Release 4.10.0 - Alpha 3 - Installation assistant

[teddytpc1]

Installation assistant information

Main release candidate issue	https://github.com/wazuh/wazuh/issues/26761
Version	4.10.0
Release candidate	Alpha 3
Tag	https://github.com/wazuh/wazuh/tree/v4.10.0-alpha3
Previous Installation assistant	https://github.com/wazuh/wazuh/issues/26446

---

Description

Test installation assistant with the -a option in the following OSs:

• Amazon Linux 2023.
• RHEL 9.
• Ubuntu 22.04.
  • Test installation assistant with the -dw and -of option (Offline installation)

---

Checks

Status	OS	Check	Issues
:green_circle:	AL2023	Installed packages
:green_circle:	AL2023	Install logs
:red_circle:	AL2023	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: wazuh/wazuh-indexer#167 - Known: https://github.com/opensearch-project/OpenSearch/issues/14744 - New: https://github.com/wazuh/wazuh-indexer/issues/551 - Known: https://github.com/wazuh/wazuh-indexer/issues/488
:yellow_circle:	AL2023	Wazuh manager logs	Known: #25446
:green_circle:	AL2023	Wazuh dashboard logs
:green_circle:	AL2023	Wazuh dashboard
:green_circle:	RHEL 9	Installed packages
:green_circle:	RHEL 9	Install logs
:red_circle:	RHEL 9	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: wazuh/wazuh-indexer#71 - Known: wazuh/wazuh-indexer#167 - Known: https://github.com/opensearch-project/OpenSearch/issues/14744 - New: https://github.com/wazuh/wazuh-indexer/issues/551 - Known: https://github.com/wazuh/wazuh-indexer/issues/488
:yellow_circle:	RHEL 9	Wazuh manager logs	Known: #25446
:green_circle:	RHEL 9	Wazuh dashboard logs
:green_circle:	RHEL 9	Wazuh dashboard
:green_circle:	Ubuntu 22.04	Installed packages
:green_circle:	Ubuntu 22.04	Install logs
:red_circle:	Ubuntu 22.04	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 - Known: wazuh/wazuh-indexer#167 (comment) - Known: https://github.com/opensearch-project/OpenSearch/issues/14744 - New: https://github.com/wazuh/wazuh-indexer/issues/551 - Known: https://github.com/wazuh/wazuh-indexer/issues/488
:yellow_circle:	Ubuntu 22.04	Wazuh manager logs	Known: #25446
:green_circle:	Ubuntu 22.04	Wazuh dashboard logs
:green_circle:	Ubuntu 22.04	Wazuh dashboard
:green_circle:	AL2023	Installed packages - Offline
:green_circle:	AL2023	Install logs - Offline
:red_circle:	AL2023	Wazuh indexer logs - Offline	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: https://github.com/opensearch-project/OpenSearch/issues/14744 - New: https://github.com/wazuh/wazuh-indexer/issues/551 - Known: https://github.com/wazuh/wazuh-indexer/issues/488
:yellow_circle:	AL2023	Wazuh manager logs - Offline	Known: #25446
:green_circle:	AL2023	Wazuh dashboard logs - Offline
:green_circle:	AL2023	Wazuh dashboard - Offline

---

Checks legend:

• Installed packages: the installed packages must match the ones specified in the documentation. If additional packages are installed by the installation assistant, the reason must be justified.
• Install logs: check that there are no errors in the WIA logs.
• Wazuh indexer logs: check that there are no errors in the indexer logs.
• Wazuh manager logs: check that there are no errors in the manager logs.
• Wazuh dashboard logs: check that there are no errors in the dashboard logs.

---

Status legend: :black_circle: - Pending/In progress :white_circle: - Skipped :red_circle: - Rejected :yellow_circle: - Known issue :green_circle: - Approved

---

Conclusion

Some issues were found and they were reported.

Auditor's validation

In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.

• [ ] @wazuh/devel-qa-release
• [x] @wazuh/devel-devops

[CarlosALgit]

Environment

Amazon Linux 2023

[root@ip-172-31-25-55 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.6.20241010"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

Ubuntu 22

root@ip-172-31-16-41:/home/ubuntu# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

RHEL 9

[root@ip-172-31-23-193 ec2-user]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"

Amazon Linux 2023 - Offline

[root@ip-172-31-33-129 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.6.20241031"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

Proof of no internet connection

[root@ip-172-31-33-129 ec2-user]# ping google.com
PING google.com (142.251.167.113) 56(84) bytes of data.
^C
--- google.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2074ms

[CarlosALgit]

Install Logs

Amazon Linux 2023 :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-25-55 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.10/wazuh-install.sh [root@ip-172-31-25-55 ec2-user]# bash ./wazuh-install.sh -a -d pre-release 12/11/2024 11:22:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:03 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:03 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:04 INFO: Wazuh development repository added. 12/11/2024 11:22:04 INFO: --- Configuration files --- 12/11/2024 11:22:04 INFO: Generating configuration files. 12/11/2024 11:22:04 INFO: Generating the root certificate. 12/11/2024 11:22:05 INFO: Generating Admin certificates. 12/11/2024 11:22:05 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:22:06 INFO: Generating Filebeat certificates. 12/11/2024 11:22:06 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:22:07 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:22:08 INFO: --- Wazuh indexer --- 12/11/2024 11:22:08 INFO: Starting Wazuh indexer installation. 12/11/2024 11:23:05 INFO: Wazuh indexer installation finished. 12/11/2024 11:23:05 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:23:05 INFO: Starting service wazuh-indexer. 12/11/2024 11:23:34 INFO: wazuh-indexer service started. 12/11/2024 11:23:34 INFO: Initializing Wazuh indexer cluster security settings. 12/11/2024 11:23:44 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:23:44 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:23:44 INFO: --- Wazuh server --- 12/11/2024 11:23:44 INFO: Starting the Wazuh manager installation. 12/11/2024 11:25:09 INFO: Wazuh manager installation finished. 12/11/2024 11:25:09 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:25:09 INFO: Starting service wazuh-manager. 12/11/2024 11:25:30 INFO: wazuh-manager service started. 12/11/2024 11:25:30 INFO: Starting Filebeat installation. 12/11/2024 11:25:41 INFO: Filebeat installation finished. 12/11/2024 11:25:42 INFO: Filebeat post-install configuration finished. 12/11/2024 11:25:42 INFO: Starting service filebeat. 12/11/2024 11:25:43 INFO: filebeat service started. 12/11/2024 11:25:43 INFO: --- Wazuh dashboard --- 12/11/2024 11:25:43 INFO: Starting Wazuh dashboard installation. 12/11/2024 11:28:27 INFO: Wazuh dashboard installation finished. 12/11/2024 11:28:27 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:28:27 INFO: Starting service wazuh-dashboard. 12/11/2024 11:28:28 INFO: wazuh-dashboard service started. 12/11/2024 11:28:28 INFO: Updating the internal users. 12/11/2024 11:28:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/11/2024 11:29:12 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/11/2024 11:30:02 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:30:02 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:18 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:33 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:30:33 INFO: --- Summary --- 12/11/2024 11:30:33 INFO: You can access the web interface https://:443 User: admin Password: Hv.DNrv5d?C5Fc9NayCnKdUI+QrRa74P 12/11/2024 11:30:33 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession [root@ip-172-31-25-55 ec2-user]# cat /var/log/wazuh-install.log 12/11/2024 11:22:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:03 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:03 INFO: Wazuh web interface port will be 443. [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/11/2024 11:22:04 INFO: Wazuh development repository added. 12/11/2024 11:22:04 INFO: --- Configuration files --- 12/11/2024 11:22:04 INFO: Generating configuration files. 12/11/2024 11:22:04 INFO: Generating the root certificate. 12/11/2024 11:22:05 INFO: Generating Admin certificates. 12/11/2024 11:22:05 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:22:06 INFO: Generating Filebeat certificates. 12/11/2024 11:22:06 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:22:07 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:22:08 INFO: --- Wazuh indexer --- 12/11/2024 11:22:08 INFO: Starting Wazuh indexer installation. EL-2023.6.20241010 - Wazuh 43 MB/s | 31 MB 00:00 Last metadata expiration check: 0:00:14 ago on Tue Nov 12 11:22:09 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.10.0-1 wazuh 831 M Transaction Summary ================================================================================ Install 1 Package Total download size: 831 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.10.0-1.x86_64.rpm 88 MB/s | 831 MB 00:09 -------------------------------------------------------------------------------- Total 88 MB/s | 831 MB 00:09 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.10.0-1.x86_64 1/1 Installing : wazuh-indexer-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.10.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.10.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.6.20241028: Run the following command to upgrade to 2023.6.20241028: dnf upgrade --releasever=2023.6.20241028 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241028.html Version 2023.6.20241031: Run the following command to upgrade to 2023.6.20241031: dnf upgrade --releasever=2023.6.20241031 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241031.html ================================================================================ Installed: wazuh-indexer-4.10.0-1.x86_64 Complete! 12/11/2024 11:23:05 INFO: Wazuh indexer installation finished. 12/11/2024 11:23:05 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:23:05 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/11/2024 11:23:34 INFO: wazuh-indexer service started. 12/11/2024 11:23:34 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null Done with success 12/11/2024 11:23:44 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:23:44 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:23:44 INFO: --- Wazuh server --- 12/11/2024 11:23:44 INFO: Starting the Wazuh manager installation. Last metadata expiration check: 0:01:36 ago on Tue Nov 12 11:22:09 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.10.0-1 wazuh 315 M Transaction Summary ================================================================================ Install 1 Package Total download size: 315 M Installed size: 793 M Downloading Packages: wazuh-manager-4.10.0-1.x86_64.rpm 87 MB/s | 315 MB 00:03 -------------------------------------------------------------------------------- Total 87 MB/s | 315 MB 00:03 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.10.0-1.x86_64 1/1 Installing : wazuh-manager-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.10.0-1.x86_64 1/1 Verifying : wazuh-manager-4.10.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.6.20241028: Run the following command to upgrade to 2023.6.20241028: dnf upgrade --releasever=2023.6.20241028 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241028.html Version 2023.6.20241031: Run the following command to upgrade to 2023.6.20241031: dnf upgrade --releasever=2023.6.20241031 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241031.html ================================================================================ Installed: wazuh-manager-4.10.0-1.x86_64 Complete! 12/11/2024 11:25:09 INFO: Wazuh manager installation finished. 12/11/2024 11:25:09 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:25:09 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/11/2024 11:25:30 INFO: wazuh-manager service started. 12/11/2024 11:25:30 INFO: Starting Filebeat installation. Last metadata expiration check: 0:03:21 ago on Tue Nov 12 11:22:09 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 51 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 51 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.6.20241028: Run the following command to upgrade to 2023.6.20241028: dnf upgrade --releasever=2023.6.20241028 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241028.html Version 2023.6.20241031: Run the following command to upgrade to 2023.6.20241031: dnf upgrade --releasever=2023.6.20241031 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241031.html ================================================================================ Installed: filebeat-7.10.2-1.x86_64 Complete! 12/11/2024 11:25:41 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/module.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:25:42 INFO: Filebeat post-install configuration finished. 12/11/2024 11:25:42 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/11/2024 11:25:43 INFO: filebeat service started. 12/11/2024 11:25:43 INFO: --- Wazuh dashboard --- 12/11/2024 11:25:43 INFO: Starting Wazuh dashboard installation. Last metadata expiration check: 0:03:35 ago on Tue Nov 12 11:22:09 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.10.0-1 wazuh 261 M Transaction Summary ================================================================================ Install 1 Package Total download size: 261 M Installed size: 873 M Downloading Packages: wazuh-dashboard-4.10.0-1.x86_64.rpm 62 MB/s | 261 MB 00:04 -------------------------------------------------------------------------------- Total 61 MB/s | 261 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.10.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.10.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.10.0-1.x86_64 1/1================================================================================ WARNING: A newer release of "Amazon Linux" is available. Available Versions: Version 2023.6.20241028: Run the following command to upgrade to 2023.6.20241028: dnf upgrade --releasever=2023.6.20241028 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241028.html Version 2023.6.20241031: Run the following command to upgrade to 2023.6.20241031: dnf upgrade --releasever=2023.6.20241031 Release notes: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241031.html ================================================================================ Installed: wazuh-dashboard-4.10.0-1.x86_64 Complete! 12/11/2024 11:28:27 INFO: Wazuh dashboard installation finished. 12/11/2024 11:28:27 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:28:27 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/11/2024 11:28:28 INFO: wazuh-dashboard service started. 12/11/2024 11:28:28 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/11/2024 11:28:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:29:12 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/11/2024 11:30:02 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:30:02 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:18 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:33 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:30:33 INFO: Installation finished. ```

Ubuntu 22 :green_circle:

Logs on the console:

```shellsession root@ip-172-31-16-41:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.10/wazuh-install.sh root@ip-172-31-16-41:/home/ubuntu# bash ./wazuh-install.sh -a -d pre-release 12/11/2024 11:22:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:35 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:36 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:47 INFO: --- Dependencies ---- 12/11/2024 11:22:47 INFO: Installing apt-transport-https. 12/11/2024 11:22:58 INFO: Installing debhelper. 12/11/2024 11:23:35 INFO: Wazuh development repository added. 12/11/2024 11:23:35 INFO: --- Configuration files --- 12/11/2024 11:23:35 INFO: Generating configuration files. 12/11/2024 11:23:36 INFO: Generating the root certificate. 12/11/2024 11:23:36 INFO: Generating Admin certificates. 12/11/2024 11:23:37 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:23:37 INFO: Generating Filebeat certificates. 12/11/2024 11:23:38 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:23:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:23:40 INFO: --- Wazuh indexer --- 12/11/2024 11:23:40 INFO: Starting Wazuh indexer installation. 12/11/2024 11:24:28 INFO: Wazuh indexer installation finished. 12/11/2024 11:24:29 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:24:29 INFO: Starting service wazuh-indexer. 12/11/2024 11:24:58 INFO: wazuh-indexer service started. 12/11/2024 11:24:58 INFO: Initializing Wazuh indexer cluster security settings. 12/11/2024 11:25:09 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:25:09 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:25:09 INFO: --- Wazuh server --- 12/11/2024 11:25:09 INFO: Starting the Wazuh manager installation. 12/11/2024 11:26:57 INFO: Wazuh manager installation finished. 12/11/2024 11:26:58 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:26:58 INFO: Starting service wazuh-manager. 12/11/2024 11:27:23 INFO: wazuh-manager service started. 12/11/2024 11:27:23 INFO: Starting Filebeat installation. 12/11/2024 11:27:42 INFO: Filebeat installation finished. 12/11/2024 11:27:44 INFO: Filebeat post-install configuration finished. 12/11/2024 11:27:44 INFO: Starting service filebeat. 12/11/2024 11:27:46 INFO: filebeat service started. 12/11/2024 11:27:46 INFO: --- Wazuh dashboard --- 12/11/2024 11:27:46 INFO: Starting Wazuh dashboard installation. 12/11/2024 11:30:25 INFO: Wazuh dashboard installation finished. 12/11/2024 11:30:25 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:30:25 INFO: Starting service wazuh-dashboard. 12/11/2024 11:30:26 INFO: wazuh-dashboard service started. 12/11/2024 11:30:29 INFO: Updating the internal users. 12/11/2024 11:30:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/11/2024 11:31:10 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/11/2024 11:32:00 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:32:00 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:32:16 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:32:31 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:32:31 INFO: --- Summary --- 12/11/2024 11:32:31 INFO: You can access the web interface https://:443 User: admin Password: 0+zVk4it477WPSJgDnLgf*jSs2bnL+tT 12/11/2024 11:32:31 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession root@ip-172-31-16-41:/home/ubuntu# cat /var/log/wazuh-install.log 12/11/2024 11:22:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB] Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [2149 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [367 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [17.9 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2633 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [455 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [612 B] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1134 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [265 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [26.4 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [440 B] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.7 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.1 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.8 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [672 B] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B] Get:31 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1932 kB] Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [309 kB] Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13.3 kB] Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2573 kB] Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [444 kB] Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [580 B] Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [913 kB] Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [181 kB] Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19.5 kB] Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB] Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B] Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [224 B] Fetched 34.4 MB in 7s (5135 kB/s) Reading package lists... 12/11/2024 11:22:35 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:36 INFO: Wazuh web interface port will be 443. Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Reading package lists... 12/11/2024 11:22:47 INFO: --- Dependencies ---- 12/11/2024 11:22:47 INFO: Installing apt-transport-https. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 221 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.13 [1510 B] Fetched 1510 B in 0s (65.4 kB/s) Selecting previously unselected package NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 12/11/2024 11:22:58 INFO: Installing debhelper. Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 217 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-125.135 [1345 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.10 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 kB] Preconfiguring packages ... Fetched 72.2 MB in 1s (53.6 MB/s) (Reading datab NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) " imported gpg: Total number processed: 1 gpg: imported: 1 deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB] Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [42.4 kB] Fetched 59.7 kB in 1s (57.6 kB/s) Reading package lists... 12/11/2024 11:23:35 INFO: Wazuh development repository added. 12/11/2024 11:23:35 INFO: --- Configuration files --- 12/11/2024 11:23:35 INFO: Generating configuration files. 12/11/2024 11:23:36 INFO: Generating the root certificate. 12/11/2024 11:23:36 INFO: Generating Admin certificates. 12/11/2024 11:23:37 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:23:37 INFO: Generating Filebeat certificates. 12/11/2024 11:23:38 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:23:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:23:40 INFO: --- Wazuh indexer --- 12/11/2024 11:23:40 INFO: Starting Wazuh indexer installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 870 MB of archives. After this operation, 1097 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automati NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service 12/11/2024 11:24:28 INFO: Wazuh indexer installation finished. 12/11/2024 11:24:29 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:24:29 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. 12/11/2024 11:24:58 INFO: wazuh-indexer service started. 12/11/2024 11:24:58 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null Done with success 12/11/2024 11:25:09 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:25:09 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:25:09 INFO: --- Wazuh server --- 12/11/2024 11:25:09 INFO: Starting the Wazuh manager installation. Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 350 MB of archives. After this operation, 921 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.10.0-1 [350 MB] Fetched 350 MB in 9s (39.7 MB/s) Selecting previously unselecte NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service NEEDRESTART-SVC: wazuh-indexer.service 12/11/2024 11:26:57 INFO: Wazuh manager installation finished. 12/11/2024 11:26:58 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:26:58 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service. 12/11/2024 11:27:23 INFO: wazuh-manager service started. 12/11/2024 11:27:23 INFO: Starting Filebeat installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 file NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service NEEDRESTART-SVC: wazuh-indexer.service 12/11/2024 11:27:42 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/module.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:27:44 INFO: Filebeat post-install configuration finished. 12/11/2024 11:27:44 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service. 12/11/2024 11:27:46 INFO: filebeat service started. 12/11/2024 11:27:46 INFO: --- Wazuh dashboard --- 12/11/2024 11:27:46 INFO: Starting Wazuh dashboard installation. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 174 MB of archives. After this operation, 957 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.10.0-1 [174 MB] Fetched 174 MB in 5s (32.3 MB/s) Selecting previously unselected package wazuh-dashboa NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: getty@tty1.service NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: serial-getty@ttyS0.service NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: user@1000.service NEEDRESTART-SVC: wazuh-indexer.service 12/11/2024 11:30:25 INFO: Wazuh dashboard installation finished. 12/11/2024 11:30:25 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:30:25 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/11/2024 11:30:26 INFO: wazuh-dashboard service started. 12/11/2024 11:30:29 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/11/2024 11:30:38 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:31:10 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ubuntu Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/11/2024 11:32:00 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:32:00 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:32:16 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:32:31 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:32:31 INFO: Installation finished. ```

RHEL 9 :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-23-193 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.10/wazuh-install.sh [root@ip-172-31-23-193 ec2-user]# bash ./wazuh-install.sh -a -d pre-release 12/11/2024 11:22:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:10 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:10 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:10 INFO: --- Dependencies --- 12/11/2024 11:22:10 INFO: Installing lsof. 12/11/2024 11:22:38 INFO: Wazuh development repository added. 12/11/2024 11:22:38 INFO: --- Configuration files --- 12/11/2024 11:22:38 INFO: Generating configuration files. 12/11/2024 11:22:38 INFO: Generating the root certificate. 12/11/2024 11:22:39 INFO: Generating Admin certificates. 12/11/2024 11:22:40 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:22:40 INFO: Generating Filebeat certificates. 12/11/2024 11:22:41 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:22:41 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:22:42 INFO: --- Wazuh indexer --- 12/11/2024 11:22:42 INFO: Starting Wazuh indexer installation. 12/11/2024 11:23:34 INFO: Wazuh indexer installation finished. 12/11/2024 11:23:34 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:23:34 INFO: Starting service wazuh-indexer. 12/11/2024 11:24:00 INFO: wazuh-indexer service started. 12/11/2024 11:24:00 INFO: Initializing Wazuh indexer cluster security settings. 12/11/2024 11:24:10 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:24:10 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:24:10 INFO: --- Wazuh server --- 12/11/2024 11:24:10 INFO: Starting the Wazuh manager installation. 12/11/2024 11:25:24 INFO: Wazuh manager installation finished. 12/11/2024 11:25:24 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:25:24 INFO: Starting service wazuh-manager. 12/11/2024 11:25:43 INFO: wazuh-manager service started. 12/11/2024 11:25:43 INFO: Starting Filebeat installation. 12/11/2024 11:26:28 INFO: Filebeat installation finished. 12/11/2024 11:26:29 INFO: Filebeat post-install configuration finished. 12/11/2024 11:26:29 INFO: Starting service filebeat. 12/11/2024 11:26:30 INFO: filebeat service started. 12/11/2024 11:26:30 INFO: --- Wazuh dashboard --- 12/11/2024 11:26:30 INFO: Starting Wazuh dashboard installation. 12/11/2024 11:28:47 INFO: Wazuh dashboard installation finished. 12/11/2024 11:28:47 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:28:47 INFO: Starting service wazuh-dashboard. 12/11/2024 11:28:48 INFO: wazuh-dashboard service started. 12/11/2024 11:28:48 INFO: Updating the internal users. 12/11/2024 11:28:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/11/2024 11:29:29 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/11/2024 11:30:14 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:30:14 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:31 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:46 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:30:46 INFO: --- Summary --- 12/11/2024 11:30:46 INFO: You can access the web interface https://:443 User: admin Password: Z6BC0XQ3LNKjkE?jx4slXpg49AF8KTuC 12/11/2024 11:30:46 INFO: --- Dependencies --- 12/11/2024 11:30:46 INFO: Removing lsof. 12/11/2024 11:30:48 INFO: Installation finished. ```

Logs in wazuh-install.log:

```shellsession [root@ip-172-31-23-193 ec2-user]# cat /var/log/wazuh-install.log 12/11/2024 11:22:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 25 files removed 12/11/2024 11:22:10 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:10 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:10 INFO: --- Dependencies --- 12/11/2024 11:22:10 INFO: Installing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 80 MB/s | 42 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 62 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 31 kB/s | 3.2 kB 00:00 Last metadata expiration check: 0:00:01 ago on Tue 12 Nov 2024 11:22:33 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 4.0 MB/s | 241 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.5 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 3.4 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 80 MB/s | 42 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 62 MB/s | 35 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 31 kB/s | 3.2 kB 00:00 Last metadata expiration check: 0:00:01 ago on Tue 12 Nov 2024 11:22:33 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 4.0 MB/s | 241 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.5 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 3.4 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! [wazuh] gpgcheck=1 gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-${releasever} - Wazuh baseurl=https://packages-dev.wazuh.com/pre-release/yum/ protect=1 12/11/2024 11:22:38 INFO: Wazuh development repository added. 12/11/2024 11:22:38 INFO: --- Configuration files --- 12/11/2024 11:22:38 INFO: Generating configuration files. 12/11/2024 11:22:38 INFO: Generating the root certificate. 12/11/2024 11:22:39 INFO: Generating Admin certificates. 12/11/2024 11:22:40 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:22:40 INFO: Generating Filebeat certificates. 12/11/2024 11:22:41 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:22:41 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 12/11/2024 11:22:42 INFO: --- Wazuh indexer --- 12/11/2024 11:22:42 INFO: Starting Wazuh indexer installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 29 MB/s | 31 MB 00:01 Last metadata expiration check: 0:00:10 ago on Tue 12 Nov 2024 11:22:44 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.10.0-1 wazuh 831 M Transaction Summary ================================================================================ Install 1 Package Total download size: 831 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.10.0-1.x86_64.rpm 96 MB/s | 831 MB 00:08 -------------------------------------------------------------------------------- Total 96 MB/s | 831 MB 00:08 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.10.0-1.x86_64 1/1 Installing : wazuh-indexer-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.10.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.10.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.10.0-1.x86_64 Complete! 12/11/2024 11:23:34 INFO: Wazuh indexer installation finished. 12/11/2024 11:23:34 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:23:34 INFO: Starting service wazuh-indexer. Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service. 12/11/2024 11:24:00 INFO: wazuh-indexer service started. 12/11/2024 11:24:00 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null Done with success 12/11/2024 11:24:10 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:24:10 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:24:10 INFO: --- Wazuh server --- 12/11/2024 11:24:10 INFO: Starting the Wazuh manager installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:27 ago on Tue 12 Nov 2024 11:22:44 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.10.0-1 wazuh 315 M Transaction Summary ================================================================================ Install 1 Package Total download size: 315 M Installed size: 793 M Downloading Packages: wazuh-manager-4.10.0-1.x86_64.rpm 96 MB/s | 315 MB 00:03 -------------------------------------------------------------------------------- Total 95 MB/s | 315 MB 00:03 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.10.0-1.x86_64 1/1 Installing : wazuh-manager-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.10.0-1.x86_64 1/1 Verifying : wazuh-manager-4.10.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.10.0-1.x86_64 Complete! 12/11/2024 11:25:24 INFO: Wazuh manager installation finished. 12/11/2024 11:25:24 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:25:24 INFO: Starting service wazuh-manager. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service. 12/11/2024 11:25:43 INFO: wazuh-manager service started. 12/11/2024 11:25:43 INFO: Starting Filebeat installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:00 ago on Tue 12 Nov 2024 11:22:44 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 37 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 37 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete! 12/11/2024 11:26:28 INFO: Filebeat installation finished. wazuh/ wazuh/_meta/ wazuh/_meta/config.yml wazuh/_meta/docs.asciidoc wazuh/_meta/fields.yml wazuh/archives/ wazuh/archives/ingest/ wazuh/archives/ingest/pipeline.json wazuh/archives/config/ wazuh/archives/config/archives.yml wazuh/archives/manifest.yml wazuh/module.yml wazuh/alerts/ wazuh/alerts/ingest/ wazuh/alerts/ingest/pipeline.json wazuh/alerts/config/ wazuh/alerts/config/alerts.yml wazuh/alerts/manifest.yml Created filebeat keystore Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:26:29 INFO: Filebeat post-install configuration finished. 12/11/2024 11:26:29 INFO: Starting service filebeat. Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service. 12/11/2024 11:26:30 INFO: filebeat service started. 12/11/2024 11:26:30 INFO: --- Wazuh dashboard --- 12/11/2024 11:26:30 INFO: Starting Wazuh dashboard installation. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:52 ago on Tue 12 Nov 2024 11:22:44 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.10.0-1 wazuh 261 M Transaction Summary ================================================================================ Install 1 Package Total download size: 261 M Installed size: 873 M Downloading Packages: wazuh-dashboard-4.10.0-1.x86_64.rpm 53 MB/s | 261 MB 00:04 -------------------------------------------------------------------------------- Total 52 MB/s | 261 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.10.0-1.x86_64 1/1 Installing : wazuh-dashboard-4.10.0-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.10.0-1.x86_64 1/1 Verifying : wazuh-dashboard-4.10.0-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.10.0-1.x86_64 Complete! 12/11/2024 11:28:47 INFO: Wazuh dashboard installation finished. 12/11/2024 11:28:47 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:28:47 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/11/2024 11:28:48 INFO: wazuh-dashboard service started. 12/11/2024 11:28:48 INFO: Updating the internal users. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml 12/11/2024 11:28:56 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml Successfully updated the keystore Successfully updated the keystore 12/11/2024 11:29:29 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.16.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index already exists, so we do not need to create one. Populate config from /home/ec2-user Force type: internalusers Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml SUCC: Configuration for 'internalusers' created or updated SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null Done with success 12/11/2024 11:30:14 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:30:14 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:31 INFO: Wazuh dashboard web application not yet initialized. Waiting... 12/11/2024 11:30:46 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:30:46 INFO: --- Dependencies --- 12/11/2024 11:30:46 INFO: Removing lsof. Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @rhel-9-baseos-rhui-rpms 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete! 12/11/2024 11:30:48 INFO: Installation finished. ```

Amazon Linux 2023 - Offline :green_circle:

Logs on the console:

```shellsession [root@ip-172-31-33-129 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.10/wazuh-install.sh [root@ip-172-31-33-129 ec2-user]# ls wazuh-install.sh [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh -dw rpm -d pre-release 12/11/2024 11:08:56 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:08:56 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:08:57 INFO: --- Dependencies --- 12/11/2024 11:08:57 INFO: Installing curl. 12/11/2024 11:09:09 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:09:09 INFO: --- Download Packages --- 12/11/2024 11:09:09 INFO: Starting Wazuh packages download. 12/11/2024 11:09:09 INFO: Downloading Wazuh rpm packages for x86_64. 12/11/2024 11:09:13 INFO: The manager package was downloaded. 12/11/2024 11:09:14 INFO: The filebeat package was downloaded. 12/11/2024 11:09:17 INFO: The indexer package was downloaded. 12/11/2024 11:09:18 INFO: The dashboard package was downloaded. 12/11/2024 11:09:18 INFO: The packages are in wazuh-offline/wazuh-packages 12/11/2024 11:09:18 INFO: Downloading configuration files and assets. 12/11/2024 11:09:18 INFO: The resource https://packages.wazuh.com/key/GPG-KEY-WAZUH was downloaded. 12/11/2024 11:09:18 INFO: The resource https://packages-dev.wazuh.com/4.10/tpl/wazuh/filebeat/filebeat.yml was downloaded. 12/11/2024 11:09:18 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.10.0-alpha3/extensions/elasticsearch/7.x/wazuh-template.json was downloaded. 12/11/2024 11:09:19 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded. 12/11/2024 11:09:19 INFO: The configuration files and assets are in wazuh-offline.tar.gz 12/11/2024 11:10:32 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html [root@ip-172-31-33-129 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.10/config.yml [root@ip-172-31-33-129 ec2-user]# nano config.yml [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh -g 12/11/2024 11:12:07 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:12:07 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:12:07 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:12:07 INFO: --- Configuration files --- 12/11/2024 11:12:07 INFO: Generating configuration files. 12/11/2024 11:12:08 INFO: Generating the root certificate. 12/11/2024 11:12:08 INFO: Generating Admin certificates. 12/11/2024 11:12:08 INFO: Generating Wazuh indexer certificates. 12/11/2024 11:12:09 INFO: Generating Filebeat certificates. 12/11/2024 11:12:10 INFO: Generating Wazuh dashboard certificates. 12/11/2024 11:12:10 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. [root@ip-172-31-33-129 ec2-user]# ls wazuh-install-files.tar wazuh-install.sh wazuh-offline.tar.gz [root@ip-172-31-33-129 ec2-user]# ping google.com PING google.com (142.251.179.100) 56(84) bytes of data. ^C --- google.com ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3153ms [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1 12/11/2024 11:14:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:14:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:14:30 INFO: Checking dependencies for Wazuh installation assistant. 12/11/2024 11:14:32 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:14:32 INFO: Checking prerequisites for Offline installation. 12/11/2024 11:14:33 INFO: Checking wazuh-offline.tar.gz file. 12/11/2024 11:14:47 INFO: --- Wazuh indexer --- 12/11/2024 11:14:47 INFO: Starting Wazuh indexer installation. 12/11/2024 11:15:07 INFO: Wazuh indexer installation finished. 12/11/2024 11:15:07 INFO: Wazuh indexer post-install configuration finished. 12/11/2024 11:15:07 INFO: Starting service wazuh-indexer. 12/11/2024 11:15:33 INFO: wazuh-indexer service started. 12/11/2024 11:15:33 INFO: Initializing Wazuh indexer cluster security settings. 12/11/2024 11:15:34 INFO: Wazuh indexer cluster initialized. 12/11/2024 11:15:34 INFO: Installation finished. [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh --offline-installation --start-cluster 12/11/2024 11:17:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:17:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:17:43 INFO: Checking dependencies for Wazuh installation assistant. 12/11/2024 11:17:46 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:17:46 INFO: Checking wazuh-offline.tar.gz file. 12/11/2024 11:17:52 INFO: Wazuh indexer cluster security configuration initialized. 12/11/2024 11:17:58 INFO: Updating the internal users. 12/11/2024 11:18:02 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder. 12/11/2024 11:18:23 INFO: Wazuh indexer cluster started. [root@ip-172-31-33-129 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1 indexer_username: 'admin' indexer_password: 'CtUIdS+FXZr8oLx+eG6JGc*ezWfjVYvY' [root@ip-172-31-33-129 ec2-user]# curl -k -u admin:CtUIdS+FXZr8oLx+eG6JGc*ezWfjVYvY https://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "wazuh-indexer-cluster", "cluster_uuid" : "BgqkqXy2Q7u9_HNnUuCGog", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "5c45cfd897744e4b299896be4b19de1eabc993f6", "build_date" : "2024-11-08T12:49:48.681554Z", "build_snapshot" : false, "lucene_version" : "9.11.1", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@ip-172-31-33-129 ec2-user]# curl -k -u admin:CtUIdS+FXZr8oLx+eG6JGc*ezWfjVYvY https://127.0.0.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 127.0.0.1 48 73 18 0.34 0.40 0.22 dimr data,ingest,master,remote_cluster_client * node-1 [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1 12/11/2024 11:19:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:19:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:19:41 INFO: Checking dependencies for Wazuh installation assistant. 12/11/2024 11:19:44 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:19:44 INFO: Checking wazuh-offline.tar.gz file. 12/11/2024 11:19:44 INFO: --- Wazuh server --- 12/11/2024 11:19:44 INFO: Starting the Wazuh manager installation. 12/11/2024 11:20:49 INFO: Wazuh manager installation finished. 12/11/2024 11:20:49 INFO: Wazuh manager vulnerability detection configuration finished. 12/11/2024 11:20:49 INFO: Starting service wazuh-manager. 12/11/2024 11:21:09 INFO: wazuh-manager service started. 12/11/2024 11:21:09 INFO: Starting Filebeat installation. 12/11/2024 11:21:19 INFO: Filebeat installation finished. 12/11/2024 11:21:20 INFO: Filebeat post-install configuration finished. 12/11/2024 11:21:22 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password. 12/11/2024 11:21:49 INFO: Starting service filebeat. 12/11/2024 11:21:50 INFO: filebeat service started. 12/11/2024 11:21:50 INFO: Installation finished. [root@ip-172-31-33-129 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard 12/11/2024 11:22:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:27 INFO: Checking dependencies for Wazuh installation assistant. 12/11/2024 11:22:32 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:32 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:32 INFO: Checking prerequisites for Offline installation. 12/11/2024 11:22:33 INFO: Checking wazuh-offline.tar.gz file. 12/11/2024 11:22:33 INFO: --- Wazuh dashboard ---- 12/11/2024 11:22:33 INFO: Starting Wazuh dashboard installation. 12/11/2024 11:24:41 INFO: Wazuh dashboard installation finished. 12/11/2024 11:24:41 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:24:41 INFO: Starting service wazuh-dashboard. 12/11/2024 11:24:42 INFO: wazuh-dashboard service started. 12/11/2024 11:25:01 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:25:02 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:25:02 INFO: --- Summary --- 12/11/2024 11:25:02 INFO: You can access the web interface https://:443 User: admin Password: CtUIdS+FXZr8oLx+eG6JGc*ezWfjVYvY 12/11/2024 11:25:02 INFO: Installation finished. ```

Logs in wazuh-install.log

```shellsession [root@ip-172-31-33-129 ec2-user]# cat /var/log/wazuh-install.log 12/11/2024 11:22:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.0 12/11/2024 11:22:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log 12/11/2024 11:22:27 INFO: Checking dependencies for Wazuh installation assistant. 12/11/2024 11:22:32 INFO: Verifying that your system meets the recommended minimum hardware requirements. 12/11/2024 11:22:32 INFO: Wazuh web interface port will be 443. 12/11/2024 11:22:32 INFO: Checking prerequisites for Offline installation. 12/11/2024 11:22:33 INFO: Checking wazuh-offline.tar.gz file. 12/11/2024 11:22:33 INFO: --- Wazuh dashboard ---- 12/11/2024 11:22:33 INFO: Starting Wazuh dashboard installation. Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.10.0-1 ######################################## 12/11/2024 11:24:41 INFO: Wazuh dashboard installation finished. 12/11/2024 11:24:41 INFO: Wazuh dashboard post-install configuration finished. 12/11/2024 11:24:41 INFO: Starting service wazuh-dashboard. Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service. 12/11/2024 11:24:42 INFO: wazuh-dashboard service started. 12/11/2024 11:25:01 INFO: Initializing Wazuh dashboard web application. 12/11/2024 11:25:02 INFO: Wazuh dashboard web application initialized. 12/11/2024 11:25:02 INFO: Installation finished. ```

[CarlosALgit]

Installed packages :green_circle:

Amazon Linux 2023 :green_circle:

[root@ip-172-31-25-55 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.10.0-1.x86_64               Tue Nov 12 11:28:15 2024
filebeat-7.10.2-1.x86_64                      Tue Nov 12 11:25:32 2024
wazuh-manager-4.10.0-1.x86_64                 Tue Nov 12 11:24:34 2024
wazuh-indexer-4.10.0-1.x86_64                 Tue Nov 12 11:22:58 2024
gpg-pubkey-29111145-591cd381                  Tue Nov 12 11:22:04 2024

Ubuntu 22 :green_circle:

root@ip-172-31-16-41:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-11-12 11:24:01 install wazuh-indexer:amd64 <none> 4.10.0-1
2024-11-12 11:25:19 install wazuh-manager:amd64 <none> 4.10.0-1
2024-11-12 11:27:25 install filebeat:amd64 <none> 7.10.2
2024-11-12 11:27:56 install wazuh-dashboard:amd64 <none> 4.10.0-1

RHEL 9 :green_circle:

[root@ip-172-31-23-193 ec2-user]# rpm -qa --last | head -n 20
rh-amazon-rhui-client-4.0.19-1.el9.noarch     Tue 12 Nov 2024 11:39:02 AM UTC
wazuh-dashboard-4.10.0-1.x86_64               Tue 12 Nov 2024 11:28:39 AM UTC
filebeat-7.10.2-1.x86_64                      Tue 12 Nov 2024 11:25:47 AM UTC
wazuh-manager-4.10.0-1.x86_64                 Tue 12 Nov 2024 11:24:54 AM UTC
wazuh-indexer-4.10.0-1.x86_64                 Tue 12 Nov 2024 11:23:29 AM UTC
gpg-pubkey-29111145-591cd381                  Tue 12 Nov 2024 11:22:37 AM UTC

Amazon Linux 2023 - Offline :green_circle:

[root@ip-172-31-33-129 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.10.0-1.x86_64               Tue Nov 12 11:24:32 2024
filebeat-7.10.2-1.x86_64                      Tue Nov 12 11:21:10 2024
wazuh-manager-4.10.0-1.x86_64                 Tue Nov 12 11:20:20 2024
wazuh-indexer-4.10.0-1.x86_64                 Tue Nov 12 11:15:01 2024
gpg-pubkey-29111145-591cd381                  Tue Nov 12 11:14:46 2024

[CarlosALgit]

Wazuh Indexer logs :red_circle:

Amazon Linux 2023 :red_circle:

Agent status

```shellsession [root@ip-172-31-25-55 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:23:34 UTC; 28min ago Docs: https://documentation.wazuh.com Main PID: 4065 (java) Tasks: 74 (limit: 9373) Memory: 1.3G CPU: 2min 4.899s CGroup: /system.slice/wazuh-indexer.service └─4065 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.n> Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager has been called by > Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: Please consider reporting this to the maintain> Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager will be removed in > Nov 12 11:23:11 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: Nov 12, 2024 11:23:11 AM sun.util.locale.provider.Local> Nov 12 11:23:11 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: COMPAT locale provider will be removed in a fu> Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: A terminally deprecated method in java.lang.Sy> Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager has been called by > Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: Please consider reporting this to the maintain> Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager will be removed in > Nov 12 11:23:34 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-25-55 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Nov 12 11:23:06 ip-172-31-25-55.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 2819. Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Nov 12 11:23:09 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:23:11 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: Nov 12, 2024 11:23:11 AM sun.util.locale.provider.LocaleProviderAdapter Nov 12 11:23:11 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: COMPAT locale provider will be removed in a future release Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Nov 12 11:23:12 ip-172-31-25-55.ec2.internal systemd-entrypoint[4065]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:23:34 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 2819. ```

Errors

🟡 Normal errors of uninitialized indexes. Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 Failure no such index. Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 Authentication finally failed for admin Related: https://github.com/wazuh/wazuh-indexer/issues/167 :red_circle: Falling back to single shard assignment. Related: https://github.com/opensearch-project/OpenSearch/issues/14744 New issue: https://github.com/wazuh/wazuh-indexer/issues/551 🟡 Failed loading builtin log types from disk Related: https://github.com/wazuh/wazuh-indexer/issues/488 ```shellsession [root@ip-172-31-25-55 ec2-user]# head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-11-12T11:23:12,547][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-11-12T11:23:13,100][WARN ][o.a.l.i.v.VectorizationProvider] [node-1] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. [2024-11-12T11:23:19,977][WARN ][stderr ] [node-1] WARNING: A restricted method in java.lang.foreign.Linker has been called [2024-11-12T11:23:19,979][WARN ][stderr ] [node-1] WARNING: java.lang.foreign.Linker::downcallHandle has been called by the unnamed module [2024-11-12T11:23:19,980][WARN ][stderr ] [node-1] WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for this module [2024-11-12T11:23:23,923][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-11-12T11:23:26,989][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-11-12T11:23:27,058][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-11-12T11:23:27,061][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-11-12T11:23:28,989][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-11-12T11:23:31,925][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-11-12T11:23:33,581][ERROR][o.o.s.l.BuiltinLogTypeLoader] [node-1] Failed loading builtin log types from disk! at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-2.16.0.jar:2.16.0] [2024-11-12T11:23:34,526][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-11-12T11:23:34,566][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:34,595][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:34,978][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-11-12T11:23:35,242][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:35,645][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,645][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,645][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,645][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,646][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,646][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,646][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,646][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,647][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,647][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:23:35,737][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:36,487][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:42,211][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:42,383][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:44,644][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-11-12T11:23:54,603][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:23:54,833][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:34,623][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:47,615][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:49,057][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:29,864][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:30,195][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:28:55,428][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:28:55,873][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:01,495][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:01,837][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:36,728][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:47048 [2024-11-12T11:29:46,549][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60060 [2024-11-12T11:29:49,662][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60060 [2024-11-12T11:35:00,249][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:35:00,600][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set ```

Ubuntu 22 :red_circle:

Agent status

```shellsession root@ip-172-31-16-41:/home/ubuntu# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-11-12 11:24:58 UTC; 55min ago Docs: https://documentation.wazuh.com Main PID: 5606 (java) Tasks: 67 (limit: 9425) Memory: 1.3G CPU: 2min 8.449s CGroup: /system.slice/wazuh-indexer.service └─5606 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.n> Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager has been called by org.opensearc> Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: Please consider reporting this to the maintainers of org.op> Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager will be removed in a future rele> Nov 12 11:24:35 ip-172-31-16-41 systemd-entrypoint[5606]: Nov 12, 2024 11:24:35 AM sun.util.locale.provider.LocaleProviderAdap> Nov 12 11:24:35 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: COMPAT locale provider will be removed in a future release Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: A terminally deprecated method in java.lang.System has been> Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager has been called by org.opensearc> Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: Please consider reporting this to the maintainers of org.op> Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager will be removed in a future rele> Nov 12 11:24:58 ip-172-31-16-41 systemd[1]: Started wazuh-indexer. ```

Service status

```shellsession root@ip-172-31-16-41:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager Nov 12 11:24:30 ip-172-31-16-41 systemd[1]: Starting wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 2760. Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Nov 12 11:24:33 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:24:35 ip-172-31-16-41 systemd-entrypoint[5606]: Nov 12, 2024 11:24:35 AM sun.util.locale.provider.LocaleProviderAdapter Nov 12 11:24:35 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: COMPAT locale provider will be removed in a future release Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Nov 12 11:24:36 ip-172-31-16-41 systemd-entrypoint[5606]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:24:58 ip-172-31-16-41 systemd[1]: Started wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 2760. ```

Errors

🟡 Normal errors of uninitialized indexes. Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 Failure no such index. Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 Authentication finally failed for admin Related: https://github.com/wazuh/wazuh-indexer/issues/167 :red_circle: Falling back to single shard assignment. Related: https://github.com/opensearch-project/OpenSearch/issues/14744 New issue: https://github.com/wazuh/wazuh-indexer/issues/551 🟡 Failed loading builtin log types from disk Related: https://github.com/wazuh/wazuh-indexer/issues/488 ```shellsession root@ip-172-31-16-41:/home/ubuntu# head -n 1000 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-11-12T11:24:36,202][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true] [2024-11-12T11:24:36,549][WARN ][o.a.l.i.v.VectorizationProvider] [node-1] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. [2024-11-12T11:24:43,290][WARN ][stderr ] [node-1] WARNING: A restricted method in java.lang.foreign.Linker has been called [2024-11-12T11:24:43,293][WARN ][stderr ] [node-1] WARNING: java.lang.foreign.Linker::downcallHandle has been called by the unnamed module [2024-11-12T11:24:43,294][WARN ][stderr ] [node-1] WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for this module [2024-11-12T11:24:50,575][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-11-12T11:24:50,638][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-11-12T11:24:50,641][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-11-12T11:24:52,692][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-11-12T11:24:55,731][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-11-12T11:24:57,537][ERROR][o.o.s.l.BuiltinLogTypeLoader] [node-1] Failed loading builtin log types from disk! at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-2.16.0.jar:2.16.0] [2024-11-12T11:24:58,511][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-11-12T11:24:58,547][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:58,576][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:58,939][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-11-12T11:24:59,188][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:59,607][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,616][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,618][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,618][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,619][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,619][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,629][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,629][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,636][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,637][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:59,689][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:00,624][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:06,275][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:06,486][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:09,156][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-11-12T11:25:18,563][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:19,403][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:58,660][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:27:52,236][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:27:54,139][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:28:22,951][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:28:23,722][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:30:52,303][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:30:52,861][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:30:58,821][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:30:59,114][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:31:35,667][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:40772 [2024-11-12T11:35:00,681][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:35:00,888][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set ```

RHEL 9 :red_circle:

Agent status

```shellsession [root@ip-172-31-23-193 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:24:00 UTC; 1h 0min ago Docs: https://documentation.wazuh.com Main PID: 14937 (java) Tasks: 74 (limit: 48194) Memory: 1.3G CPU: 2min 15.705s CGroup: /system.slice/wazuh-indexer.service └─14937 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.> Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager has been called b> Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: Please consider reporting this to the mainta> Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager will be removed i> Nov 12 11:23:39 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: Nov 12, 2024 11:23:39 AM sun.util.locale.provider.Loc> Nov 12 11:23:39 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: COMPAT locale provider will be removed in a > Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: A terminally deprecated method in java.lang.> Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager has been called b> Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: Please consider reporting this to the mainta> Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager will be removed i> Nov 12 11:24:00 ip-172-31-23-193.ec2.internal systemd[1]: Started wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-23-193 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Nov 12 11:23:35 ip-172-31-23-193.ec2.internal systemd[1]: Starting wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 3050. Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Nov 12 11:23:37 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:23:39 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: Nov 12, 2024 11:23:39 AM sun.util.locale.provider.LocaleProviderAdapter Nov 12 11:23:39 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: COMPAT locale provider will be removed in a future release Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Nov 12 11:23:40 ip-172-31-23-193.ec2.internal systemd-entrypoint[14937]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:24:00 ip-172-31-23-193.ec2.internal systemd[1]: Started wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 3050. ```

Errors

🟡 Normal errors of uninitialized indexes. Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 Failure no such index. Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 🟡 Fail to read queue capacity via reflection Related: https://github.com/wazuh/wazuh-indexer/issues/71 🟡 Authentication finally failed for admin Related: https://github.com/wazuh/wazuh-indexer/issues/167 :red_circle: Falling back to single shard assignment. Related: https://github.com/opensearch-project/OpenSearch/issues/14744 New issue: https://github.com/wazuh/wazuh-indexer/issues/551 🟡 Failed loading builtin log types from disk Related: https://github.com/wazuh/wazuh-indexer/issues/488 ```shellsession [root@ip-172-31-23-193 ec2-user]# head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn" [2024-11-12T11:23:40,102][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-11-12T11:23:40,565][WARN ][o.a.l.i.v.VectorizationProvider] [node-1] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. [2024-11-12T11:23:46,697][WARN ][stderr ] [node-1] WARNING: A restricted method in java.lang.foreign.Linker has been called [2024-11-12T11:23:46,698][WARN ][stderr ] [node-1] WARNING: java.lang.foreign.Linker::downcallHandle has been called by the unnamed module [2024-11-12T11:23:46,698][WARN ][stderr ] [node-1] WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for this module [2024-11-12T11:23:50,624][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-11-12T11:23:53,123][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-11-12T11:23:53,183][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-11-12T11:23:53,185][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-11-12T11:23:55,022][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-11-12T11:23:55,636][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,648][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,649][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,650][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,650][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,650][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,664][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,664][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,665][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,665][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,666][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,666][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,675][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,676][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,677][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,677][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,677][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,678][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,678][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,686][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,687][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,687][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,688][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,692][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,693][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,693][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,693][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,694][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,700][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,700][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,704][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,705][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,705][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,705][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,706][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,706][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,706][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,707][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,707][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,708][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,708][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:55,708][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection [2024-11-12T11:23:57,735][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-11-12T11:23:59,265][ERROR][o.o.s.l.BuiltinLogTypeLoader] [node-1] Failed loading builtin log types from disk! at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-2.16.0.jar:2.16.0] [2024-11-12T11:24:00,076][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-11-12T11:24:00,097][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:00,140][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:00,477][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-11-12T11:24:00,813][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:01,130][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,130][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,136][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,139][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,146][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,147][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,147][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,147][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,147][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,148][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:24:01,285][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:02,094][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:07,699][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:07,845][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:10,165][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-11-12T11:24:20,095][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:24:20,263][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:25:00,183][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:34,038][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:35,063][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:43,113][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:26:43,619][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:15,110][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:15,461][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:21,133][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:21,376][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:29:50,141][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:42326 [2024-11-12T11:30:02,393][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60296 [2024-11-12T11:30:04,849][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60296 ```

Amazon Linux 2023 - Offline :red_circle:

Agent status

```shellsession [root@ip-172-31-33-129 ec2-user]# systemctl status wazuh-indexer ● wazuh-indexer.service - wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:15:33 UTC; 1h 19min ago Docs: https://documentation.wazuh.com Main PID: 4280 (java) Tasks: 75 (limit: 9374) Memory: 1.3G CPU: 2min 35.836s CGroup: /system.slice/wazuh-indexer.service └─4280 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.n> Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager has been called by> Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: Please consider reporting this to the maintai> Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager will be removed in> Nov 12 11:15:12 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: Nov 12, 2024 11:15:12 AM sun.util.locale.provider.Loca> Nov 12 11:15:12 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: COMPAT locale provider will be removed in a f> Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: A terminally deprecated method in java.lang.S> Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager has been called by> Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: Please consider reporting this to the maintai> Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager will be removed in> Nov 12 11:15:33 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ```

Service status

```shellsession [root@ip-172-31-33-129 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager Nov 12 11:15:08 ip-172-31-33-129.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer... ░░ Subject: A start job for unit wazuh-indexer.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has begun execution. ░░ ░░ The job identifier is 2663. Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Nov 12 11:15:11 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:15:12 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: Nov 12, 2024 11:15:12 AM sun.util.locale.provider.LocaleProviderAdapter Nov 12 11:15:12 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: COMPAT locale provider will be removed in a future release Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: A terminally deprecated method in java.lang.System has been called Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar) Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Nov 12 11:15:13 ip-172-31-33-129.ec2.internal systemd-entrypoint[4280]: WARNING: System::setSecurityManager will be removed in a future release Nov 12 11:15:33 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. ░░ Subject: A start job for unit wazuh-indexer.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-indexer.service has finished successfully. ░░ ░░ The job identifier is 2663. ```

Errors

🟡 Normal errors of uninitialized indexes. Related: https://github.com/wazuh/wazuh-packages/issues/1511#issuecomment-1308329094 🟡 Failure no such index. Related: https://github.com/wazuh/wazuh-indexer/issues/167#issuecomment-1965152923 :red_circle: Falling back to single shard assignment. Related: https://github.com/opensearch-project/OpenSearch/issues/14744 New issue: https://github.com/wazuh/wazuh-indexer/issues/551 🟡 Failed loading builtin log types from disk!. Related: https://github.com/wazuh/wazuh-indexer/issues/488 ```shellsession [root@ip-172-31-33-129 ec2-user]# head -n 400 /var/log/wazuh-indexer/wazuh-indexer-cluster.log | grep -i -E "error|warn" [2024-11-12T11:15:13,552][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-11-12T11:15:13,902][WARN ][o.a.l.i.v.VectorizationProvider] [node-1] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. [2024-11-12T11:15:20,202][WARN ][stderr ] [node-1] WARNING: A restricted method in java.lang.foreign.Linker has been called [2024-11-12T11:15:20,203][WARN ][stderr ] [node-1] WARNING: java.lang.foreign.Linker::downcallHandle has been called by the unnamed module [2024-11-12T11:15:20,205][WARN ][stderr ] [node-1] WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for this module [2024-11-12T11:15:24,114][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC [2024-11-12T11:15:26,717][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-11-12T11:15:26,769][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-11-12T11:15:26,770][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-11-12T11:15:28,650][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information [2024-11-12T11:15:31,363][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2024-11-12T11:15:32,893][ERROR][o.o.s.l.BuiltinLogTypeLoader] [node-1] Failed loading builtin log types from disk! at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-2.16.0.jar:2.16.0] [2024-11-12T11:15:33,662][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring. [2024-11-12T11:15:33,693][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:33,727][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:33,772][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,798][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:33,798][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:34,060][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-11-12T11:15:34,347][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:34,589][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:34,951][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:46,803][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,804][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,805][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,805][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:46,805][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:53,680][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:53,796][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:15:59,806][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,807][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,807][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,808][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,808][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,808][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,808][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,808][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,809][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:15:59,809][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,810][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,811][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,811][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,811][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,811][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,812][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,812][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,812][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,812][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:12,812][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,814][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,814][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,814][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,814][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,815][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,815][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,816][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,816][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,816][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:25,816][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:33,756][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:16:38,817][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,818][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,818][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,819][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,819][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,819][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,819][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,820][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,820][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:38,820][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,821][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,822][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,822][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,822][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,822][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,822][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,823][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,823][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,823][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:16:51,823][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,825][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,825][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,825][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,826][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:04,827][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,828][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,828][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,828][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,828][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,829][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,829][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,829][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,829][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,829][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:17,830][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,831][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,831][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,831][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,831][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,832][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,832][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,832][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,832][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,833][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:30,833][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,834][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,834][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,836][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:43,836][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [ACTIONGROUPS, ALLOWLIST, AUDIT, CONFIG, INTERNALUSERS, NODESDN, ROLES, ROLESMAPPING, TENANTS, WHITELIST] (index=.opendistro_security) [2024-11-12T11:17:46,546][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) [2024-11-12T11:17:50,131][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:17:50,276][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set [2024-11-12T11:17:52,319][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed. [2024-11-12T11:17:52,448][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin) ```

[CarlosALgit]

Wazuh Manager logs :yellow_circle:

Amazon Linux 2023 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-25-55 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:29:39 UTC; 1h 22min ago Tasks: 151 (limit: 9373) Memory: 3.0G CPU: 19min 45.993s CGroup: /system.slice/wazuh-manager.service ├─8857 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8858 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8861 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8864 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8907 /var/ossec/bin/wazuh-authd ├─8924 /var/ossec/bin/wazuh-db ├─8951 /var/ossec/bin/wazuh-execd ├─8966 /var/ossec/bin/wazuh-analysisd ├─8979 /var/ossec/bin/wazuh-syscheckd ├─9027 /var/ossec/bin/wazuh-remoted ├─9063 /var/ossec/bin/wazuh-logcollector ├─9083 /var/ossec/bin/wazuh-monitord └─9103 /var/ossec/bin/wazuh-modulesd Nov 12 11:29:31 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-analysisd... Nov 12 11:29:32 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-syscheckd... Nov 12 11:29:33 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-remoted... Nov 12 11:29:34 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-logcollector... Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-monitord... Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[9100]: 2024/11/12 11:29:35 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[9100]: 2024/11/12 11:29:35 wazuh-modulesd:content_manager: INFO: Loaded conte> Nov 12 11:29:36 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-modulesd... Nov 12 11:29:39 ip-172-31-25-55.ec2.internal env[8795]: Completed. Nov 12 11:29:39 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ```

Service status

```shellsession [root@ip-172-31-25-55 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Nov 12 11:25:10 ip-172-31-25-55.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3045. Nov 12 11:25:13 ip-172-31-25-55.ec2.internal env[5738]: 2024/11/12 11:25:13 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:25:13 ip-172-31-25-55.ec2.internal env[5738]: 2024/11/12 11:25:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:25:14 ip-172-31-25-55.ec2.internal env[5705]: Starting Wazuh v4.10.0... Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-apid... Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-csyslogd... Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-dbd... Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5787]: 2024/11/12 11:25:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-integratord... Nov 12 11:25:17 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-agentlessd... Nov 12 11:25:19 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-authd... Nov 12 11:25:20 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-db... Nov 12 11:25:21 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-execd... Nov 12 11:25:22 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-analysisd... Nov 12 11:25:23 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-syscheckd... Nov 12 11:25:24 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-remoted... Nov 12 11:25:25 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-logcollector... Nov 12 11:25:26 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-monitord... Nov 12 11:25:26 ip-172-31-25-55.ec2.internal env[6011]: 2024/11/12 11:25:26 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:25:26 ip-172-31-25-55.ec2.internal env[6011]: 2024/11/12 11:25:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:25:27 ip-172-31-25-55.ec2.internal env[5705]: Started wazuh-modulesd... Nov 12 11:25:29 ip-172-31-25-55.ec2.internal env[5705]: Completed. Nov 12 11:25:30 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3045. Nov 12 11:29:14 ip-172-31-25-55.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3574. Nov 12 11:29:14 ip-172-31-25-55.ec2.internal env[8632]: wazuh-clusterd not running... Nov 12 11:29:14 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-modulesd... Nov 12 11:29:15 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-monitord... Nov 12 11:29:15 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-logcollector... Nov 12 11:29:15 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-remoted... Nov 12 11:29:16 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-syscheckd... Nov 12 11:29:16 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-analysisd... Nov 12 11:29:16 ip-172-31-25-55.ec2.internal env[8632]: wazuh-maild not running... Nov 12 11:29:16 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-execd... Nov 12 11:29:16 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-db... Nov 12 11:29:17 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-authd... Nov 12 11:29:18 ip-172-31-25-55.ec2.internal env[8632]: wazuh-agentlessd not running... Nov 12 11:29:18 ip-172-31-25-55.ec2.internal env[8632]: wazuh-integratord not running... Nov 12 11:29:18 ip-172-31-25-55.ec2.internal env[8632]: wazuh-dbd not running... Nov 12 11:29:18 ip-172-31-25-55.ec2.internal env[8632]: wazuh-csyslogd not running... Nov 12 11:29:18 ip-172-31-25-55.ec2.internal env[8632]: Killing wazuh-apid... Nov 12 11:29:19 ip-172-31-25-55.ec2.internal env[8632]: Wazuh v4.10.0 Stopped Nov 12 11:29:19 ip-172-31-25-55.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Nov 12 11:29:19 ip-172-31-25-55.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 3574 and the job result is done. Nov 12 11:29:19 ip-172-31-25-55.ec2.internal systemd[1]: wazuh-manager.service: Consumed 2min 30.034s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Nov 12 11:29:19 ip-172-31-25-55.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3574. Nov 12 11:29:21 ip-172-31-25-55.ec2.internal env[8828]: 2024/11/12 11:29:21 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:29:21 ip-172-31-25-55.ec2.internal env[8828]: 2024/11/12 11:29:21 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:29:23 ip-172-31-25-55.ec2.internal env[8795]: Starting Wazuh v4.10.0... Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-apid... Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-csyslogd... Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-dbd... Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8886]: 2024/11/12 11:29:26 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-integratord... Nov 12 11:29:26 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-agentlessd... Nov 12 11:29:27 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-authd... Nov 12 11:29:28 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-db... Nov 12 11:29:30 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-execd... Nov 12 11:29:31 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-analysisd... Nov 12 11:29:32 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-syscheckd... Nov 12 11:29:33 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-remoted... Nov 12 11:29:34 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-logcollector... Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-monitord... Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[9100]: 2024/11/12 11:29:35 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:29:35 ip-172-31-25-55.ec2.internal env[9100]: 2024/11/12 11:29:35 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:29:36 ip-172-31-25-55.ec2.internal env[8795]: Started wazuh-modulesd... Nov 12 11:29:39 ip-172-31-25-55.ec2.internal env[8795]: Completed. Nov 12 11:29:39 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3574. ```

Errors

🟡 IndexerConnector initialization failed for index Related: https://github.com/wazuh/wazuh/issues/25446 ```shellsession [root@ip-172-31-25-55 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/11/12 11:25:27 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-25-55.ec2.internal', retrying until the connection is successful. 2024/11/12 11:29:36 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-25-55.ec2.internal', retrying until the connection is successful. ```

Ubuntu 22 :yellow_circle:

Agent status

```shellsession root@ip-172-31-16-41:/home/ubuntu# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-11-12 11:31:37 UTC; 1h 22min ago Tasks: 151 (limit: 9425) Memory: 3.0G CPU: 21min 22.918s CGroup: /system.slice/wazuh-manager.service ├─57946 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─57947 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─57950 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─57953 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─57995 /var/ossec/bin/wazuh-authd ├─58011 /var/ossec/bin/wazuh-db ├─58036 /var/ossec/bin/wazuh-execd ├─58050 /var/ossec/bin/wazuh-analysisd ├─58063 /var/ossec/bin/wazuh-syscheckd ├─58110 /var/ossec/bin/wazuh-remoted ├─58144 /var/ossec/bin/wazuh-logcollector ├─58162 /var/ossec/bin/wazuh-monitord └─58185 /var/ossec/bin/wazuh-modulesd Nov 12 11:31:30 ip-172-31-16-41 env[57882]: Started wazuh-analysisd... Nov 12 11:31:31 ip-172-31-16-41 env[57882]: Started wazuh-syscheckd... Nov 12 11:31:32 ip-172-31-16-41 env[57882]: Started wazuh-remoted... Nov 12 11:31:33 ip-172-31-16-41 env[57882]: Started wazuh-logcollector... Nov 12 11:31:34 ip-172-31-16-41 env[57882]: Started wazuh-monitord... Nov 12 11:31:34 ip-172-31-16-41 env[58182]: 2024/11/12 11:31:34 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:31:34 ip-172-31-16-41 env[58182]: 2024/11/12 11:31:34 wazuh-modulesd:content_manager: INFO: Loaded content_manager m> Nov 12 11:31:35 ip-172-31-16-41 env[57882]: Started wazuh-modulesd... Nov 12 11:31:37 ip-172-31-16-41 env[57882]: Completed. Nov 12 11:31:37 ip-172-31-16-41 systemd[1]: Started Wazuh manager. ```

Service status

```shellsession root@ip-172-31-16-41:/home/ubuntu# journalctl -xe -u wazuh-manager.service --no-pager Nov 12 11:26:58 ip-172-31-16-41 systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3022. Nov 12 11:27:04 ip-172-31-16-41 env[54634]: 2024/11/12 11:27:04 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:27:04 ip-172-31-16-41 env[54634]: 2024/11/12 11:27:04 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:27:06 ip-172-31-16-41 env[54601]: Starting Wazuh v4.10.0... Nov 12 11:27:11 ip-172-31-16-41 env[54601]: Started wazuh-apid... Nov 12 11:27:11 ip-172-31-16-41 env[54601]: Started wazuh-csyslogd... Nov 12 11:27:11 ip-172-31-16-41 env[54601]: Started wazuh-dbd... Nov 12 11:27:11 ip-172-31-16-41 env[54683]: 2024/11/12 11:27:11 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:27:11 ip-172-31-16-41 env[54601]: Started wazuh-integratord... Nov 12 11:27:11 ip-172-31-16-41 env[54601]: Started wazuh-agentlessd... Nov 12 11:27:12 ip-172-31-16-41 env[54601]: Started wazuh-authd... Nov 12 11:27:13 ip-172-31-16-41 env[54601]: Started wazuh-db... Nov 12 11:27:14 ip-172-31-16-41 env[54601]: Started wazuh-execd... Nov 12 11:27:15 ip-172-31-16-41 env[54601]: Started wazuh-analysisd... Nov 12 11:27:16 ip-172-31-16-41 env[54601]: Started wazuh-syscheckd... Nov 12 11:27:17 ip-172-31-16-41 env[54601]: Started wazuh-remoted... Nov 12 11:27:18 ip-172-31-16-41 env[54601]: Started wazuh-logcollector... Nov 12 11:27:20 ip-172-31-16-41 env[54601]: Started wazuh-monitord... Nov 12 11:27:20 ip-172-31-16-41 env[54901]: 2024/11/12 11:27:20 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:27:20 ip-172-31-16-41 env[54901]: 2024/11/12 11:27:20 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:27:21 ip-172-31-16-41 env[54601]: Started wazuh-modulesd... Nov 12 11:27:23 ip-172-31-16-41 env[54601]: Completed. Nov 12 11:27:23 ip-172-31-16-41 systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3022. Nov 12 11:31:12 ip-172-31-16-41 systemd[1]: Stopping Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4158. Nov 12 11:31:12 ip-172-31-16-41 env[57718]: wazuh-clusterd not running... Nov 12 11:31:12 ip-172-31-16-41 env[57718]: Killing wazuh-modulesd... Nov 12 11:31:12 ip-172-31-16-41 env[57718]: Killing wazuh-monitord... Nov 12 11:31:13 ip-172-31-16-41 env[57718]: Killing wazuh-logcollector... Nov 12 11:31:13 ip-172-31-16-41 env[57718]: Killing wazuh-remoted... Nov 12 11:31:13 ip-172-31-16-41 env[57718]: Killing wazuh-syscheckd... Nov 12 11:31:14 ip-172-31-16-41 env[57718]: Killing wazuh-analysisd... Nov 12 11:31:14 ip-172-31-16-41 env[57718]: wazuh-maild not running... Nov 12 11:31:14 ip-172-31-16-41 env[57718]: Killing wazuh-execd... Nov 12 11:31:14 ip-172-31-16-41 env[57718]: Killing wazuh-db... Nov 12 11:31:15 ip-172-31-16-41 env[57718]: Killing wazuh-authd... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: wazuh-agentlessd not running... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: wazuh-integratord not running... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: wazuh-dbd not running... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: wazuh-csyslogd not running... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: Killing wazuh-apid... Nov 12 11:31:16 ip-172-31-16-41 env[57718]: Wazuh v4.10.0 Stopped Nov 12 11:31:16 ip-172-31-16-41 systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Nov 12 11:31:16 ip-172-31-16-41 systemd[1]: Stopped Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 4158 and the job result is done. Nov 12 11:31:16 ip-172-31-16-41 systemd[1]: wazuh-manager.service: Consumed 2min 28.282s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Nov 12 11:31:16 ip-172-31-16-41 systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 4158. Nov 12 11:31:20 ip-172-31-16-41 env[57917]: 2024/11/12 11:31:20 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:31:20 ip-172-31-16-41 env[57917]: 2024/11/12 11:31:20 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:31:21 ip-172-31-16-41 env[57882]: Starting Wazuh v4.10.0... Nov 12 11:31:25 ip-172-31-16-41 env[57882]: Started wazuh-apid... Nov 12 11:31:25 ip-172-31-16-41 env[57882]: Started wazuh-csyslogd... Nov 12 11:31:25 ip-172-31-16-41 env[57882]: Started wazuh-dbd... Nov 12 11:31:26 ip-172-31-16-41 env[57974]: 2024/11/12 11:31:26 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:31:26 ip-172-31-16-41 env[57882]: Started wazuh-integratord... Nov 12 11:31:26 ip-172-31-16-41 env[57882]: Started wazuh-agentlessd... Nov 12 11:31:27 ip-172-31-16-41 env[57882]: Started wazuh-authd... Nov 12 11:31:28 ip-172-31-16-41 env[57882]: Started wazuh-db... Nov 12 11:31:29 ip-172-31-16-41 env[57882]: Started wazuh-execd... Nov 12 11:31:30 ip-172-31-16-41 env[57882]: Started wazuh-analysisd... Nov 12 11:31:31 ip-172-31-16-41 env[57882]: Started wazuh-syscheckd... Nov 12 11:31:32 ip-172-31-16-41 env[57882]: Started wazuh-remoted... Nov 12 11:31:33 ip-172-31-16-41 env[57882]: Started wazuh-logcollector... Nov 12 11:31:34 ip-172-31-16-41 env[57882]: Started wazuh-monitord... Nov 12 11:31:34 ip-172-31-16-41 env[58182]: 2024/11/12 11:31:34 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:31:34 ip-172-31-16-41 env[58182]: 2024/11/12 11:31:34 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:31:35 ip-172-31-16-41 env[57882]: Started wazuh-modulesd... Nov 12 11:31:37 ip-172-31-16-41 env[57882]: Completed. Nov 12 11:31:37 ip-172-31-16-41 systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 4158. ```

Errors

🟡 IndexerConnector initialization failed for index Related: https://github.com/wazuh/wazuh/issues/25446 ```shellsession root@ip-172-31-16-41:/home/ubuntu# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/11/12 11:27:20 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-16-41', retrying until the connection is successful. 2024/11/12 11:31:35 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-16-41', retrying until the connection is successful. ```

RHEL 9 :yellow_circle:

Agent status

```shellsession [root@ip-172-31-23-193 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:29:52 UTC; 1h 25min ago Tasks: 151 (limit: 48194) Memory: 3.6G CPU: 18min 32.081s CGroup: /system.slice/wazuh-manager.service ├─19452 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19453 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19456 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19459 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─19503 /var/ossec/bin/wazuh-authd ├─19520 /var/ossec/bin/wazuh-db ├─19546 /var/ossec/bin/wazuh-execd ├─19561 /var/ossec/bin/wazuh-analysisd ├─19573 /var/ossec/bin/wazuh-syscheckd ├─19621 /var/ossec/bin/wazuh-remoted ├─19657 /var/ossec/bin/wazuh-logcollector ├─19677 /var/ossec/bin/wazuh-monitord └─19698 /var/ossec/bin/wazuh-modulesd Nov 12 11:29:44 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-analysisd... Nov 12 11:29:45 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-syscheckd... Nov 12 11:29:46 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-remoted... Nov 12 11:29:48 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-logcollector... Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-monitord... Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19695]: 2024/11/12 11:29:49 wazuh-modulesd:router: INFO: Loaded router modul> Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19695]: 2024/11/12 11:29:49 wazuh-modulesd:content_manager: INFO: Loaded con> Nov 12 11:29:50 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-modulesd... Nov 12 11:29:52 ip-172-31-23-193.ec2.internal env[19390]: Completed. Nov 12 11:29:52 ip-172-31-23-193.ec2.internal systemd[1]: Started Wazuh manager. ```

Service status

```shellsession [root@ip-172-31-23-193 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Nov 12 11:25:25 ip-172-31-23-193.ec2.internal systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3141. Nov 12 11:25:27 ip-172-31-23-193.ec2.internal env[16497]: 2024/11/12 11:25:27 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:25:27 ip-172-31-23-193.ec2.internal env[16497]: 2024/11/12 11:25:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:25:28 ip-172-31-23-193.ec2.internal env[16464]: Starting Wazuh v4.10.0... Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-apid... Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-csyslogd... Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-dbd... Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16546]: 2024/11/12 11:25:31 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-integratord... Nov 12 11:25:31 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-agentlessd... Nov 12 11:25:32 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-authd... Nov 12 11:25:33 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-db... Nov 12 11:25:34 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-execd... Nov 12 11:25:35 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-analysisd... Nov 12 11:25:37 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-syscheckd... Nov 12 11:25:38 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-remoted... Nov 12 11:25:39 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-logcollector... Nov 12 11:25:40 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-monitord... Nov 12 11:25:40 ip-172-31-23-193.ec2.internal env[16769]: 2024/11/12 11:25:40 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:25:40 ip-172-31-23-193.ec2.internal env[16769]: 2024/11/12 11:25:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:25:41 ip-172-31-23-193.ec2.internal env[16464]: Started wazuh-modulesd... Nov 12 11:25:43 ip-172-31-23-193.ec2.internal env[16464]: Completed. Nov 12 11:25:43 ip-172-31-23-193.ec2.internal systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3141. Nov 12 11:29:30 ip-172-31-23-193.ec2.internal systemd[1]: Stopping Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3584. Nov 12 11:29:30 ip-172-31-23-193.ec2.internal env[19245]: wazuh-clusterd not running... Nov 12 11:29:30 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-modulesd... Nov 12 11:29:30 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-monitord... Nov 12 11:29:30 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-logcollector... Nov 12 11:29:30 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-remoted... Nov 12 11:29:31 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-syscheckd... Nov 12 11:29:31 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-analysisd... Nov 12 11:29:31 ip-172-31-23-193.ec2.internal env[19245]: wazuh-maild not running... Nov 12 11:29:31 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-execd... Nov 12 11:29:31 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-db... Nov 12 11:29:32 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-authd... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: wazuh-agentlessd not running... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: wazuh-integratord not running... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: wazuh-dbd not running... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: wazuh-csyslogd not running... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: Killing wazuh-apid... Nov 12 11:29:33 ip-172-31-23-193.ec2.internal env[19245]: Wazuh v4.10.0 Stopped Nov 12 11:29:33 ip-172-31-23-193.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Nov 12 11:29:33 ip-172-31-23-193.ec2.internal systemd[1]: Stopped Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 3584 and the job result is done. Nov 12 11:29:33 ip-172-31-23-193.ec2.internal systemd[1]: wazuh-manager.service: Consumed 2min 24.235s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Nov 12 11:29:33 ip-172-31-23-193.ec2.internal systemd[1]: Starting Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3584. Nov 12 11:29:36 ip-172-31-23-193.ec2.internal env[19423]: 2024/11/12 11:29:36 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:29:36 ip-172-31-23-193.ec2.internal env[19423]: 2024/11/12 11:29:36 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:29:37 ip-172-31-23-193.ec2.internal env[19390]: Starting Wazuh v4.10.0... Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-apid... Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-csyslogd... Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-dbd... Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19481]: 2024/11/12 11:29:40 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-integratord... Nov 12 11:29:40 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-agentlessd... Nov 12 11:29:41 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-authd... Nov 12 11:29:42 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-db... Nov 12 11:29:43 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-execd... Nov 12 11:29:44 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-analysisd... Nov 12 11:29:45 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-syscheckd... Nov 12 11:29:46 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-remoted... Nov 12 11:29:48 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-logcollector... Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-monitord... Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19695]: 2024/11/12 11:29:49 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:29:49 ip-172-31-23-193.ec2.internal env[19695]: 2024/11/12 11:29:49 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:29:50 ip-172-31-23-193.ec2.internal env[19390]: Started wazuh-modulesd... Nov 12 11:29:52 ip-172-31-23-193.ec2.internal env[19390]: Completed. Nov 12 11:29:52 ip-172-31-23-193.ec2.internal systemd[1]: Started Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3584. ```

Errors

🟡 IndexerConnector initialization failed for index Related: https://github.com/wazuh/wazuh/issues/25446 ```shellsession [root@ip-172-31-23-193 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/11/12 11:25:40 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-23-193.ec2.internal', retrying until the connection is successful. 2024/11/12 11:29:50 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-23-193.ec2.internal', retrying until the connection is successful. ```

Amazon Linux 2023 - Offline :yellow_circle:

Agent status

```shellsession [root@ip-172-31-33-129 ec2-user]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:21:46 UTC; 1h 35min ago Tasks: 151 (limit: 9374) Memory: 2.7G CPU: 2min 46.778s CGroup: /system.slice/wazuh-manager.service ├─8526 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8527 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8530 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8533 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py ├─8577 /var/ossec/bin/wazuh-authd ├─8594 /var/ossec/bin/wazuh-db ├─8620 /var/ossec/bin/wazuh-execd ├─8635 /var/ossec/bin/wazuh-analysisd ├─8648 /var/ossec/bin/wazuh-syscheckd ├─8696 /var/ossec/bin/wazuh-remoted ├─8731 /var/ossec/bin/wazuh-logcollector ├─8751 /var/ossec/bin/wazuh-monitord └─8772 /var/ossec/bin/wazuh-modulesd Nov 12 11:21:38 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-analysisd... Nov 12 11:21:39 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-syscheckd... Nov 12 11:21:40 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-remoted... Nov 12 11:21:41 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-logcollector... Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-monitord... Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8769]: 2024/11/12 11:21:43 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8769]: 2024/11/12 11:21:43 wazuh-modulesd:content_manager: INFO: Loaded cont> Nov 12 11:21:44 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-modulesd... Nov 12 11:21:46 ip-172-31-33-129.ec2.internal env[8463]: Completed. Nov 12 11:21:46 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ```

Service status

```shellsession [root@ip-172-31-33-129 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager Nov 12 11:20:50 ip-172-31-33-129.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3110. Nov 12 11:20:52 ip-172-31-33-129.ec2.internal env[7215]: 2024/11/12 11:20:52 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:20:52 ip-172-31-33-129.ec2.internal env[7215]: 2024/11/12 11:20:52 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:20:54 ip-172-31-33-129.ec2.internal env[7182]: Starting Wazuh v4.10.0... Nov 12 11:20:56 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-apid... Nov 12 11:20:56 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-csyslogd... Nov 12 11:20:56 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-dbd... Nov 12 11:20:57 ip-172-31-33-129.ec2.internal env[7264]: 2024/11/12 11:20:57 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:20:57 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-integratord... Nov 12 11:20:57 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-agentlessd... Nov 12 11:20:58 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-authd... Nov 12 11:20:59 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-db... Nov 12 11:21:00 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-execd... Nov 12 11:21:01 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-analysisd... Nov 12 11:21:02 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-syscheckd... Nov 12 11:21:03 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-remoted... Nov 12 11:21:04 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-logcollector... Nov 12 11:21:05 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-monitord... Nov 12 11:21:06 ip-172-31-33-129.ec2.internal env[7488]: 2024/11/12 11:21:05 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:21:06 ip-172-31-33-129.ec2.internal env[7488]: 2024/11/12 11:21:05 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:21:07 ip-172-31-33-129.ec2.internal env[7182]: Started wazuh-modulesd... Nov 12 11:21:09 ip-172-31-33-129.ec2.internal env[7182]: Completed. Nov 12 11:21:09 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3110. Nov 12 11:21:23 ip-172-31-33-129.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager... ░░ Subject: A stop job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3266. Nov 12 11:21:23 ip-172-31-33-129.ec2.internal env[8306]: wazuh-clusterd not running... Nov 12 11:21:23 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-modulesd... Nov 12 11:21:24 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-monitord... Nov 12 11:21:24 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-logcollector... Nov 12 11:21:24 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-remoted... Nov 12 11:21:24 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-syscheckd... Nov 12 11:21:25 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-analysisd... Nov 12 11:21:25 ip-172-31-33-129.ec2.internal env[8306]: wazuh-maild not running... Nov 12 11:21:25 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-execd... Nov 12 11:21:25 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-db... Nov 12 11:21:26 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-authd... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: wazuh-agentlessd not running... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: wazuh-integratord not running... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: wazuh-dbd not running... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: wazuh-csyslogd not running... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: Killing wazuh-apid... Nov 12 11:21:27 ip-172-31-33-129.ec2.internal env[8306]: Wazuh v4.10.0 Stopped Nov 12 11:21:27 ip-172-31-33-129.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service has successfully entered the 'dead' state. Nov 12 11:21:27 ip-172-31-33-129.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager. ░░ Subject: A stop job for unit wazuh-manager.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-manager.service has finished. ░░ ░░ The job identifier is 3266 and the job result is done. Nov 12 11:21:27 ip-172-31-33-129.ec2.internal systemd[1]: wazuh-manager.service: Consumed 46.428s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-manager.service completed and consumed the indicated resources. Nov 12 11:21:27 ip-172-31-33-129.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager... ░░ Subject: A start job for unit wazuh-manager.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has begun execution. ░░ ░░ The job identifier is 3266. Nov 12 11:21:30 ip-172-31-33-129.ec2.internal env[8497]: 2024/11/12 11:21:30 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:21:30 ip-172-31-33-129.ec2.internal env[8497]: 2024/11/12 11:21:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:21:31 ip-172-31-33-129.ec2.internal env[8463]: Starting Wazuh v4.10.0... Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-apid... Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-csyslogd... Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-dbd... Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8555]: 2024/11/12 11:21:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-integratord... Nov 12 11:21:34 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-agentlessd... Nov 12 11:21:35 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-authd... Nov 12 11:21:36 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-db... Nov 12 11:21:37 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-execd... Nov 12 11:21:38 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-analysisd... Nov 12 11:21:39 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-syscheckd... Nov 12 11:21:40 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-remoted... Nov 12 11:21:41 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-logcollector... Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-monitord... Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8769]: 2024/11/12 11:21:43 wazuh-modulesd:router: INFO: Loaded router module. Nov 12 11:21:43 ip-172-31-33-129.ec2.internal env[8769]: 2024/11/12 11:21:43 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. Nov 12 11:21:44 ip-172-31-33-129.ec2.internal env[8463]: Started wazuh-modulesd... Nov 12 11:21:46 ip-172-31-33-129.ec2.internal env[8463]: Completed. Nov 12 11:21:46 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager. ░░ Subject: A start job for unit wazuh-manager.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-manager.service has finished successfully. ░░ ░░ The job identifier is 3266. ```

Errors

🟡 IndexerConnector initialization failed for index Related: https://github.com/wazuh/wazuh/issues/25446 ⚠️ Expected timeout errors when trying to update the snapshot and feed because this is an instance with no internet connection. ```shellsession [root@ip-172-31-33-129 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn" 2024/11/12 11:21:06 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-33-129.ec2.internal', retrying until the connection is successful. 2024/11/12 11:28:50 wazuh-modulesd:content-updater: WARNING: Offset processing failed. Triggered a snapshot download. 2024/11/12 11:33:16 wazuh-modulesd:content-updater: WARNING: Couldn't run full content download: Error -1 from server: Timeout was reached. 2024/11/12 11:37:43 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Error -1 from server: Timeout was reached. 2024/11/12 12:42:08 wazuh-modulesd:content-updater: WARNING: Offset processing failed. Triggered a snapshot download. 2024/11/12 12:46:34 wazuh-modulesd:content-updater: WARNING: Couldn't run full content download: Error -1 from server: Timeout was reached. 2024/11/12 12:51:01 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Error -1 from server: Timeout was reached. ```

[CarlosALgit]

Wazuh Dashboard logs :green_circle:

Amazon Linux 2023 :green_circle:

Agent status

```shellsession [root@ip-172-31-25-55 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:29:43 UTC; 1h 49min ago Main PID: 9776 (node) Tasks: 11 (limit: 9373) Memory: 181.9M CPU: 25.431s CGroup: /system.slice/wazuh-dashboard.service └─9776 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist Nov 12 11:45:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:45:00Z","t> Nov 12 12:00:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z","t> Nov 12 12:15:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:15:00Z","t> Nov 12 12:30:02 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:30:02Z","t> Nov 12 12:34:14 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"error","@timestamp":"2024-11-12T12:34:14Z",> Nov 12 12:41:38 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"error","@timestamp":"2024-11-12T12:41:38Z",> Nov 12 12:45:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:45:00Z","t> Nov 12 13:00:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T13:00:00Z","t> Nov 12 13:00:41 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"response","@timestamp":"2024-11-12T13:00:41> Nov 12 13:15:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z","t> [root@ip-172-31-25-55 ec2-user]# ```

Service status

```shellsession [root@ip-172-31-25-55 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager Nov 12 11:28:28 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3349. Nov 12 11:28:50 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:50Z","tags":["info","plugins-service"],"pid":7984,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:28:50 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:50Z","tags":["info","plugins-service"],"pid":7984,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:28:50 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:50Z","tags":["info","plugins-service"],"pid":7984,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:28:50 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:50Z","tags":["info","plugins-service"],"pid":7984,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:28:50 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:50Z","tags":["info","plugins-service"],"pid":7984,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:28:51 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:51 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:51Z","tags":["info","plugins-system"],"pid":7984,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,alertingDashboards,indexManagementDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:28:52 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:52 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:52Z","tags":["info","plugins","queryEnhancements"],"pid":7984,"message":"queryEnhancements: Setup complete"} Nov 12 11:28:52 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:52 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:28:53 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:53Z","tags":["info","savedobjects-service"],"pid":7984,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:28:55 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:55Z","tags":["info","savedobjects-service"],"pid":7984,"message":"Starting saved objects migrations"} Nov 12 11:28:55 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:55Z","tags":["info","savedobjects-service"],"pid":7984,"message":"Creating index .kibana_1."} Nov 12 11:28:55 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:55Z","tags":["info","savedobjects-service"],"pid":7984,"message":"Pointing alias .kibana to .kibana_1."} Nov 12 11:28:56 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:56Z","tags":["info","savedobjects-service"],"pid":7984,"message":"Finished in 820ms."} Nov 12 11:28:56 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:56Z","tags":["warning","cross-compatibility-service"],"pid":7984,"message":"Starting cross compatibility service"} Nov 12 11:28:56 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:56Z","tags":["info","plugins-system"],"pid":7984,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,alertingDashboards,indexManagementDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:28:56 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:56Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":7984,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["info","plugins","wazuh","initialize"],"pid":7984,"message":"dashboard index: .kibana"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["info","plugins","wazuh","initialize"],"pid":7984,"message":"App revision: 04"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["info","plugins","wazuh","initialize"],"pid":7984,"message":"Total RAM: 7834MB"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["error","opensearch","data"],"pid":7984,"message":"[ResponseError]: Response Error"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":7984,"message":"Updated the wazuh-statistics template"} Nov 12 11:28:58 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:58Z","tags":["error","opensearch","data"],"pid":7984,"message":"[ResponseError]: Response Error"} Nov 12 11:28:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:28:59Z","tags":["listening","info"],"pid":7984,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:29:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:29:00Z","tags":["info","http","server","OpenSearchDashboards"],"pid":7984,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:29:01 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:29:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":7984,"message":"Updated the wazuh-agent template"} Nov 12 11:29:01 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:29:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":7984,"message":"wazuh-monitoring-2024.46w index created"} Nov 12 11:29:01 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:29:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":7984,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:29:43 ip-172-31-25-55.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 3652. Nov 12 11:29:43 ip-172-31-25-55.ec2.internal opensearch-dashboards[7984]: {"type":"log","@timestamp":"2024-11-12T11:29:43Z","tags":["info","plugins-system"],"pid":7984,"message":"Stopping all plugins."} Nov 12 11:29:43 ip-172-31-25-55.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Nov 12 11:29:43 ip-172-31-25-55.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 3652 and the job result is done. Nov 12 11:29:43 ip-172-31-25-55.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 15.023s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Nov 12 11:29:43 ip-172-31-25-55.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3652. Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-service"],"pid":9776,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-service"],"pid":9776,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-service"],"pid":9776,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-service"],"pid":9776,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-service"],"pid":9776,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:59 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:29:59Z","tags":["info","plugins-system"],"pid":9776,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:00Z","tags":["info","plugins","queryEnhancements"],"pid":9776,"message":"queryEnhancements: Setup complete"} Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:01 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:01Z","tags":["info","savedobjects-service"],"pid":9776,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:30:01 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:01Z","tags":["info","savedobjects-service"],"pid":9776,"message":"Starting saved objects migrations"} Nov 12 11:30:02 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["warning","cross-compatibility-service"],"pid":9776,"message":"Starting cross compatibility service"} Nov 12 11:30:02 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["info","plugins-system"],"pid":9776,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:03 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:03Z","tags":["info","plugins","wazuh","initialize"],"pid":9776,"message":"dashboard index: .kibana"} Nov 12 11:30:03 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:03Z","tags":["info","plugins","wazuh","initialize"],"pid":9776,"message":"App revision: 04"} Nov 12 11:30:03 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:03Z","tags":["info","plugins","wazuh","initialize"],"pid":9776,"message":"Total RAM: 7834MB"} Nov 12 11:30:03 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:03Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9776,"message":"Updated the wazuh-statistics template"} Nov 12 11:30:03 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:03Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Updated the wazuh-agent template"} Nov 12 11:30:04 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:04Z","tags":["listening","info"],"pid":9776,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:30:04 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:04Z","tags":["info","http","server","OpenSearchDashboards"],"pid":9776,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:30:04 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:30:04Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:30:17 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:18 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"response","@timestamp":"2024-11-12T11:30:17Z","tags":[],"pid":9776,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":1394,"contentLength":9},"message":"GET /status 200 1394ms - 9.0B"} Nov 12 11:35:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:35:00Z","tags":["error","opensearch","data"],"pid":9776,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.46w/nqKTDUseTeKDefDTxVHlDQ] already exists"} Nov 12 11:35:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:35:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9776,"message":"wazuh-statistics-2024.46w index created"} Nov 12 11:42:40 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"error","@timestamp":"2024-11-12T11:42:40Z","tags":["connection","client","error"],"pid":9776,"level":"error","error":{"message":"00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n","name":"Error","stack":"Error: 00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n","code":"ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE"},"message":"00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n"} Nov 12 11:45:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:00:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:15:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:30:02 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:30:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:34:14 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"error","@timestamp":"2024-11-12T12:34:14Z","tags":["connection","client","error"],"pid":9776,"level":"error","error":{"message":"00E86272F87F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","name":"Error","stack":"Error: 00E86272F87F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","code":"ERR_SSL_NO_SUITABLE_SIGNATURE_ALGORITHM"},"message":"00E86272F87F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n"} Nov 12 12:41:38 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"error","@timestamp":"2024-11-12T12:41:38Z","tags":["connection","client","error"],"pid":9776,"level":"error","error":{"message":"00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n","name":"Error","stack":"Error: 00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n","code":"ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE"},"message":"00E86272F87F0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 42\n"} Nov 12 12:45:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T12:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:00:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T13:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:00:41 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"response","@timestamp":"2024-11-12T13:00:41Z","tags":[],"pid":9776,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.237.169.47","user-agent":"Mozilla/5.0 (X11; Linux i686; rv:6.0a2) Gecko/20110615 Firefox/6.0a2 Iceweasel/6.0a2","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"3.89.245.170","userAgent":"Mozilla/5.0 (X11; Linux i686; rv:6.0a2) Gecko/20110615 Firefox/6.0a2 Iceweasel/6.0a2"},"res":{"statusCode":302,"responseTime":15,"contentLength":9},"message":"GET / 302 15ms - 9.0B"} Nov 12 13:15:00 ip-172-31-25-55.ec2.internal opensearch-dashboards[9776]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9776,"message":"Settings added to wazuh-monitoring-2024.46w index"} ```

Ubuntu 22 :green_circle:

Agent status

```shellsession root@ip-172-31-16-41:/home/ubuntu# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-11-12 11:31:42 UTC; 1h 48min ago Main PID: 58924 (node) Tasks: 11 (limit: 9425) Memory: 198.6M CPU: 28.521s CGroup: /system.slice/wazuh-dashboard.service └─58924 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[]> Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[]> Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[]> Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[]> Nov 12 12:52:34 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:52:34Z","tags":["con> Nov 12 12:54:14 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:54:14Z","tags":["con> Nov 12 12:55:53 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:55:53Z","tags":["con> Nov 12 12:56:26 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:56:26Z","tags":["con> Nov 12 13:00:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T13:00:00Z","tags":["info"> Nov 12 13:15:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z","tags":["info"> root@ip-172-31-16-41:/home/ubuntu# ```

Service status

```shellsession root@ip-172-31-16-41:/home/ubuntu# journalctl -xe -u wazuh-dashboard.service --no-pager Nov 12 11:30:26 ip-172-31-16-41 systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3810. Nov 12 11:30:47 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:47Z","tags":["info","plugins-service"],"pid":57117,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:30:47 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:47Z","tags":["info","plugins-service"],"pid":57117,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:30:47 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:47Z","tags":["info","plugins-service"],"pid":57117,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:30:47 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:47Z","tags":["info","plugins-service"],"pid":57117,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:30:47 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:47Z","tags":["info","plugins-service"],"pid":57117,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:30:48 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:48 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:48Z","tags":["info","plugins-system"],"pid":57117,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,alertingDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:49Z","tags":["info","plugins","queryEnhancements"],"pid":57117,"message":"queryEnhancements: Setup complete"} Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:49 ip-172-31-16-41 opensearch-dashboards[57117]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:50 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:50Z","tags":["info","savedobjects-service"],"pid":57117,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:30:51 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:51Z","tags":["info","savedobjects-service"],"pid":57117,"message":"Starting saved objects migrations"} Nov 12 11:30:52 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:52Z","tags":["info","savedobjects-service"],"pid":57117,"message":"Creating index .kibana_1."} Nov 12 11:30:52 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:52Z","tags":["info","savedobjects-service"],"pid":57117,"message":"Pointing alias .kibana to .kibana_1."} Nov 12 11:30:53 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:53Z","tags":["info","savedobjects-service"],"pid":57117,"message":"Finished in 1078ms."} Nov 12 11:30:53 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:53Z","tags":["warning","cross-compatibility-service"],"pid":57117,"message":"Starting cross compatibility service"} Nov 12 11:30:53 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:53Z","tags":["info","plugins-system"],"pid":57117,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,alertingDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:53 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:53Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":57117,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Nov 12 11:30:55 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:55Z","tags":["info","plugins","wazuh","initialize"],"pid":57117,"message":"dashboard index: .kibana"} Nov 12 11:30:55 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:55Z","tags":["info","plugins","wazuh","initialize"],"pid":57117,"message":"App revision: 04"} Nov 12 11:30:55 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:55Z","tags":["info","plugins","wazuh","initialize"],"pid":57117,"message":"Total RAM: 7870MB"} Nov 12 11:30:56 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:56Z","tags":["error","opensearch","data"],"pid":57117,"message":"[ResponseError]: Response Error"} Nov 12 11:30:56 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:56Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":57117,"message":"Updated the wazuh-statistics template"} Nov 12 11:30:56 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:56Z","tags":["error","opensearch","data"],"pid":57117,"message":"[ResponseError]: Response Error"} Nov 12 11:30:57 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:57Z","tags":["listening","info"],"pid":57117,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:30:58 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:58Z","tags":["info","http","server","OpenSearchDashboards"],"pid":57117,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:30:58 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:58Z","tags":["info","plugins","wazuh","monitoring"],"pid":57117,"message":"Updated the wazuh-agent template"} Nov 12 11:30:59 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:59Z","tags":["info","plugins","wazuh","monitoring"],"pid":57117,"message":"wazuh-monitoring-2024.46w index created"} Nov 12 11:30:59 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:30:59Z","tags":["info","plugins","wazuh","monitoring"],"pid":57117,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:31:42 ip-172-31-16-41 systemd[1]: Stopping wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 4332. Nov 12 11:31:42 ip-172-31-16-41 opensearch-dashboards[57117]: {"type":"log","@timestamp":"2024-11-12T11:31:42Z","tags":["info","plugins-system"],"pid":57117,"message":"Stopping all plugins."} Nov 12 11:31:42 ip-172-31-16-41 systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Nov 12 11:31:42 ip-172-31-16-41 systemd[1]: Stopped wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 4332 and the job result is done. Nov 12 11:31:42 ip-172-31-16-41 systemd[1]: wazuh-dashboard.service: Consumed 15.520s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Nov 12 11:31:42 ip-172-31-16-41 systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 4332. Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-service"],"pid":58924,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-service"],"pid":58924,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-service"],"pid":58924,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-service"],"pid":58924,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-service"],"pid":58924,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins-system"],"pid":58924,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:58Z","tags":["info","plugins","queryEnhancements"],"pid":58924,"message":"queryEnhancements: Setup complete"} Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:58 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:31:59 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:31:59Z","tags":["info","savedobjects-service"],"pid":58924,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:32:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:00Z","tags":["info","savedobjects-service"],"pid":58924,"message":"Starting saved objects migrations"} Nov 12 11:32:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:00Z","tags":["warning","cross-compatibility-service"],"pid":58924,"message":"Starting cross compatibility service"} Nov 12 11:32:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:00Z","tags":["info","plugins-system"],"pid":58924,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["info","plugins","wazuh","initialize"],"pid":58924,"message":"dashboard index: .kibana"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["info","plugins","wazuh","initialize"],"pid":58924,"message":"App revision: 04"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["info","plugins","wazuh","initialize"],"pid":58924,"message":"Total RAM: 7870MB"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Updated the wazuh-agent template"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58924,"message":"Updated the wazuh-statistics template"} Nov 12 11:32:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:02Z","tags":["listening","info"],"pid":58924,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:32:03 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:03Z","tags":["info","http","server","OpenSearchDashboards"],"pid":58924,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:32:03 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:32:03Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:32:15 ip-172-31-16-41 opensearch-dashboards[58924]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:32:16 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T11:32:15Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.81.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.81.0"},"res":{"statusCode":200,"responseTime":1003,"contentLength":9},"message":"GET /status 200 1003ms - 9.0B"} Nov 12 11:35:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:35:00Z","tags":["error","opensearch","data"],"pid":58924,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.46w/3Kp_1jujR0GUocvWx0Aa0g] already exists"} Nov 12 11:35:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:35:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58924,"message":"wazuh-statistics-2024.46w index created"} Nov 12 11:45:01 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T11:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:54:41 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T11:54:41Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com","accept-encoding":"gzip"},"remoteAddress":"162.216.149.76","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":302,"responseTime":8,"contentLength":9},"message":"GET / 302 8ms - 9.0B"} Nov 12 11:54:41 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T11:54:41Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.208.250.103:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com","accept-encoding":"gzip"},"remoteAddress":"162.216.149.76","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":200,"responseTime":45,"contentLength":9},"message":"GET /app/login 200 45ms - 9.0B"} Nov 12 12:00:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:02:27 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:27Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":8,"contentLength":9},"message":"GET / 302 8ms - 9.0B"} Nov 12 12:02:28 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:28Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:02:28 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:28Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:02:28 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:28Z","tags":["warning","process"],"pid":58924,"level":"error","error":{"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.","name":"Warning","stack":"Warning: An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.\n at warnUnclosedSocket (node:_http_server:855:11)\n at TLSSocket.socketOnError (node:_http_server:869:5)\n at onParserExecuteCommon (node:_http_server:904:19)\n at onParserExecute (node:_http_server:825:3)"},"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event."} Nov 12 12:02:31 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:31Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:02:35 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:35Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:02:37 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:37Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:02:42 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:41Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":24,"contentLength":9},"message":"GET /app/login 200 24ms - 9.0B"} Nov 12 12:02:42 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:42Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 17ms - 9.0B"} Nov 12 12:02:45 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:45Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 9ms - 9.0B"} Nov 12 12:02:46 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:46Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 8ms - 9.0B"} Nov 12 12:02:47 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:47Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 6ms - 9.0B"} Nov 12 12:02:48 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:48Z","tags":[],"pid":58924,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"call2-rtppub-128-99-b.essva2.prod.vonagenetworks.net","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /favicon.ico 401 4ms - 9.0B"} Nov 12 12:02:48 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:48Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:02:48 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:02:48Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:02:48 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:02:48Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103:443","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip"},"remoteAddress":"206.168.34.53","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Nov 12 12:15:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:30:02 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T12:30:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:45:01 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T12:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:50:19 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:19Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103:443"},"remoteAddress":"167.94.138.48"},"res":{"statusCode":302,"responseTime":4,"contentLength":9},"message":"GET / 302 4ms - 9.0B"} Nov 12 12:50:30 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:30Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"} Nov 12 12:50:31 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:31Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:50:31 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:31Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:50:37 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:37Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:50:39 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:39Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:50:42 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:42Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"00E826BA1B7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:50:47 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:47Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":27,"contentLength":9},"message":"GET /app/login 200 27ms - 9.0B"} Nov 12 12:50:50 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:50Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 7ms - 9.0B"} Nov 12 12:50:51 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:51Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 4ms - 9.0B"} Nov 12 12:50:56 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:56Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 5ms - 9.0B"} Nov 12 12:50:57 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:57Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 7ms - 9.0B"} Nov 12 12:50:58 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:50:58Z","tags":[],"pid":58924,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /favicon.ico 401 3ms - 9.0B"} Nov 12 12:50:59 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:59Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:50:59 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:50:59Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"} Nov 12 12:51:01 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:01Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103:443","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip"},"remoteAddress":"167.94.138.48","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":6,"contentLength":9},"message":"GET / 302 6ms - 9.0B"} Nov 12 12:51:28 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:28Z","tags":[],"pid":58924,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.41","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Nov 12 12:51:28 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:28Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","accept":"*/*","referer":"https://18.208.250.103","accept-encoding":"gzip","connection":"close"},"remoteAddress":"87.236.176.41","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","referer":"https://18.208.250.103"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"GET /app/login 200 22ms - 9.0B"} Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.35","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 8ms - 9.0B"} Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.36","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 8ms - 9.0B"} Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.87","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 9ms - 9.0B"} Nov 12 12:51:29 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"response","@timestamp":"2024-11-12T12:51:29Z","tags":[],"pid":58924,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"18.208.250.103","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.128","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 5ms - 9.0B"} Nov 12 12:52:34 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:52:34Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Nov 12 12:54:14 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:54:14Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00E826BA1B7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:55:53 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:55:53Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00E826BA1B7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Nov 12 12:56:26 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"error","@timestamp":"2024-11-12T12:56:26Z","tags":["connection","client","error"],"pid":58924,"level":"error","error":{"message":"00E826BA1B7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 00E826BA1B7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"00E826BA1B7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} Nov 12 13:00:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T13:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:15:00 ip-172-31-16-41 opensearch-dashboards[58924]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58924,"message":"Settings added to wazuh-monitoring-2024.46w index"} ```

RHEL 9 :green_circle:

Agent status

```shellsession [root@ip-172-31-23-193 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:29:56 UTC; 1h 51min ago Main PID: 20513 (node) Tasks: 11 (limit: 48194) Memory: 204.3M CPU: 24.794s CGroup: /system.slice/wazuh-dashboard.service └─20513 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist Nov 12 11:57:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:> Nov 12 12:00:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z",> Nov 12 12:15:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:15:00Z",> Nov 12 12:30:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:30:00Z",> Nov 12 12:45:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:45:01Z",> Nov 12 13:00:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T13:00:01Z",> Nov 12 13:15:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z",> Nov 12 13:15:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:15:> Nov 12 13:17:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:17:> Nov 12 13:17:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:17:> [root@ip-172-31-23-193 ec2-user]# ```

Service status

```shellsession [root@ip-172-31-23-193 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager Nov 12 11:28:48 ip-172-31-23-193.ec2.internal systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3408. Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:10Z","tags":["info","plugins-service"],"pid":18653,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:10Z","tags":["info","plugins-service"],"pid":18653,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:10Z","tags":["info","plugins-service"],"pid":18653,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:10Z","tags":["info","plugins-service"],"pid":18653,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:10Z","tags":["info","plugins-service"],"pid":18653,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:29:10 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:11 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:11Z","tags":["info","plugins-system"],"pid":18653,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:29:11 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:11 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:11Z","tags":["info","plugins","queryEnhancements"],"pid":18653,"message":"queryEnhancements: Setup complete"} Nov 12 11:29:11 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:11 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:29:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:13Z","tags":["info","savedobjects-service"],"pid":18653,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:29:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:14Z","tags":["info","savedobjects-service"],"pid":18653,"message":"Starting saved objects migrations"} Nov 12 11:29:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:14Z","tags":["info","savedobjects-service"],"pid":18653,"message":"Creating index .kibana_1."} Nov 12 11:29:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:15Z","tags":["info","savedobjects-service"],"pid":18653,"message":"Pointing alias .kibana to .kibana_1."} Nov 12 11:29:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:15Z","tags":["info","savedobjects-service"],"pid":18653,"message":"Finished in 766ms."} Nov 12 11:29:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:15Z","tags":["warning","cross-compatibility-service"],"pid":18653,"message":"Starting cross compatibility service"} Nov 12 11:29:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:15Z","tags":["info","plugins-system"],"pid":18653,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:29:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:16Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":18653,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Nov 12 11:29:18 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:18Z","tags":["info","plugins","wazuh","initialize"],"pid":18653,"message":"dashboard index: .kibana"} Nov 12 11:29:18 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:18Z","tags":["info","plugins","wazuh","initialize"],"pid":18653,"message":"App revision: 04"} Nov 12 11:29:18 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:18Z","tags":["info","plugins","wazuh","initialize"],"pid":18653,"message":"Total RAM: 7609MB"} Nov 12 11:29:18 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:18Z","tags":["error","opensearch","data"],"pid":18653,"message":"[ResponseError]: Response Error"} Nov 12 11:29:18 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:18Z","tags":["error","opensearch","data"],"pid":18653,"message":"[ResponseError]: Response Error"} Nov 12 11:29:19 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:19Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":18653,"message":"Updated the wazuh-statistics template"} Nov 12 11:29:19 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:19Z","tags":["info","plugins","wazuh","monitoring"],"pid":18653,"message":"Updated the wazuh-agent template"} Nov 12 11:29:19 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:19Z","tags":["listening","info"],"pid":18653,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:29:20 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:20Z","tags":["info","http","server","OpenSearchDashboards"],"pid":18653,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:29:21 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:21Z","tags":["info","plugins","wazuh","monitoring"],"pid":18653,"message":"wazuh-monitoring-2024.46w index created"} Nov 12 11:29:21 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:21Z","tags":["info","plugins","wazuh","monitoring"],"pid":18653,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:29:56 ip-172-31-23-193.ec2.internal systemd[1]: Stopping wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 3675. Nov 12 11:29:56 ip-172-31-23-193.ec2.internal opensearch-dashboards[18653]: {"type":"log","@timestamp":"2024-11-12T11:29:56Z","tags":["info","plugins-system"],"pid":18653,"message":"Stopping all plugins."} Nov 12 11:29:56 ip-172-31-23-193.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Nov 12 11:29:56 ip-172-31-23-193.ec2.internal systemd[1]: Stopped wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 3675 and the job result is done. Nov 12 11:29:56 ip-172-31-23-193.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 14.348s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Nov 12 11:29:56 ip-172-31-23-193.ec2.internal systemd[1]: Started wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3675. Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-service"],"pid":20513,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-service"],"pid":20513,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-service"],"pid":20513,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-service"],"pid":20513,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-service"],"pid":20513,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins-system"],"pid":20513,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:12Z","tags":["info","plugins","queryEnhancements"],"pid":20513,"message":"queryEnhancements: Setup complete"} Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:12 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:13 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:13Z","tags":["info","savedobjects-service"],"pid":20513,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:30:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:14Z","tags":["info","savedobjects-service"],"pid":20513,"message":"Starting saved objects migrations"} Nov 12 11:30:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:14Z","tags":["warning","cross-compatibility-service"],"pid":20513,"message":"Starting cross compatibility service"} Nov 12 11:30:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:14Z","tags":["info","plugins-system"],"pid":20513,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:30:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:15Z","tags":["info","plugins","wazuh","initialize"],"pid":20513,"message":"dashboard index: .kibana"} Nov 12 11:30:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:15Z","tags":["info","plugins","wazuh","initialize"],"pid":20513,"message":"App revision: 04"} Nov 12 11:30:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:15Z","tags":["info","plugins","wazuh","initialize"],"pid":20513,"message":"Total RAM: 7609MB"} Nov 12 11:30:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:15Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20513,"message":"Updated the wazuh-statistics template"} Nov 12 11:30:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:16Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Updated the wazuh-agent template"} Nov 12 11:30:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:16Z","tags":["listening","info"],"pid":20513,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:30:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:16Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20513,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:30:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:30:16Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:30:30 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:30:31 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:30:30Z","tags":[],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.76.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.76.1"},"res":{"statusCode":200,"responseTime":1316,"contentLength":9},"message":"GET /status 200 1316ms - 9.0B"} Nov 12 11:35:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:35:01Z","tags":["error","opensearch","data"],"pid":20513,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.46w/Y7xQ2VEGSRCwVNGObrPUQQ] already exists"} Nov 12 11:35:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:35:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20513,"message":"wazuh-statistics-2024.46w index created"} Nov 12 11:45:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:56:46 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"error","@timestamp":"2024-11-12T11:56:46Z","tags":["connection","client","error"],"pid":20513,"level":"error","error":{"message":"007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 11:56:56 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:56:56Z","tags":[],"pid":20513,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"52.91.131.49","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0"},"res":{"statusCode":302,"responseTime":8,"contentLength":9},"message":"GET / 302 8ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":[],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","referer":"https://52.91.131.49/","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","referer":"https://52.91.131.49/"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /app/login 200 25ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":[],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 10ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":[],"pid":20513,"method":"get","statusCode":401,"req":{"url":"/robots.txt","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /robots.txt 401 3ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":[],"pid":20513,"method":"get","statusCode":401,"req":{"url":"/sitemap.xml","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /sitemap.xml 401 3ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":["api"],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"52.91.131.49","user-agent":"Go-http-client/1.1","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Go-http-client/1.1"},"res":{"statusCode":200,"responseTime":40,"contentLength":9},"message":"GET /bootstrap.js 200 40ms - 9.0B"} Nov 12 11:57:14 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:14Z","tags":[],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/manifest.json","method":"get","headers":{"host":"52.91.131.49","user-agent":"Go-http-client/1.1","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Go-http-client/1.1"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"GET /ui/favicons/manifest.json 200 38ms - 9.0B"} Nov 12 11:57:15 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"error","@timestamp":"2024-11-12T11:57:15Z","tags":["connection","client","error"],"pid":20513,"level":"error","error":{"message":"007848E1287F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 007848E1287F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"007848E1287F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Nov 12 11:57:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"error","@timestamp":"2024-11-12T11:57:16Z","tags":["connection","client","error"],"pid":20513,"level":"error","error":{"message":"007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"007848E1287F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 11:57:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"error","@timestamp":"2024-11-12T11:57:16Z","tags":["connection","client","error"],"pid":20513,"level":"error","error":{"message":"007848E1287F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 007848E1287F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"007848E1287F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Nov 12 11:57:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"error","@timestamp":"2024-11-12T11:57:16Z","tags":["connection","client","error"],"pid":20513,"level":"error","error":{"message":"007848E1287F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 007848E1287F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"007848E1287F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} Nov 12 11:57:16 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T11:57:16Z","tags":[],"pid":20513,"method":"get","statusCode":401,"req":{"url":"/config.json","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6","accept-encoding":"gzip"},"remoteAddress":"152.32.206.181","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /config.json 401 3ms - 9.0B"} Nov 12 12:00:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:15:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:30:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:45:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T12:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:00:01 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T13:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:15:00 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"log","@timestamp":"2024-11-12T13:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20513,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:15:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:15:54Z","tags":[],"pid":20513,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"52.91.131.49","user-agent":"Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.1) Gecko/20090702 Firefox/3.5","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"3.89.245.170","userAgent":"Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.1) Gecko/20090702 Firefox/3.5"},"res":{"statusCode":302,"responseTime":4,"contentLength":9},"message":"GET / 302 4ms - 9.0B"} Nov 12 13:17:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:17:54Z","tags":[],"pid":20513,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"52.91.131.49:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com","accept-encoding":"gzip"},"remoteAddress":"147.185.132.51","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Nov 12 13:17:54 ip-172-31-23-193.ec2.internal opensearch-dashboards[20513]: {"type":"response","@timestamp":"2024-11-12T13:17:54Z","tags":[],"pid":20513,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"52.91.131.49:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com","accept-encoding":"gzip"},"remoteAddress":"147.185.132.51","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":200,"responseTime":24,"contentLength":9},"message":"GET /app/login 200 24ms - 9.0B"} ```

Amazon Linux 2023 - Offline :green_circle:

Agent status

```shellsession [root@ip-172-31-33-129 ec2-user]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled) Active: active (running) since Tue 2024-11-12 11:24:46 UTC; 1h 57min ago Main PID: 11147 (node) Tasks: 11 (limit: 9374) Memory: 199.6M CPU: 23.828s CGroup: /system.slice/wazuh-dashboard.service └─11147 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist Nov 12 12:10:49 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:10:49Z> Nov 12 12:12:29 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:12:29Z> Nov 12 12:14:09 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:14:09Z> Nov 12 12:14:42 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:14:42Z> Nov 12 12:15:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:15:01Z",> Nov 12 12:30:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:30:00Z",> Nov 12 12:45:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:45:00Z",> Nov 12 13:00:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T13:00:01Z",> Nov 12 13:10:51 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T13:10:> Nov 12 13:15:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T13:15:01Z",> [root@ip-172-31-33-129 ec2-user]# ```

Service status

```shellsession [root@ip-172-31-33-129 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager -n 100 Nov 12 11:24:42 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3644. Nov 12 11:24:46 ip-172-31-33-129.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard... ░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has begun execution. ░░ ░░ The job identifier is 3717. Nov 12 11:24:46 ip-172-31-33-129.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state. Nov 12 11:24:46 ip-172-31-33-129.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A stop job for unit wazuh-dashboard.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit wazuh-dashboard.service has finished. ░░ ░░ The job identifier is 3717 and the job result is done. Nov 12 11:24:46 ip-172-31-33-129.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 2.484s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit wazuh-dashboard.service completed and consumed the indicated resources. Nov 12 11:24:46 ip-172-31-33-129.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard. ░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit wazuh-dashboard.service has finished successfully. ░░ ░░ The job identifier is 3717. Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-service"],"pid":11147,"message":"Plugin \"applicationConfig\" is disabled."} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-service"],"pid":11147,"message":"Plugin \"cspHandler\" is disabled."} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-service"],"pid":11147,"message":"Plugin \"dataSource\" is disabled."} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-service"],"pid":11147,"message":"Plugin \"visTypeXy\" is disabled."} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-service"],"pid":11147,"message":"Plugin \"workspace\" is disabled."} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins-system"],"pid":11147,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,alertingDashboards,indexManagementDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:53 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:53Z","tags":["info","plugins","queryEnhancements"],"pid":11147,"message":"queryEnhancements: Setup complete"} Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:24:54 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:54Z","tags":["info","savedobjects-service"],"pid":11147,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","savedobjects-service"],"pid":11147,"message":"Starting saved objects migrations"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","savedobjects-service"],"pid":11147,"message":"Creating index .kibana_1."} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","savedobjects-service"],"pid":11147,"message":"Pointing alias .kibana to .kibana_1."} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","savedobjects-service"],"pid":11147,"message":"Finished in 229ms."} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["warning","cross-compatibility-service"],"pid":11147,"message":"Starting cross compatibility service"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","plugins-system"],"pid":11147,"message":"Starting [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,management,indexPatternManagement,dataSourceManagement,alertingDashboards,indexManagementDashboards,customImportMapDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":11147,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11147,"message":"dashboard index: .kibana"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11147,"message":"App revision: 04"} Nov 12 11:24:55 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11147,"message":"Total RAM: 7834MB"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["error","opensearch","data"],"pid":11147,"message":"[ResponseError]: Response Error"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["error","opensearch","data"],"pid":11147,"message":"[ResponseError]: Response Error"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":11147,"message":"Updated the wazuh-statistics template"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Updated the wazuh-agent template"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["listening","info"],"pid":11147,"message":"Server running at https://0.0.0.0:443"} Nov 12 11:24:56 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:56Z","tags":["info","http","server","OpenSearchDashboards"],"pid":11147,"message":"http server running at https://0.0.0.0:443"} Nov 12 11:24:57 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:24:57Z","tags":["error","plugins","wazuh","monitoring"],"pid":11147,"message":"Request failed with status code 401"} Nov 12 11:25:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:25:01Z","tags":["error","plugins","wazuh","cron-scheduler"],"pid":11147,"message":"AxiosError: Request failed with status code 401"} Nov 12 11:25:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:25:01Z","tags":["error","plugins","wazuh","cron-scheduler"],"pid":11147,"message":"AxiosError: Request failed with status code 401"} Nov 12 11:25:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead Nov 12 11:25:02 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T11:25:01Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"127.0.0.1","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":1067,"contentLength":9},"message":"GET /status 200 1067ms - 9.0B"} Nov 12 11:29:49 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T11:29:49Z","tags":[],"pid":11147,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"45.156.128.45","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"} Nov 12 11:29:49 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T11:29:49Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","referer":"https://54.80.79.168/","accept-encoding":"gzip"},"remoteAddress":"45.156.128.45","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","referer":"https://54.80.79.168/"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /app/login 200 25ms - 9.0B"} Nov 12 11:30:02 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["error","opensearch","data"],"pid":11147,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.46w/L8o2TXsdR9emSO7LIO9gmQ] already exists"} Nov 12 11:30:02 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":11147,"message":"wazuh-statistics-2024.46w index created"} Nov 12 11:30:02 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"wazuh-monitoring-2024.46w index created"} Nov 12 11:30:02 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:30:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 11:45:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:00:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:09:42 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:42Z","tags":[],"pid":11147,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.249","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"} Nov 12 12:09:42 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:42Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","accept":"*/*","referer":"https://54.80.79.168","accept-encoding":"gzip","connection":"close"},"remoteAddress":"87.236.176.249","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","referer":"https://54.80.79.168"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /app/login 200 21ms - 9.0B"} Nov 12 12:09:44 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:44Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.24","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":24,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 24ms - 9.0B"} Nov 12 12:09:44 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:44Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.244","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 18ms - 9.0B"} Nov 12 12:09:44 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:44Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.6","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":32,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 32ms - 9.0B"} Nov 12 12:09:44 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T12:09:44Z","tags":[],"pid":11147,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.163","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 19ms - 9.0B"} Nov 12 12:10:49 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:10:49Z","tags":["connection","client","error"],"pid":11147,"level":"error","error":{"message":"0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"} Nov 12 12:12:29 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:12:29Z","tags":["connection","client","error"],"pid":11147,"level":"error","error":{"message":"0048E3CCBA7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0048E3CCBA7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0048E3CCBA7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"} Nov 12 12:14:09 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:14:09Z","tags":["connection","client","error"],"pid":11147,"level":"error","error":{"message":"0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0048E3CCBA7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"} Nov 12 12:14:42 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"error","@timestamp":"2024-11-12T12:14:42Z","tags":["connection","client","error"],"pid":11147,"level":"error","error":{"message":"0048E3CCBA7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 0048E3CCBA7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"0048E3CCBA7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"} Nov 12 12:15:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:30:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 12:45:00 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T12:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:00:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T13:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} Nov 12 13:10:51 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"response","@timestamp":"2024-11-12T13:10:51Z","tags":[],"pid":11147,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.80.79.168","user-agent":"Mozilla/5.0 (Linux; Android 7.0; FRD-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"3.89.245.170","userAgent":"Mozilla/5.0 (Linux; Android 7.0; FRD-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"} Nov 12 13:15:01 ip-172-31-33-129.ec2.internal opensearch-dashboards[11147]: {"type":"log","@timestamp":"2024-11-12T13:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":11147,"message":"Settings added to wazuh-monitoring-2024.46w index"} ```

[CarlosALgit]

Additional tests :green_circle:

Accessing Wazuh web interface

Amazon Linux 2023 :green_circle:

Landing page


About


Ubuntu 22 :green_circle:

Landing page


About


RHEL 9 :green_circle:

Landing page


About


Amazon Linux 2023 - Offline :green_circle:

Landing page


About


[teddytpc1]

Review

Expected timeout errors when trying to update the snapshot and feed because this is an instance with no internet connection.

We will not fix this now as the Installation assistant (offline) is under revision to be kept in 5.0.0.

[juliamagan]

We should open an issue related to https://github.com/opensearch-project/OpenSearch/issues/14744, so we can decide if we are waiting for Opensearch's fix, or if we can do anything to avoid the warning.