:42 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:42Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Aug 12 11:25:42 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:42Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Aug 12 11:25:42 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:42Z","tags":["warning","process"],"pid":59318,"level":"error","error":{"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.","name":"Warning","stack":"Warning: An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.\n at warnUnclosedSocket (node:_http_server:855:11)\n at TLSSocket.socketOnError (node:_http_server:869:5)\n at onParserExecuteCommon (node:_http_server:904:19)\n at onParserExecute (node:_http_server:825:3)"},"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event."} Aug 12 11:25:45 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:45Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:25:46 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:46Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00C82790457F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:25:47 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:47Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"00C82790457F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00C82790457F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"00C82790457F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 11:25:50 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:50Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /app/login 200 19ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 5ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 3ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 4ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 3ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"54.162.159.198","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /favicon.ico 401 4ms - 9.0B"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:51Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"error","@timestamp":"2024-08-12T11:25:51Z","tags":["connection","client","error"],"pid":59318,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Aug 12 11:25:51 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"response","@timestamp":"2024-08-12T11:25:51Z","tags":[],"pid":59318,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.162.159.198:443","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip"},"remoteAddress":"162.142.125.208","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Aug 12 11:30:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:45:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T11:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:00:01 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T12:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:15:00 ip-172-31-40-250 opensearch-dashboards[59318]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":59318,"message":"Settings added to wazuh-monitoring-2024.33w index"} ```

RHEL 9 :green_circle:

Agent status

```shellsession [root@ip-172-31-38-175 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 10:00:28 UTC; 2h 17min ago Main PID: 20232 (node) Tasks: 11 (limit: 48194) Memory: 188.9M CPU: 25.424s CGroup: /system.slice/wazuh-dashboard.service └─20232 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboar> Aug 12 11:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:00:00Z> Aug 12 11:15:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:15:00Z> Aug 12 11:30:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z> Aug 12 11:45:02 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:45:02Z> Aug 12 12:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T12:00:00Z> Aug 12 12:15:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z> Aug 12 12:16:27 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:2> Aug 12 12:16:28 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:2> Aug 12 12:16:29 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:2> Aug 12 12:16:29 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:2> ```

Service status

```shellsession [root@ip-172-31-38-175 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager Aug 12 09:59:36 ip-172-31-38-175.ec2.internal systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3260. Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-service"],"pid":18671,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-service"],"pid":18671,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-service"],"pid":18671,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-service"],"pid":18671,"message":"Plugin \"dataSource\" is disabled."} Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-service"],"pid":18671,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:49 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:49Z","tags":["info","plugins-system"],"pid":18671,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 09:59:50 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:50Z","tags":["info","savedobjects-service"],"pid":18671,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 09:59:51 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:51Z","tags":["info","savedobjects-service"],"pid":18671,"message":"Starting saved objects migrations"} Aug 12 09:59:51 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:51Z","tags":["info","savedobjects-service"],"pid":18671,"message":"Creating index .kibana_1."} Aug 12 09:59:51 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:51Z","tags":["info","savedobjects-service"],"pid":18671,"message":"Pointing alias .kibana to .kibana_1."} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","savedobjects-service"],"pid":18671,"message":"Finished in 369ms."} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["warning","cross-compatibility-service"],"pid":18671,"message":"Starting cross compatibility service"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins-system"],"pid":18671,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":18671,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuh","initialize"],"pid":18671,"message":"dashboard index: .kibana"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuh","initialize"],"pid":18671,"message":"App revision: 05"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuh","initialize"],"pid":18671,"message":"Total RAM: 7609MB"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["error","opensearch","data"],"pid":18671,"message":"[ResponseError]: Response Error"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["error","opensearch","data"],"pid":18671,"message":"[ResponseError]: Response Error"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuh","monitoring"],"pid":18671,"message":"Updated the wazuh-agent template"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":18671,"message":"Updated the wazuh-statistics template"} Aug 12 09:59:52 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:52Z","tags":["error","plugins","wazuh","monitoring"],"pid":18671,"message":"connect ECONNREFUSED ::1:55000"} Aug 12 09:59:53 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:53Z","tags":["listening","info"],"pid":18671,"message":"Server running at https://0.0.0.0:443"} Aug 12 09:59:53 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T09:59:53Z","tags":["info","http","server","OpenSearchDashboards"],"pid":18671,"message":"http server running at https://0.0.0.0:443"} Aug 12 10:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T10:00:00Z","tags":["error","plugins","wazuh","monitoring"],"pid":18671,"message":"connect ECONNREFUSED ::1:55000"} Aug 12 10:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T10:00:00Z","tags":["error","plugins","wazuh","cron-scheduler"],"pid":18671,"message":"Error: connect ECONNREFUSED ::1:55000"} Aug 12 10:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T10:00:00Z","tags":["error","plugins","wazuh","cron-scheduler"],"pid":18671,"message":"Error: connect ECONNREFUSED ::1:55000"} Aug 12 10:00:28 ip-172-31-38-175.ec2.internal systemd[1]: Stopping wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 3527. Aug 12 10:00:28 ip-172-31-38-175.ec2.internal opensearch-dashboards[18671]: {"type":"log","@timestamp":"2024-08-12T10:00:28Z","tags":["info","plugins-system"],"pid":18671,"message":"Stopping all plugins."} Aug 12 10:00:28 ip-172-31-38-175.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Aug 12 10:00:28 ip-172-31-38-175.ec2.internal systemd[1]: Stopped wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 3527 and the job result is done. Aug 12 10:00:28 ip-172-31-38-175.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 13.072s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Aug 12 10:00:28 ip-172-31-38-175.ec2.internal systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3527. Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-service"],"pid":20232,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-service"],"pid":20232,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-service"],"pid":20232,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-service"],"pid":20232,"message":"Plugin \"dataSource\" is disabled."} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-service"],"pid":20232,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:43Z","tags":["info","plugins-system"],"pid":20232,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:43 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","savedobjects-service"],"pid":20232,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","savedobjects-service"],"pid":20232,"message":"Starting saved objects migrations"} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["warning","cross-compatibility-service"],"pid":20232,"message":"Starting cross compatibility service"} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","plugins-system"],"pid":20232,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","plugins","wazuh","initialize"],"pid":20232,"message":"dashboard index: .kibana"} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","plugins","wazuh","initialize"],"pid":20232,"message":"App revision: 05"} Aug 12 10:00:44 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:44Z","tags":["info","plugins","wazuh","initialize"],"pid":20232,"message":"Total RAM: 7609MB"} Aug 12 10:00:45 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:45Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Updated the wazuh-agent template"} Aug 12 10:00:45 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:45Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20232,"message":"Updated the wazuh-statistics template"} Aug 12 10:00:45 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:45Z","tags":["error","plugins","wazuh","monitoring"],"pid":20232,"message":"connect ECONNREFUSED ::1:55000"} Aug 12 10:00:45 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:45Z","tags":["listening","info"],"pid":20232,"message":"Server running at https://0.0.0.0:443"} Aug 12 10:00:45 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:00:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20232,"message":"http server running at https://0.0.0.0:443"} Aug 12 10:00:46 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:00:46 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"response","@timestamp":"2024-08-12T10:00:46Z","tags":[],"pid":20232,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.76.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.76.1"},"res":{"statusCode":200,"responseTime":640,"contentLength":9},"message":"GET /status 200 640ms - 9.0B"} Aug 12 10:05:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:05:01Z","tags":["error","opensearch","data"],"pid":20232,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.33w/YPf1IwuOT-CARJChKzvbNA] already exists"} Aug 12 10:05:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:05:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20232,"message":"wazuh-statistics-2024.33w index created"} Aug 12 10:15:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"wazuh-monitoring-2024.33w index created"} Aug 12 10:15:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:30:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:45:02 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T10:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:15:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:30:01 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:45:02 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T11:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:00:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:15:00 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20232,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:16:27 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:27Z","tags":["connection","client","error"],"pid":20232,"level":"error","error":{"message":"0078D09EB47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 0078D09EB47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0078D09EB47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Aug 12 12:16:28 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:28Z","tags":["connection","client","error"],"pid":20232,"level":"error","error":{"message":"0078D09EB47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0078D09EB47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0078D09EB47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Aug 12 12:16:29 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:29Z","tags":["connection","client","error"],"pid":20232,"level":"error","error":{"message":"0078D09EB47F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 0078D09EB47F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0078D09EB47F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Aug 12 12:16:29 ip-172-31-38-175.ec2.internal opensearch-dashboards[20232]: {"type":"error","@timestamp":"2024-08-12T12:16:29Z","tags":["connection","client","error"],"pid":20232,"level":"error","error":{"message":"0078D09EB47F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 0078D09EB47F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"0078D09EB47F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} ```

Amazon Linux 2023 - Offline :green_circle:

Agent status

```shellsession [root@ip-172-31-38-60 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Mon 2024-08-12 10:26:54 UTC; 1h 51min ago Main PID: 12672 (node) Tasks: 11 (limit: 9373) Memory: 187.0M CPU: 22.075s CGroup: /system.slice/wazuh-dashboard.service └─12672 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboar> Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z"> Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z"> Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z"> Aug 12 10:45:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:45:00Z"> Aug 12 11:00:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:00:00Z"> Aug 12 11:15:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:15:00Z"> Aug 12 11:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z"> Aug 12 11:45:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:45:00Z"> Aug 12 12:00:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T12:00:01Z"> Aug 12 12:15:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z"> ```

Service status

```shellsession [root@ip-172-31-38-60 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager Aug 12 10:26:26 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 5045. Aug 12 10:26:35 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:35Z","tags":["info","plugins-service"],"pid":11375,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 10:26:35 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:35Z","tags":["info","plugins-service"],"pid":11375,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 10:26:35 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:35Z","tags":["info","plugins-service"],"pid":11375,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 10:26:35 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:35Z","tags":["info","plugins-service"],"pid":11375,"message":"Plugin \"dataSource\" is disabled."} Aug 12 10:26:35 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:35Z","tags":["info","plugins-service"],"pid":11375,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 10:26:36 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:36 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:36Z","tags":["info","plugins-system"],"pid":11375,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:26:36 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:36 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:26:37 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:37Z","tags":["info","savedobjects-service"],"pid":11375,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 10:26:38 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:38Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:38 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:38Z","tags":["error","savedobjects-service"],"pid":11375,"message":"Unable to retrieve version information from OpenSearch nodes."} Aug 12 10:26:40 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:40Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:43 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:43Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:45 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:45Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:48 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:48Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:50 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:50Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:53 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:53Z","tags":["error","opensearch","data"],"pid":11375,"message":"[ResponseError]: Response Error"} Aug 12 10:26:53 ip-172-31-38-60.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 5274. Aug 12 10:26:53 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:53Z","tags":["info","plugins-system"],"pid":11375,"message":"Stopping all plugins."} Aug 12 10:26:53 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:53Z","tags":["info","savedobjects-service"],"pid":11375,"message":"Starting saved objects migrations"} Aug 12 10:26:53 ip-172-31-38-60.ec2.internal opensearch-dashboards[11375]: {"type":"log","@timestamp":"2024-08-12T10:26:53Z","tags":["warning","savedobjects-service"],"pid":11375,"message":"Unable to connect to OpenSearch. Error: Given the configuration, the ConnectionPool was not able to find a usable Connection for this request."} Aug 12 10:26:54 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Aug 12 10:26:54 ip-172-31-38-60.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 5274 and the job result is done. Aug 12 10:26:54 ip-172-31-38-60.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 11.013s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Aug 12 10:26:54 ip-172-31-38-60.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 5274. Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-service"],"pid":12672,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-service"],"pid":12672,"message":"Plugin \"applicationConfig\" is disabled."} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-service"],"pid":12672,"message":"Plugin \"cspHandler\" is disabled."} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-service"],"pid":12672,"message":"Plugin \"dataSource\" is disabled."} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-service"],"pid":12672,"message":"Plugin \"visTypeXy\" is disabled."} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:02Z","tags":["info","plugins-system"],"pid":12672,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:02 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:03Z","tags":["info","savedobjects-service"],"pid":12672,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Aug 12 10:27:03 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:03Z","tags":["info","savedobjects-service"],"pid":12672,"message":"Starting saved objects migrations"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","savedobjects-service"],"pid":12672,"message":"Creating index .kibana_1."} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","savedobjects-service"],"pid":12672,"message":"Pointing alias .kibana to .kibana_1."} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","savedobjects-service"],"pid":12672,"message":"Finished in 250ms."} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["warning","cross-compatibility-service"],"pid":12672,"message":"Starting cross compatibility service"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","plugins-system"],"pid":12672,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":12672,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","plugins","wazuh","initialize"],"pid":12672,"message":"dashboard index: .kibana"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","plugins","wazuh","initialize"],"pid":12672,"message":"App revision: 05"} Aug 12 10:27:04 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:04Z","tags":["info","plugins","wazuh","initialize"],"pid":12672,"message":"Total RAM: 7834MB"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["error","opensearch","data"],"pid":12672,"message":"[ResponseError]: Response Error"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["error","opensearch","data"],"pid":12672,"message":"[ResponseError]: Response Error"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["listening","info"],"pid":12672,"message":"Server running at https://0.0.0.0:443"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["info","http","server","OpenSearchDashboards"],"pid":12672,"message":"http server running at https://0.0.0.0:443"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Updated the wazuh-agent template"} Aug 12 10:27:05 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:05Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":12672,"message":"Updated the wazuh-statistics template"} Aug 12 10:27:06 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:27:06Z","tags":["error","plugins","wazuh","monitoring"],"pid":12672,"message":"Request failed with status code 401"} Aug 12 10:27:14 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Aug 12 10:27:15 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"response","@timestamp":"2024-08-12T10:27:14Z","tags":[],"pid":12672,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"127.0.0.1","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":795,"contentLength":9},"message":"GET /status 200 795ms - 9.0B"} Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z","tags":["error","opensearch","data"],"pid":12672,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.33w/c3wPLCcnTW2Mh9zbbj-UFA] already exists"} Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":12672,"message":"wazuh-statistics-2024.33w index created"} Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"wazuh-monitoring-2024.33w index created"} Aug 12 10:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 10:45:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:00:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:15:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:30:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 11:45:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:00:01 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T12:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} Aug 12 12:15:00 ip-172-31-38-60.ec2.internal opensearch-dashboards[12672]: {"type":"log","@timestamp":"2024-08-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":12672,"message":"Settings added to wazuh-monitoring-2024.33w index"} ```

[CarlosALgit]

Additional tests :green_circle:

Accessing Wazuh web interface

Amazon Linux 2023 :green_circle:

Ubuntu 22 :green_circle:

RHEL 9 :green_circle:

Amazon Linux 2023 - Offline :green_circle:

[rauldpm]

@wazuh/devel-devops we should consider changing the offline testing and using an offline VM, it is not consistent to test the offline functionality in an instance that has internet access (curl download commands), technically, although the script works, we are not testing this https://documentation.wazuh.com/current/deployment-options/offline-installation.html#offline-installation properly

[CarlosALgit]

Offline Installation without internet connection - AL 2023 - v2 :red_circle:

Proof of no internet connection

[ec2-user@ip-172-31-34-52 ~]$ ping google.com
PING google.com (142.251.167.139) 56(84) bytes of data.
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3106ms

Downloading packages and configuration files in other instance

[root@ip-172-31-38-175 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh
[root@ip-172-31-38-175 ec2-user]# chmod 744 wazuh-install.sh
[root@ip-172-31-38-175 ec2-user]# ./wazuh-install.sh -dw rpm
14/08/2024 08:27:35 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
14/08/2024 08:27:35 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/08/2024 08:27:36 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/08/2024 08:27:36 INFO: --- Download Packages ---
14/08/2024 08:27:36 INFO: Starting Wazuh packages download.
14/08/2024 08:27:36 INFO: Downloading Wazuh rpm packages for x86_64.
14/08/2024 08:27:39 INFO: The manager package was downloaded.
14/08/2024 08:27:40 INFO: The filebeat package was downloaded.
14/08/2024 08:27:43 INFO: The indexer package was downloaded.
14/08/2024 08:27:49 INFO: The dashboard package was downloaded.
14/08/2024 08:27:49 INFO: The packages are in wazuh-offline/wazuh-packages
14/08/2024 08:27:49 INFO: Downloading configuration files and assets.
14/08/2024 08:27:49 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
14/08/2024 08:27:50 INFO: The resource https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded.
14/08/2024 08:27:50 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.9.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
14/08/2024 08:27:50 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
14/08/2024 08:27:50 INFO: The configuration files and assets are in wazuh-offline.tar.gz
14/08/2024 08:29:12 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
[root@ip-172-31-38-175 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@ip-172-31-38-175 ec2-user]# vi config.yml
[root@ip-172-31-38-175 ec2-user]# ./wazuh-install.sh -g
14/08/2024 08:32:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0
14/08/2024 08:32:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log
14/08/2024 08:32:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
14/08/2024 08:32:13 INFO: --- Configuration files ---
14/08/2024 08:32:13 INFO: Generating configuration files.
14/08/2024 08:32:13 INFO: Generating the root certificate.
14/08/2024 08:32:14 INFO: Generating Admin certificates.
14/08/2024 08:32:15 INFO: Generating Wazuh indexer certificates.
14/08/2024 08:32:15 INFO: Generating Filebeat certificates.
14/08/2024 08:32:16 INFO: Generating Wazuh dashboard certificates.
14/08/2024 08:32:16 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@ip-172-31-38-175 ec2-user]# scp -i test-ia-25170.pem -P 2200 wazuh-install-files.tar wazuh-offline.tar.gz ec2-user@172.31.34.52:/home/ec2-user/
wazuh-install-files.tar                        100%   11KB  15.0MB/s   00:00    
wazuh-offline.tar.gz                           100% 1374MB 191.7MB/s   00:07
[root@ip-172-31-38-175 ec2-user]# scp -i test-ia-25170.pem -P 2200 wazuh-install.sh ec2-user@172.31.34.52:/home/ec2-user/
wazuh-install.sh                               100%  183KB  86.4MB/s   00:00

[!CAUTION] I had to copy the wazuh-install.sh file also, but the documentation does not mention it. I opened this issue: https://github.com/wazuh/wazuh-documentation/issues/7670 :red_circle:

Install Logs :red_circle:

The installation of the Wazuh Indexer performed okay but the initiation of the cluster running the command bash wazuh-install.sh --start-cluster failed due to this line where it has to download the Filebeat Wazuh Template using curl: https://github.com/wazuh/wazuh-packages/blob/a438b4312a7ba5165b198b20aea06808e8dc1adf/unattended_installer/install_functions/indexer.sh#L190 The initiation of the cluster freezes on this message:

14/08/2024 08:51:43 INFO: Wazuh indexer cluster security configuration initialized.

[!CAUTION] I opened this issue addressing this problem: https://github.com/wazuh/wazuh-packages/issues/3072 :red_circle:

I downloaded and copied the wazuh-templates.json on my local host and changed the code to take that file in order to continue with the test to verify if there were more issues like this.

Install logs manager and dashboard:

The installation logs of the Wazuh Indexer were the expected ones only with the change of the freeze mentioned above. I continued the installation from the Wazuh Manager. ```shellsession [root@ip-172-31-34-52 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 14/08/2024 09:51:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 14/08/2024 09:51:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/08/2024 09:51:20 INFO: Checking installed dependencies for Offline installation. 14/08/2024 09:51:22 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/08/2024 09:51:23 INFO: Checking wazuh-offline.tar.gz file. 14/08/2024 09:51:23 INFO: --- Wazuh server --- 14/08/2024 09:51:23 INFO: Starting the Wazuh manager installation. 14/08/2024 09:52:34 INFO: Wazuh manager installation finished. 14/08/2024 09:52:35 INFO: Wazuh manager vulnerability detection configuration finished. 14/08/2024 09:52:35 INFO: Starting service wazuh-manager. 14/08/2024 09:52:54 INFO: wazuh-manager service started. 14/08/2024 09:52:54 INFO: Starting Filebeat installation. 14/08/2024 09:53:07 INFO: Filebeat installation finished. 14/08/2024 09:53:07 INFO: Filebeat post-install configuration finished. 14/08/2024 09:53:09 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 14/08/2024 09:53:36 INFO: Starting service filebeat. 14/08/2024 09:53:37 INFO: filebeat service started. 14/08/2024 09:53:37 INFO: Installation finished. [root@ip-172-31-34-52 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard 14/08/2024 09:58:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 14/08/2024 09:58:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/08/2024 09:58:39 INFO: Checking installed dependencies for Offline installation. 14/08/2024 09:58:41 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/08/2024 09:58:41 INFO: Wazuh web interface port will be 443. 14/08/2024 09:58:41 INFO: Checking wazuh-offline.tar.gz file. 14/08/2024 09:58:42 INFO: --- Wazuh dashboard ---- 14/08/2024 09:58:42 INFO: Starting Wazuh dashboard installation. 14/08/2024 10:00:45 INFO: Wazuh dashboard installation finished. 14/08/2024 10:00:45 INFO: Wazuh dashboard post-install configuration finished. 14/08/2024 10:00:45 INFO: Starting service wazuh-dashboard. 14/08/2024 10:00:46 INFO: wazuh-dashboard service started. 14/08/2024 10:00:47 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 14/08/2024 10:01:34 INFO: Initializing Wazuh dashboard web application. 14/08/2024 10:01:35 INFO: Wazuh dashboard web application initialized. 14/08/2024 10:01:35 INFO: --- Summary --- 14/08/2024 10:01:35 INFO: You can access the web interface https://:443 User: admin Password: 49c954+nj+zmHBFDIv1QAEcRqiMedXRD 14/08/2024 10:01:35 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession [root@ip-172-31-34-52 ec2-user]# cat /var/log/wazuh-install.log 14/08/2024 09:58:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.0 14/08/2024 09:58:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log 14/08/2024 09:58:39 INFO: Checking installed dependencies for Offline installation. 14/08/2024 09:58:41 INFO: Verifying that your system meets the recommended minimum hardware requirements. 14/08/2024 09:58:41 INFO: Wazuh web interface port will be 443. 14/08/2024 09:58:41 INFO: Checking wazuh-offline.tar.gz file. 14/08/2024 09:58:42 INFO: --- Wazuh dashboard ---- 14/08/2024 09:58:42 INFO: Starting Wazuh dashboard installation. warning: /home/ec2-user/wazuh-offline/wazuh-packages/wazuh-dashboard-4.9.0-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.9.0-1 ######################################## 14/08/2024 10:00:45 INFO: Wazuh dashboard installation finished. 14/08/2024 10:00:45 INFO: Wazuh dashboard post-install configuration finished. 14/08/2024 10:00:45 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 14/08/2024 10:00:46 INFO: wazuh-dashboard service started. Successfully updated the keystore Successfully updated the keystore 14/08/2024 10:00:47 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 14/08/2024 10:01:34 INFO: Initializing Wazuh dashboard web application. 14/08/2024 10:01:35 INFO: Wazuh dashboard web application initialized. 14/08/2024 10:01:35 INFO: Installation finished. ```

Installed packages :green_circle:

[root@ip-172-31-34-52 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.0-1.x86_64                Wed Aug 14 10:00:39 2024
filebeat-7.10.2-1.x86_64                      Wed Aug 14 09:52:55 2024
wazuh-manager-4.9.0-1.x86_64                  Wed Aug 14 09:52:03 2024
wazuh-indexer-4.9.0-1.x86_64                  Wed Aug 14 08:50:53 2024

Wazuh Indexer logs :red_circle:

Agent status

```shellsession [root@ip-172-31-34-52 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Wed 2024-08-14 08:51:29 UTC; 1h 34min ago Docs: https://documentation.wazuh.com Main PID: 3737 (java) Tasks: 75 (limit: 9373) Memory: 1.3G CPU: 2min 46.171s CGroup: /system.slice/wazuh-indexer.service └─3737 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.> Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager has been called by org.opensearch.boots> Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: Please consider reporting this to the maintainers of org.opensearc> Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager will be removed in a future release Aug 14 08:51:08 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: Aug 14, 2024 8:51:08 AM sun.util.locale.provider.LocaleProviderAdapter Aug 14 08:51:08 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: COMPAT locale provider will be removed in a future release Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager has been called by org.opensearch.boots> Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: Please consider reporting this to the maintainers of org.opensearc> Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager will be removed in a future release Aug 14 08:51:29 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-34-52 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Aug 14 08:51:04 ip-172-31-34-52.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 3627. Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Aug 14 08:51:07 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager will be removed in a future release Aug 14 08:51:08 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: Aug 14, 2024 8:51:08 AM sun.util.locale.provider.LocaleProviderAdapter Aug 14 08:51:08 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: COMPAT locale provider will be removed in a future release Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: A terminally deprecated method in java.lang.System has been called Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar) Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Aug 14 08:51:09 ip-172-31-34-52.ec2.internal systemd-entrypoint[3737]: WARNING: System::setSecurityManager will be removed in a future release Aug 14 08:51:29 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 3627. ```

Errors

The command to check the logs failed giving: `cat: /var/log/wazuh-indexer/wazuh-indexer-cluster.log: No such file or directory`. I assume the manual patch I have done to continue with the installation broke the creation of this file. We will investigate this while testing the fix for this issue: https://github.com/wazuh/wazuh-packages/issues/3072

Wazuh Manager logs :yellow_circle:

Agent status

```shellsession [root@ip-172-31-34-52 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Wed 2024-08-14 10:01:12 UTC; 35min ago Tasks: 153 (limit: 9373) Memory: 316.1M CPU: 1min 23.101s CGroup: /system.slice/wazuh-manager.service ├─15154 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─15155 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─15158 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─15161 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─15205 /var/ossec/bin/wazuh-authd ├─15222 /var/ossec/bin/wazuh-db ├─15248 /var/ossec/bin/wazuh-execd ├─15263 /var/ossec/bin/wazuh-analysisd ├─15276 /var/ossec/bin/wazuh-syscheckd ├─15324 /var/ossec/bin/wazuh-remoted ├─15359 /var/ossec/bin/wazuh-logcollector ├─15380 /var/ossec/bin/wazuh-monitord └─15401 /var/ossec/bin/wazuh-modulesd Aug 14 10:01:04 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-analysisd... Aug 14 10:01:05 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-syscheckd... Aug 14 10:01:06 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-remoted... Aug 14 10:01:07 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-logcollector... Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-monitord... Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15397]: 2024/08/14 10:01:09 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15397]: 2024/08/14 10:01:09 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 10:01:10 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-modulesd... Aug 14 10:01:12 ip-172-31-34-52.ec2.internal env[15092]: Completed. Aug 14 10:01:12 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ```

Service status

```shellsession [root@ip-172-31-34-52 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Aug 14 09:52:35 ip-172-31-34-52.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 6881. Aug 14 09:52:37 ip-172-31-34-52.ec2.internal env[11084]: 2024/08/14 09:52:37 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 09:52:37 ip-172-31-34-52.ec2.internal env[11084]: 2024/08/14 09:52:37 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 09:52:39 ip-172-31-34-52.ec2.internal env[11051]: Starting Wazuh v4.9.0... Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-apid... Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-csyslogd... Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-dbd... Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11134]: 2024/08/14 09:52:42 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-integratord... Aug 14 09:52:42 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-agentlessd... Aug 14 09:52:43 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-authd... Aug 14 09:52:44 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-db... Aug 14 09:52:45 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-execd... Aug 14 09:52:46 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-analysisd... Aug 14 09:52:48 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-syscheckd... Aug 14 09:52:49 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-remoted... Aug 14 09:52:50 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-logcollector... Aug 14 09:52:51 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-monitord... Aug 14 09:52:51 ip-172-31-34-52.ec2.internal env[11358]: 2024/08/14 09:52:51 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 09:52:51 ip-172-31-34-52.ec2.internal env[11358]: 2024/08/14 09:52:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 09:52:52 ip-172-31-34-52.ec2.internal env[11051]: Started wazuh-modulesd... Aug 14 09:52:54 ip-172-31-34-52.ec2.internal env[11051]: Completed. Aug 14 09:52:54 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 6881. Aug 14 09:53:11 ip-172-31-34-52.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 7037. Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: wazuh-clusterd not running... Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-modulesd... Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-monitord... Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-logcollector... Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-remoted... Aug 14 09:53:11 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-syscheckd... Aug 14 09:53:12 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-analysisd... Aug 14 09:53:12 ip-172-31-34-52.ec2.internal env[11969]: wazuh-maild not running... Aug 14 09:53:12 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-execd... Aug 14 09:53:12 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-db... Aug 14 09:53:13 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-authd... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: wazuh-agentlessd not running... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: wazuh-integratord not running... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: wazuh-dbd not running... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: wazuh-csyslogd not running... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: Killing wazuh-apid... Aug 14 09:53:14 ip-172-31-34-52.ec2.internal env[11969]: Wazuh v4.9.0 Stopped Aug 14 09:53:14 ip-172-31-34-52.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 14 09:53:14 ip-172-31-34-52.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 7037 and the job result is done. Aug 14 09:53:14 ip-172-31-34-52.ec2.internal systemd[1]: wazuh-manager.service: Consumed 45.155s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 14 09:53:14 ip-172-31-34-52.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 7037. Aug 14 09:53:16 ip-172-31-34-52.ec2.internal env[12146]: 2024/08/14 09:53:16 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 09:53:16 ip-172-31-34-52.ec2.internal env[12146]: 2024/08/14 09:53:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 09:53:18 ip-172-31-34-52.ec2.internal env[12113]: Starting Wazuh v4.9.0... Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-apid... Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-csyslogd... Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-dbd... Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12205]: 2024/08/14 09:53:21 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-integratord... Aug 14 09:53:21 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-agentlessd... Aug 14 09:53:22 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-authd... Aug 14 09:53:23 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-db... Aug 14 09:53:24 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-execd... Aug 14 09:53:25 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-analysisd... Aug 14 09:53:27 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-syscheckd... Aug 14 09:53:28 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-remoted... Aug 14 09:53:29 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-logcollector... Aug 14 09:53:30 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-monitord... Aug 14 09:53:30 ip-172-31-34-52.ec2.internal env[12419]: 2024/08/14 09:53:30 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 09:53:30 ip-172-31-34-52.ec2.internal env[12419]: 2024/08/14 09:53:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 09:53:31 ip-172-31-34-52.ec2.internal env[12113]: Started wazuh-modulesd... Aug 14 09:53:33 ip-172-31-34-52.ec2.internal env[12113]: Completed. Aug 14 09:53:33 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 7037. Aug 14 10:00:48 ip-172-31-34-52.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 7787. Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: wazuh-clusterd not running... Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-modulesd... Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-monitord... Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-logcollector... Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-remoted... Aug 14 10:00:48 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-syscheckd... Aug 14 10:00:49 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-analysisd... Aug 14 10:00:49 ip-172-31-34-52.ec2.internal env[14945]: wazuh-maild not running... Aug 14 10:00:49 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-execd... Aug 14 10:00:49 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-db... Aug 14 10:00:50 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-authd... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: wazuh-agentlessd not running... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: wazuh-integratord not running... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: wazuh-dbd not running... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: wazuh-csyslogd not running... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: Killing wazuh-apid... Aug 14 10:00:51 ip-172-31-34-52.ec2.internal env[14945]: Wazuh v4.9.0 Stopped Aug 14 10:00:51 ip-172-31-34-52.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Aug 14 10:00:51 ip-172-31-34-52.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 7787 and the job result is done. Aug 14 10:00:51 ip-172-31-34-52.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 37.271s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Aug 14 10:00:51 ip-172-31-34-52.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 7787. Aug 14 10:00:55 ip-172-31-34-52.ec2.internal env[15125]: 2024/08/14 10:00:55 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 10:00:55 ip-172-31-34-52.ec2.internal env[15125]: 2024/08/14 10:00:55 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 10:00:56 ip-172-31-34-52.ec2.internal env[15092]: Starting Wazuh v4.9.0... Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-apid... Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-csyslogd... Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-dbd... Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15183]: 2024/08/14 10:00:59 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-integratord... Aug 14 10:00:59 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-agentlessd... Aug 14 10:01:01 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-authd... Aug 14 10:01:02 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-db... Aug 14 10:01:03 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-execd... Aug 14 10:01:04 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-analysisd... Aug 14 10:01:05 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-syscheckd... Aug 14 10:01:06 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-remoted... Aug 14 10:01:07 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-logcollector... Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-monitord... Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15397]: 2024/08/14 10:01:09 wazuh-modulesd:router: INFO: Loaded router module. Aug 14 10:01:09 ip-172-31-34-52.ec2.internal env[15397]: 2024/08/14 10:01:09 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Aug 14 10:01:10 ip-172-31-34-52.ec2.internal env[15092]: Started wazuh-modulesd... Aug 14 10:01:12 ip-172-31-34-52.ec2.internal env[15092]: Completed. Aug 14 10:01:12 ip-172-31-34-52.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 7787. ```

Errors

:yellow_circle: `Orchestration run failed: Error -1 from server` Related: https://github.com/wazuh/wazuh/issues/24300 This error is not because of the Installation Assistant itself. 🟡 `IndexerConnector initialization failed for index` Related: https://github.com/wazuh/wazuh-indexer/issues/167 ```shellsession [root@ip-172-31-34-52 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/08/14 09:52:51 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-34-52.ec2.internal', retrying until the connection is successful. 2024/08/14 10:00:02 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Timeout was reached. 2024/08/14 10:05:35 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Timeout was reached. ```

Wazuh Dashboard logs :green_circle:

Agent status

```shellsession [root@ip-172-31-34-52 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Wed 2024-08-14 10:01:14 UTC; 46min ago Main PID: 15993 (node) Tasks: 11 (limit: 9373) Memory: 183.2M CPU: 20.122s CGroup: /system.slice/wazuh-dashboard.service └─15993 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboard> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:31:42 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:31:42Z","tags":[],"pid":> Aug 14 10:40:55 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:40:55Z","tags":[],"pid":> Aug 14 10:40:55 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"response","@timestamp":"2024-08-14T10:40:55Z","tags":[],"pid":> Aug 14 10:45:00 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"log","@timestamp":"2024-08-14T10:45:00Z","tags":["info","plugi> Aug 14 10:46:24 ip-172-31-34-52.ec2.internal opensearch-dashboards[15993]: {"type":"error","@timestamp":"2024-08-14T10:46:24Z","tags":["connection> ```

Service status

[dashboard-service.txt](https://github.com/user-attachments/files/16612002/dashboard-service.txt)

Accesssing Wazuh Dashboard web interface :green_circle: