-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error logs found in wazuh-indexer in demo environment #1489
Comments
Update reportI continue to investigate the following error:
I checked the indexer, dashboard, and manager nodes of the demo environment and I didn't see anything weird, just those errors in the logs. |
This issue needs to be completed by explaining all logs found. I move it from |
The second error, gotten with
seems to come from a protocol error, as the received SSL/TLS record is really an HTTP request sent from another host in the cluster. The last gibberish is the hexadecimal version of ASCII for:
On the first error, this are some links that may have some interesting information: |
The GET Request that gave the error to the indexer, which was expecting an SSL/TLS record, was sent by Censys.io. This system does automatic scans of all IPs on the internet. One of the requests it sends for the scan got into the Socket opened to connect with clients. The error doesn't have anything to do with Wazuh and doesn't seem a problem, except for its confusing nature. To opt out of this specific web, the firewall must be configured to drop traffic from their IPs, as seen here: After seeing in the full logs written in issue wazuh/wazuh-qa#2819, where this issue comes from, there seem to be more services with automatic scans that also produce SSL/TLS errors:
Some of the
|
Update on Based on a commentary in this stackoverflow thread, it seems the The only reference to anything similar to this in the OpenSearch repositories is this. It is a Jenkins test where the expected output is:
We can see the node is This are the only other references to this exception I have found: |
As seen in the last commentaries, this issue is closed as both the errors are external and do not interfere with the correct installation and behaviour of Wazuh.
|
Regarding the @verdx research, the found messages are justified so no deployment-product problem was found. |
During the investigation at wazuh/wazuh-qa#2819, we found some unexpected logs on all machines with wazuh-indexer:
journalctl -xe -u wazuh-indexer.service
egrep -i "ERROR|WARNING| /var/log/wazuh-indexer/wazuh.log
The text was updated successfully, but these errors were encountered: