Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment #2960

juliamagan · 2022-06-03T10:14:41Z

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Test information


Test name	Demo environment
Category	Wazuh App
Deployment option	Demo environment
Main release issue	wazuh/wazuh#13670
Release candidate #	RC1

Test tasks

(T1): - No errors or warnings found in logs
(T2): - The daemons are running with the correct user
(T3): - The status of the Wazuh Indexer clusters is as expected.
(T4): - No errors in the browser's developer console when browsing the App
(T5): - Alerts are being generated for each of the modules configured for this purpose
(T6): - No warning symbols in Discover when expanding a document

Open issues

Conclusion

Bugs opened in previous releases and still appearing:
New issues reported related with RHEL agent and UI

Auditors validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.

All checks from below must be accepted in order to close this issue.

The text was updated successfully, but these errors were encountered:

BelenValdivia · 2022-06-03T17:08:29Z

Task 1: No errors or warnings found in logs

Agents

Amazon Linux 🟡

journalctl -xe -u wazuh-agent.service:


jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun starting up.
jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Starting Wazuh v4.3.4...
jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-execd...
jun 03 15:07:38 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-agentd...
jun 03 15:07:39 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-syscheckd...
jun 03 15:07:40 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-logcollector...
jun 03 15:07:41 ip-10-0-1-208.us-west-1.compute.internal crontab[15412]: (root) LIST (root)
jun 03 15:07:41 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-modulesd...
jun 03 15:07:43 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Completed.
jun 03 15:07:43 ip-10-0-1-208.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log

[root@ip-10-0-1-208 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 
2022/06/06 13:44:40 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:44:40 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:44:40 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 13:47:11 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:47:11 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:47:11 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.

systemctl status wazuh-agent -l

[root@ip-10-0-1-208 wazuh-user]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 15:07:43 UTC; 2h 24min ago
  Process: 15183 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 15247 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-agent.service
           ├─15276 /var/ossec/bin/wazuh-execd
           ├─15285 /var/ossec/bin/wazuh-agentd
           ├─15300 /var/ossec/bin/wazuh-syscheckd
           ├─15314 /var/ossec/bin/wazuh-logcollector
           └─15336 /var/ossec/bin/wazuh-modulesd

jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Starting Wazuh v4.3.4...
jun 03 15:07:37 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-execd...
jun 03 15:07:38 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-agentd...
jun 03 15:07:39 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-syscheckd...
jun 03 15:07:40 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-logcollector...
jun 03 15:07:41 ip-10-0-1-208.us-west-1.compute.internal crontab[15412]: (root) LIST (root)
jun 03 15:07:41 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Started wazuh-modulesd...
jun 03 15:07:43 ip-10-0-1-208.us-west-1.compute.internal env[15247]: Completed.
jun 03 15:07:43 ip-10-0-1-208.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

/var/ossec/bin/wazuh-control status:

[root@ip-10-0-1-208 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

RHEL 🔴

journalctl -xe -u wazuh-agent.service


[root@ip-10-0-1-216 wazuh-user]# journalctl -xe -u wazuh-agent.service
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 15:36:17 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun shutting down.
jun 03 15:36:17 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Killing wazuh-modulesd...
jun 03 15:36:17 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Killing wazuh-logcollector...
jun 03 15:36:17 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Killing wazuh-syscheckd...
jun 03 15:36:17 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Killing wazuh-agentd...
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Killing wazuh-execd...
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal env[29794]: Wazuh v4.3.4 Stopped
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished shutting down.
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun starting up.
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Starting Wazuh v4.3.4...
jun 03 15:36:19 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-execd...
jun 03 15:36:20 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-agentd...
jun 03 15:36:21 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-syscheckd...
jun 03 15:36:22 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-logcollector...
jun 03 15:36:22 ip-10-0-1-216.us-west-1.compute.internal osqueryd[29991]: osqueryd started [version=4.3.0]
jun 03 15:36:23 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-modulesd...
jun 03 15:36:25 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Completed.
jun 03 15:36:25 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log

[root@ip-10-0-1-216 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 
2022/06/06 13:54:33 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:54:33 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:54:33 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 13:54:34 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/httpd/error_log'.
2022/06/06 13:54:34 wazuh-modulesd:oscap: ERROR: Internal error. Exiting...
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: FileNotFoundError: [Errno 2] No such file or directory
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 450, in send
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     timeout=timeout
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 786, in urlopen
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 550, in increment
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     raise six.reraise(type(error), error, _stacktrace)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/packages/six.py", line 769, in reraise
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     raise value.with_traceback(tb)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 214, in _retrieve_server_version
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     return self.version(api_version=False)["ApiVersion"]
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/daemon.py", line 181, in version
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     return self._result(self._get(url), json=True)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     return f(self, *args, **kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 237, in _get
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     return self.get(url, **self._set_request_timeout(kwargs))
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in get
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     return self.request('GET', url, **kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 529, in request
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     resp = self.send(prep, **send_kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 645, in send
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     r = adapter.send(request, **kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 501, in send
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     raise ConnectionError(err, request=request)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 146, in <module>
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     dl = DockerListener()
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 43, in __init__
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.client = docker.from_env()
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 101, in from_env
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     **kwargs_from_env(**kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 45, in __init__
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self.api = APIClient(*args, **kwargs)
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 197, in __init__
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     self._version = self._retrieve_server_version()
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 222, in _retrieve_server_version
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR:     f'Error while fetching server API version: {e}'
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: ERROR: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:54:36 wazuh-modulesd:docker-listener: WARNING: Docker-listener finished unexpectedly (code 1). Retrying to run in next scheduled time...
2022/06/06 13:55:06 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:55:06 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:55:06 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 13:55:06 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/httpd/error_log'.
2022/06/06 13:55:08 wazuh-modulesd:oscap: ERROR: Internal error. Exiting...
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: FileNotFoundError: [Errno 2] No such file or directory
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 450, in send
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     timeout=timeout
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 786, in urlopen
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 550, in increment
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     raise six.reraise(type(error), error, _stacktrace)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/packages/six.py", line 769, in reraise
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     raise value.with_traceback(tb)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 214, in _retrieve_server_version
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     return self.version(api_version=False)["ApiVersion"]
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/daemon.py", line 181, in version
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     return self._result(self._get(url), json=True)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     return f(self, *args, **kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 237, in _get
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     return self.get(url, **self._set_request_timeout(kwargs))
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in get
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     return self.request('GET', url, **kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 529, in request
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     resp = self.send(prep, **send_kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 645, in send
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     r = adapter.send(request, **kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 501, in send
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     raise ConnectionError(err, request=request)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 146, in <module>
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     dl = DockerListener()
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 43, in __init__
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.client = docker.from_env()
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 101, in from_env
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     **kwargs_from_env(**kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 45, in __init__
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self.api = APIClient(*args, **kwargs)
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 197, in __init__
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     self._version = self._retrieve_server_version()
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 222, in _retrieve_server_version
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR:     f'Error while fetching server API version: {e}'
2022/06/06 13:55:08 wazuh-modulesd:docker-listener: ERROR: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:57:38 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:57:38 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:57:38 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 13:57:38 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/httpd/error_log'.
2022/06/06 13:57:40 wazuh-modulesd:oscap: ERROR: Internal error. Exiting...
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: FileNotFoundError: [Errno 2] No such file or directory
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 450, in send
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     timeout=timeout
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 786, in urlopen
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 550, in increment
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     raise six.reraise(type(error), error, _stacktrace)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/packages/six.py", line 769, in reraise
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     raise value.with_traceback(tb)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 214, in _retrieve_server_version
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     return self.version(api_version=False)["ApiVersion"]
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/daemon.py", line 181, in version
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     return self._result(self._get(url), json=True)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     return f(self, *args, **kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 237, in _get
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     return self.get(url, **self._set_request_timeout(kwargs))
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in get
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     return self.request('GET', url, **kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 529, in request
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     resp = self.send(prep, **send_kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 645, in send
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     r = adapter.send(request, **kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 501, in send
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     raise ConnectionError(err, request=request)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 146, in <module>
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     dl = DockerListener()
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 43, in __init__
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.client = docker.from_env()
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 101, in from_env
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     **kwargs_from_env(**kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 45, in __init__
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self.api = APIClient(*args, **kwargs)
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 197, in __init__
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     self._version = self._retrieve_server_version()
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 222, in _retrieve_server_version
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR:     f'Error while fetching server API version: {e}'
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: ERROR: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:57:40 wazuh-modulesd:docker-listener: WARNING: Docker-listener finished unexpectedly (code 1). Retrying to run in next scheduled time...
2022/06/06 13:58:19 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 13:58:19 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 13:58:19 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 13:58:19 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/httpd/error_log'.
2022/06/06 13:58:20 wazuh-modulesd:oscap: ERROR: Internal error. Exiting...
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: FileNotFoundError: [Errno 2] No such file or directory
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 450, in send
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     timeout=timeout
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 786, in urlopen
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 550, in increment
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     raise six.reraise(type(error), error, _stacktrace)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/packages/six.py", line 769, in reraise
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     raise value.with_traceback(tb)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     chunked=chunked,
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 398, in _make_request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     conn.request(method, url, **httplib_request_kw)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1254, in request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self._send_request(method, url, body, headers, encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.endheaders(body, encode_chunked=encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self._send_output(message_body, encode_chunked=encode_chunked)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.send(msg)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/lib64/python3.6/http/client.py", line 974, in send
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.connect()
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     sock.connect(self.unix_socket)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 214, in _retrieve_server_version
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     return self.version(api_version=False)["ApiVersion"]
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/daemon.py", line 181, in version
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     return self._result(self._get(url), json=True)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     return f(self, *args, **kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 237, in _get
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     return self.get(url, **self._set_request_timeout(kwargs))
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in get
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     return self.request('GET', url, **kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 529, in request
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     resp = self.send(prep, **send_kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 645, in send
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     r = adapter.send(request, **kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 501, in send
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     raise ConnectionError(err, request=request)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: During handling of the above exception, another exception occurred:
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: 
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: Traceback (most recent call last):
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 146, in <module>
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     dl = DockerListener()
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "wodles/docker/DockerListener", line 43, in __init__
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.client = docker.from_env()
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 101, in from_env
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     **kwargs_from_env(**kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/client.py", line 45, in __init__
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self.api = APIClient(*args, **kwargs)
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 197, in __init__
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     self._version = self._retrieve_server_version()
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:   File "/usr/local/lib/python3.6/site-packages/docker/api/client.py", line 222, in _retrieve_server_version
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR:     f'Error while fetching server API version: {e}'
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: ERROR: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022/06/06 13:58:21 wazuh-modulesd:docker-listener: WARNING: Docker-listener finished unexpectedly (code 1). Retrying to run in next scheduled time...

systemctl status wazuh-agent -l

[root@ip-10-0-1-216 wazuh-user]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 15:36:25 UTC; 2h 14min ago
  Process: 29794 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 29881 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 53
   Memory: 121.5M
   CGroup: /system.slice/wazuh-agent.service
           ├─29908 /var/ossec/bin/wazuh-execd
           ├─29920 /var/ossec/bin/wazuh-agentd
           ├─29935 /var/ossec/bin/wazuh-syscheckd
           ├─29948 /var/ossec/bin/wazuh-logcollector
           ├─29972 /var/ossec/bin/wazuh-modulesd
           ├─29988 python3 wodles/docker/DockerListener
           ├─29991 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf
           └─30003 /usr/bin/osqueryd                                        

jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
jun 03 15:36:18 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Starting Wazuh v4.3.4...
jun 03 15:36:19 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-execd...
jun 03 15:36:20 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-agentd...
jun 03 15:36:21 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-syscheckd...
jun 03 15:36:22 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-logcollector...
jun 03 15:36:22 ip-10-0-1-216.us-west-1.compute.internal osqueryd[29991]: osqueryd started [version=4.3.0]
jun 03 15:36:23 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Started wazuh-modulesd...
jun 03 15:36:25 ip-10-0-1-216.us-west-1.compute.internal env[29881]: Completed.
jun 03 15:36:25 ip-10-0-1-216.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

/var/ossec/bin/wazuh-control status:


[root@ip-10-0-1-216 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Ubuntu 🔴

journalctl -xe -u wazuh-agent.service

root@ip-10-0-1-239:/home/wazuh-user# journalctl -xe -u wazuh-agent.service
-- 
-- The start-up result is RESULT.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit wazuh-agent.service has begun shutting down.
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Killing wazuh-modulesd...
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Killing wazuh-logcollector...
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Killing wazuh-syscheckd...
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Killing wazuh-agentd...
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Killing wazuh-execd...
Jun 03 15:07:37 ip-10-0-1-239 env[10102]: Wazuh v4.3.4 Stopped
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit wazuh-agent.service has finished shutting down.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: wazuh-agent.service: Found left-over process 10094 (restart.sh) in control group while starting unit. Ignoring.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: wazuh-agent.service: Found left-over process 10101 (systemctl) in control group while starting unit. Ignoring.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit wazuh-agent.service has begun starting up.
Jun 03 15:07:37 ip-10-0-1-239 env[10156]: Starting Wazuh v4.3.4...
Jun 03 15:07:38 ip-10-0-1-239 env[10156]: Started wazuh-execd...
Jun 03 15:07:39 ip-10-0-1-239 env[10156]: Started wazuh-agentd...
Jun 03 15:07:40 ip-10-0-1-239 env[10156]: Started wazuh-syscheckd...
Jun 03 15:07:41 ip-10-0-1-239 env[10156]: Started wazuh-logcollector...
Jun 03 15:07:42 ip-10-0-1-239 env[10156]: Started wazuh-modulesd...
Jun 03 15:07:44 ip-10-0-1-239 env[10156]: Completed.
Jun 03 15:07:44 ip-10-0-1-239 systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is RESULT.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

root@ip-10-0-1-239:/home/wazuh-user# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 
2022/06/06 14:03:24 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/messages' due to [(2)-(No such file or directory)].
2022/06/06 14:03:24 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)].
2022/06/06 14:03:24 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)].
2022/06/06 14:03:52 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/messages' due to [(2)-(No such file or directory)].
2022/06/06 14:03:52 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)].
2022/06/06 14:03:52 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)].

- systemctl status wazuh-agent -l


● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-06-03 15:07:44 UTC; 3h 5min ago
  Process: 10102 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 10156 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 31 (limit: 1125)
   CGroup: /system.slice/wazuh-agent.service
           ├─10178 /var/ossec/bin/wazuh-execd
           ├─10189 /var/ossec/bin/wazuh-agentd
           ├─10203 /var/ossec/bin/wazuh-syscheckd
           ├─10216 /var/ossec/bin/wazuh-logcollector
           └─10255 /var/ossec/bin/wazuh-modulesd

Jun 03 15:07:37 ip-10-0-1-239 systemd[1]: Starting Wazuh agent...
Jun 03 15:07:37 ip-10-0-1-239 env[10156]: Starting Wazuh v4.3.4...
Jun 03 15:07:38 ip-10-0-1-239 env[10156]: Started wazuh-execd...
Jun 03 15:07:39 ip-10-0-1-239 env[10156]: Started wazuh-agentd...
Jun 03 15:07:40 ip-10-0-1-239 env[10156]: Started wazuh-syscheckd...
Jun 03 15:07:41 ip-10-0-1-239 env[10156]: Started wazuh-logcollector...
Jun 03 15:07:42 ip-10-0-1-239 env[10156]: Started wazuh-modulesd...
Jun 03 15:07:44 ip-10-0-1-239 env[10156]: Completed.
Jun 03 15:07:44 ip-10-0-1-239 systemd[1]: Started Wazuh agent.

/var/ossec/bin/wazuh-control status:

root@ip-10-0-1-239:/home/wazuh-user# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Centos 🟡

journalctl -xe -u wazuh-agent.service

[root@ip-10-0-1-20 wazuh-user]# journalctl -xe -u wazuh-agent.service
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun shutting down.
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Killing wazuh-modulesd...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Killing wazuh-logcollector...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Killing wazuh-syscheckd...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Killing wazuh-agentd...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Killing wazuh-execd...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6276]: Wazuh v4.3.4 Stopped
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished shutting down.
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun starting up.
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Starting Wazuh v4.3.4...
jun 03 15:07:53 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-execd...
jun 03 15:07:54 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-agentd...
jun 03 15:07:55 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-syscheckd...
jun 03 15:07:56 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-logcollector...
jun 03 15:07:57 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-modulesd...
jun 03 15:07:59 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Completed.
jun 03 15:07:59 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

[root@ip-10-0-1-20 wazuh-user]# systemctl restart wazuh-agent
[root@ip-10-0-1-20 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 
2022/06/06 14:09:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 14:09:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 14:09:21 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.
2022/06/06 14:11:17 wazuh-logcollector: WARNING: (1958): Log file '/var/log/messages' is duplicated.
2022/06/06 14:11:17 wazuh-logcollector: WARNING: (1958): Log file '/var/log/secure' is duplicated.
2022/06/06 14:11:17 wazuh-logcollector: WARNING: (1958): Log file '/var/log/maillog' is duplicated.

systemctl status wazuh-agent -l:

[root@ip-10-0-1-20 wazuh-user]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 15:07:59 UTC; 3h 18min ago
  Process: 6276 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 6341 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-agent.service
           ├─6368 /var/ossec/bin/wazuh-execd
           ├─6380 /var/ossec/bin/wazuh-agentd
           ├─6395 /var/ossec/bin/wazuh-syscheckd
           ├─6409 /var/ossec/bin/wazuh-logcollector
           └─6431 /var/ossec/bin/wazuh-modulesd

jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
jun 03 15:07:52 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Starting Wazuh v4.3.4...
jun 03 15:07:53 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-execd...
jun 03 15:07:54 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-agentd...
jun 03 15:07:55 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-syscheckd...
jun 03 15:07:56 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-logcollector...
jun 03 15:07:57 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Started wazuh-modulesd...
jun 03 15:07:59 ip-10-0-1-20.us-west-1.compute.internal env[6341]: Completed.
jun 03 15:07:59 ip-10-0-1-20.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

/var/ossec/bin/wazuh-control status:

[root@ip-10-0-1-20 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Debian 🔴

journalctl -xe -u wazuh-agent.service:


root@ip-10-0-1-173:/home/wazuh-user# journalctl -xe -u wazuh-agent.service
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 15:07:36 ip-10-0-1-173 systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit wazuh-agent.service has begun shutting down.
jun 03 15:07:36 ip-10-0-1-173 env[6801]: Killing wazuh-modulesd...
jun 03 15:07:36 ip-10-0-1-173 env[6801]: Killing wazuh-logcollector...
jun 03 15:07:36 ip-10-0-1-173 env[6801]: Killing wazuh-syscheckd...
jun 03 15:07:36 ip-10-0-1-173 env[6801]: Killing wazuh-agentd...
jun 03 15:07:36 ip-10-0-1-173 env[6801]: Killing wazuh-execd...
jun 03 15:07:37 ip-10-0-1-173 env[6801]: Wazuh v4.3.4 Stopped
jun 03 15:07:37 ip-10-0-1-173 systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit wazuh-agent.service has finished shutting down.
jun 03 15:07:37 ip-10-0-1-173 systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit wazuh-agent.service has begun starting up.
jun 03 15:07:37 ip-10-0-1-173 env[6856]: Starting Wazuh v4.3.4...
jun 03 15:07:38 ip-10-0-1-173 env[6856]: Started wazuh-execd...
jun 03 15:07:39 ip-10-0-1-173 env[6856]: Started wazuh-agentd...
jun 03 15:07:40 ip-10-0-1-173 env[6856]: Started wazuh-syscheckd...
jun 03 15:07:41 ip-10-0-1-173 env[6856]: Started wazuh-logcollector...
jun 03 15:07:42 ip-10-0-1-173 env[6856]: Started wazuh-modulesd...
jun 03 15:07:44 ip-10-0-1-173 env[6856]: Completed.
jun 03 15:07:44 ip-10-0-1-173 systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

-egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

root@ip-10-0-1-173:/home/wazuh-user# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log 
2022/06/06 14:25:07 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)].
2022/06/06 14:25:07 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)].
2022/06/06 14:26:43 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/secure' due to [(2)-(No such file or directory)].
2022/06/06 14:26:43 wazuh-logcollector: ERROR: (1103): Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)].

systemctl status wazuh-agent -l:


root@ip-10-0-1-173:/home/wazuh-user# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-06-03 15:07:44 UTC; 3h 43min ago
  Process: 6801 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 6856 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 31 (limit: 4915)
   CGroup: /system.slice/wazuh-agent.service
           ├─6878 /var/ossec/bin/wazuh-execd
           ├─6889 /var/ossec/bin/wazuh-agentd
           ├─6903 /var/ossec/bin/wazuh-syscheckd
           ├─6920 /var/ossec/bin/wazuh-logcollector
           └─6959 /var/ossec/bin/wazuh-modulesd

jun 03 15:07:37 ip-10-0-1-173 systemd[1]: Starting Wazuh agent...
jun 03 15:07:37 ip-10-0-1-173 env[6856]: Starting Wazuh v4.3.4...
jun 03 15:07:38 ip-10-0-1-173 env[6856]: Started wazuh-execd...
jun 03 15:07:39 ip-10-0-1-173 env[6856]: Started wazuh-agentd...
jun 03 15:07:40 ip-10-0-1-173 env[6856]: Started wazuh-syscheckd...
jun 03 15:07:41 ip-10-0-1-173 env[6856]: Started wazuh-logcollector...
jun 03 15:07:42 ip-10-0-1-173 env[6856]: Started wazuh-modulesd...
jun 03 15:07:44 ip-10-0-1-173 env[6856]: Completed.
jun 03 15:07:44 ip-10-0-1-173 systemd[1]: Started Wazuh agent.

/var/ossec/bin/wazuh-control status:

root@ip-10-0-1-173:/home/wazuh-user# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Windows 🟢

EventViewer:

Running:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service 
    Control Manager" />
  <EventID Qualifiers="16384">7036</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8080000000000000</Keywords>
  <TimeCreated SystemTime="2022-06-06T12:31:50.132197600Z" />
  <EventRecordID>93844</EventRecordID>
  <Correlation />
  <Execution ProcessID="612" ThreadID="4852" />
  <Channel>System</Channel>
  <Computer>EC2AMAZ-SKRM1P7</Computer>
  <Security />
  </System>
 <EventData>
  <Data Name="param1">Wazuh</Data>
  <Data Name="param2">running</Data>
  <Binary>570061007A00750068005300760063002F0034000000</Binary>
  </EventData>
  </Event>

Stopped:

 <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service 
    Control Manager" />
  <EventID Qualifiers="16384">7036</EventID>
  <Version>0</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8080000000000000</Keywords>
  <TimeCreated SystemTime="2022-06-06T12:31:49.693886900Z" />
  <EventRecordID>93843</EventRecordID>
  <Correlation />
  <Execution ProcessID="612" ThreadID="4852" />
  <Channel>System</Channel>
  <Computer>EC2AMAZ-SKRM1P7</Computer>
  <Security />
  </System>
 <EventData>
  <Data Name="param1">Wazuh</Data>
  <Data Name="param2">stopped</Data>
  <Binary>570061007A00750068005300760063002F0031000000</Binary>
  </EventData>
  </Event>

Agent is running:
Search for errors in ossec.log:

Managers

Master env 1 🟡

journalctl -xe -u wazuh-manager.service:

[root@wazuh-manager-master-0 wazuh-user]# journalctl -xe -u wazuh-manager.service
jun 03 14:50:56 wazuh-manager-master-0 env[17640]: wazuh-maild not running...
jun 03 14:50:56 wazuh-manager-master-0 env[17640]: Killing wazuh-execd...
jun 03 14:50:56 wazuh-manager-master-0 env[17640]: Killing wazuh-db...
jun 03 14:50:57 wazuh-manager-master-0 env[17640]: Killing wazuh-authd...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: wazuh-agentlessd not running...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: wazuh-integratord not running...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: wazuh-dbd not running...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: wazuh-csyslogd not running...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: Killing wazuh-apid...
jun 03 14:50:58 wazuh-manager-master-0 env[17640]: Wazuh v4.3.4 Stopped
jun 03 14:50:58 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has begun starting up.
jun 03 14:50:59 wazuh-manager-master-0 env[17784]: 2022/06/03 14:50:59 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:50:59 wazuh-manager-master-0 env[17784]: Starting Wazuh v4.3.4...
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: Started wazuh-apid...
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: Started wazuh-csyslogd...
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: Started wazuh-dbd...
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: 2022/06/03 14:51:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: Started wazuh-integratord...
jun 03 14:51:01 wazuh-manager-master-0 env[17784]: Started wazuh-agentlessd...
jun 03 14:51:02 wazuh-manager-master-0 env[17784]: Started wazuh-authd...
jun 03 14:51:03 wazuh-manager-master-0 env[17784]: Started wazuh-db...
jun 03 14:51:04 wazuh-manager-master-0 env[17784]: Started wazuh-execd...
jun 03 14:51:05 wazuh-manager-master-0 env[17784]: Started wazuh-analysisd...
jun 03 14:51:06 wazuh-manager-master-0 env[17784]: Started wazuh-syscheckd...
jun 03 14:51:07 wazuh-manager-master-0 env[17784]: Started wazuh-remoted...
jun 03 14:51:08 wazuh-manager-master-0 env[17784]: Started wazuh-logcollector...
jun 03 14:51:10 wazuh-manager-master-0 env[17784]: Started wazuh-monitord...
jun 03 14:51:10 wazuh-manager-master-0 env[17784]: 2022/06/03 14:51:10 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:51:10 wazuh-manager-master-0 crontab[18167]: (root) LIST (root)
jun 03 14:51:11 wazuh-manager-master-0 env[17784]: Started wazuh-modulesd...
jun 03 14:51:11 wazuh-manager-master-0 env[17784]: Started wazuh-clusterd...
jun 03 14:51:13 wazuh-manager-master-0 env[17784]: Completed.
jun 03 14:51:13 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

2022/06/06 14:34:08 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:34:21 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:35:20 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:35:34 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:36:12 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:36:23 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log:

[root@wazuh-manager-master-0 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log
[root@wazuh-manager-master-0 wazuh-user]#

systemctl status wazuh-manager -l:

[root@wazuh-manager-master-0 wazuh-user]# systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since vie 2022-06-03 14:51:13 UTC; 4h 31min ago
  Process: 17640 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 17784 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

jun 03 14:51:06 wazuh-manager-master-0 env[17784]: Started wazuh-syscheckd...
jun 03 14:51:07 wazuh-manager-master-0 env[17784]: Started wazuh-remoted...
jun 03 14:51:08 wazuh-manager-master-0 env[17784]: Started wazuh-logcollector...
jun 03 14:51:10 wazuh-manager-master-0 env[17784]: Started wazuh-monitord...
jun 03 14:51:10 wazuh-manager-master-0 env[17784]: 2022/06/03 14:51:10 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:51:10 wazuh-manager-master-0 crontab[18167]: (root) LIST (root)
jun 03 14:51:11 wazuh-manager-master-0 env[17784]: Started wazuh-modulesd...
jun 03 14:51:11 wazuh-manager-master-0 env[17784]: Started wazuh-clusterd...
jun 03 14:51:13 wazuh-manager-master-0 env[17784]: Completed.
jun 03 14:51:13 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

/var/ossec/bin/wazuh-control status:

[root@wazuh-manager-master-0 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

filebeat test output:


[root@wazuh-manager-master-0 wazuh-user]# filebeat test output
elasticsearch: https://10.0.2.226:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.226
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.188:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.188
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.12:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.12
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Worker env 1 🟡

journalctl -xe -u wazuh-manager.service:

[root@wazuh-manager-worker-0 wazuh-user]# journalctl -xe -u wazuh-manager.service
jun 03 14:54:08 wazuh-manager-worker-0 env[17435]: Killing wazuh-syscheckd...
jun 03 14:54:08 wazuh-manager-worker-0 env[17435]: Killing wazuh-analysisd...
jun 03 14:54:08 wazuh-manager-worker-0 env[17435]: wazuh-maild not running...
jun 03 14:54:08 wazuh-manager-worker-0 env[17435]: Killing wazuh-execd...
jun 03 14:54:08 wazuh-manager-worker-0 env[17435]: Killing wazuh-db...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: wazuh-authd not running...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: wazuh-agentlessd not running...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: wazuh-integratord not running...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: wazuh-dbd not running...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: wazuh-csyslogd not running...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: Killing wazuh-apid...
jun 03 14:54:09 wazuh-manager-worker-0 env[17435]: Wazuh v4.3.4 Stopped
jun 03 14:54:09 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has begun starting up.
jun 03 14:54:10 wazuh-manager-worker-0 env[17556]: 2022/06/03 14:54:10 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:54:11 wazuh-manager-worker-0 env[17556]: Starting Wazuh v4.3.4...
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: Started wazuh-apid...
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: Started wazuh-csyslogd...
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: Started wazuh-dbd...
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: 2022/06/03 14:54:13 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: Started wazuh-integratord...
jun 03 14:54:13 wazuh-manager-worker-0 env[17556]: Started wazuh-agentlessd...
jun 03 14:54:14 wazuh-manager-worker-0 env[17556]: Started wazuh-db...
jun 03 14:54:15 wazuh-manager-worker-0 env[17556]: Started wazuh-execd...
jun 03 14:54:16 wazuh-manager-worker-0 env[17556]: Started wazuh-analysisd...
jun 03 14:54:17 wazuh-manager-worker-0 env[17556]: Started wazuh-syscheckd...
jun 03 14:54:18 wazuh-manager-worker-0 env[17556]: Started wazuh-remoted...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: Started wazuh-logcollector...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: Started wazuh-monitord...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: 2022/06/03 14:54:19 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:54:20 wazuh-manager-worker-0 env[17556]: Started wazuh-modulesd...
jun 03 14:54:21 wazuh-manager-worker-0 env[17556]: Started wazuh-clusterd...
jun 03 14:54:23 wazuh-manager-worker-0 env[17556]: Completed.
jun 03 14:54:23 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7616): List 'etc/lists/amazon/aws-eventnames' could not be loaded. Rule '80202' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80203' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80203' was not found. Invalid 'if_sid'. Rule '80250' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80251' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80251' was not found. Invalid 'if_matched_sid'. Rule '80252' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80253' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80253' was not found. Invalid 'if_sid'. Rule '80254' will be ignored.
2022/06/06 14:50:36 wazuh-analysisd: WARNING: (7606): Signature ID '80254' was not found. Invalid 'if_matched_sid'. Rule '80255' will be ignored.
2022/06/06 14:50:37 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7616): List 'etc/lists/amazon/aws-eventnames' could not be loaded. Rule '80202' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80203' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80203' was not found. Invalid 'if_sid'. Rule '80250' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80251' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80251' was not found. Invalid 'if_matched_sid'. Rule '80252' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80253' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80253' was not found. Invalid 'if_sid'. Rule '80254' will be ignored.
2022/06/06 14:50:37 wazuh-testrule: WARNING: (7606): Signature ID '80254' was not found. Invalid 'if_matched_sid'. Rule '80255' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7616): List 'etc/lists/amazon/aws-eventnames' could not be loaded. Rule '80202' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80203' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80203' was not found. Invalid 'if_sid'. Rule '80250' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80251' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80251' was not found. Invalid 'if_matched_sid'. Rule '80252' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80202' was not found. Invalid 'if_sid'. Rule '80253' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80253' was not found. Invalid 'if_sid'. Rule '80254' will be ignored.
2022/06/06 14:50:42 wazuh-analysisd: WARNING: (7606): Signature ID '80254' was not found. Invalid 'if_matched_sid'. Rule '80255' will be ignored.
2022/06/06 14:50:47 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log:

[root@wazuh-manager-worker-0 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log
2022/06/06 14:36:18 ERROR: [Local Server] [Main] Could not connect to master. Trying again in 10 seconds.

systemctl status wazuh-manager -l:

[root@wazuh-manager-worker-0 wazuh-user]# systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since vie 2022-06-03 14:54:23 UTC; 4h 54min ago
  Process: 17435 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 17556 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

jun 03 14:54:16 wazuh-manager-worker-0 env[17556]: Started wazuh-analysisd...
jun 03 14:54:17 wazuh-manager-worker-0 env[17556]: Started wazuh-syscheckd...
jun 03 14:54:18 wazuh-manager-worker-0 env[17556]: Started wazuh-remoted...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: Started wazuh-logcollector...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: Started wazuh-monitord...
jun 03 14:54:19 wazuh-manager-worker-0 env[17556]: 2022/06/03 14:54:19 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:54:20 wazuh-manager-worker-0 env[17556]: Started wazuh-modulesd...
jun 03 14:54:21 wazuh-manager-worker-0 env[17556]: Started wazuh-clusterd...
jun 03 14:54:23 wazuh-manager-worker-0 env[17556]: Completed.
jun 03 14:54:23 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.

/var/ossec/bin/wazuh-control status:

[root@wazuh-manager-worker-0 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd not running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

filebeat test output:


[root@wazuh-manager-worker-0 wazuh-user]# filebeat test output
elasticsearch: https://10.0.2.226:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.226
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.188:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.188
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.12:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.12
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Master env 2 🟡

journalctl -xe -u wazuh-manager.service:

jun 03 14:50:34 wazuh-manager-master-0 env[17630]: wazuh-maild not running...
jun 03 14:50:34 wazuh-manager-master-0 env[17630]: Killing wazuh-execd...
jun 03 14:50:34 wazuh-manager-master-0 env[17630]: Killing wazuh-db...
jun 03 14:50:35 wazuh-manager-master-0 env[17630]: Killing wazuh-authd...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: wazuh-agentlessd not running...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: wazuh-integratord not running...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: wazuh-dbd not running...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: wazuh-csyslogd not running...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: Killing wazuh-apid...
jun 03 14:50:36 wazuh-manager-master-0 env[17630]: Wazuh v4.3.4 Stopped
jun 03 14:50:36 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has begun starting up.
jun 03 14:50:37 wazuh-manager-master-0 env[17774]: 2022/06/03 14:50:37 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:50:37 wazuh-manager-master-0 env[17774]: Starting Wazuh v4.3.4...
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: Started wazuh-apid...
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: Started wazuh-csyslogd...
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: Started wazuh-dbd...
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: 2022/06/03 14:50:39 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: Started wazuh-integratord...
jun 03 14:50:39 wazuh-manager-master-0 env[17774]: Started wazuh-agentlessd...
jun 03 14:50:40 wazuh-manager-master-0 env[17774]: Started wazuh-authd...
jun 03 14:50:41 wazuh-manager-master-0 env[17774]: Started wazuh-db...
jun 03 14:50:42 wazuh-manager-master-0 env[17774]: Started wazuh-execd...
jun 03 14:50:43 wazuh-manager-master-0 env[17774]: Started wazuh-analysisd...
jun 03 14:50:44 wazuh-manager-master-0 env[17774]: Started wazuh-syscheckd...
jun 03 14:50:45 wazuh-manager-master-0 env[17774]: Started wazuh-remoted...
jun 03 14:50:47 wazuh-manager-master-0 env[17774]: Started wazuh-logcollector...
jun 03 14:50:48 wazuh-manager-master-0 env[17774]: Started wazuh-monitord...
jun 03 14:50:48 wazuh-manager-master-0 env[17774]: 2022/06/03 14:50:48 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:50:48 wazuh-manager-master-0 crontab[18161]: (root) LIST (root)
jun 03 14:50:49 wazuh-manager-master-0 env[17774]: Started wazuh-modulesd...
jun 03 14:50:50 wazuh-manager-master-0 env[17774]: Started wazuh-clusterd...
jun 03 14:50:52 wazuh-manager-master-0 env[17774]: Completed.
jun 03 14:50:52 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-manager.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log:

2022/06/06 15:03:00 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 15:03:14 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 15:07:19 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
2022/06/06 15:07:31 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log:

[root@wazuh-manager-master-0 wazuh-user]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log
[root@wazuh-manager-master-0 wazuh-user]#

systemctl status wazuh-manager.service:

[root@wazuh-manager-master-0 wazuh-user]# systemctl status wazuh-manager.service
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since vie 2022-06-03 14:50:52 UTC; 5h 16min ago
  Process: 17630 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 17774 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

jun 03 14:50:44 wazuh-manager-master-0 env[17774]: Started wazuh-syscheckd...
jun 03 14:50:45 wazuh-manager-master-0 env[17774]: Started wazuh-remoted...
jun 03 14:50:47 wazuh-manager-master-0 env[17774]: Started wazuh-logcollector...
jun 03 14:50:48 wazuh-manager-master-0 env[17774]: Started wazuh-monitord...
jun 03 14:50:48 wazuh-manager-master-0 env[17774]: 2022/06/03 14:50:48 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
jun 03 14:50:48 wazuh-manager-master-0 crontab[18161]: (root) LIST (root)
jun 03 14:50:49 wazuh-manager-master-0 env[17774]: Started wazuh-modulesd...
jun 03 14:50:50 wazuh-manager-master-0 env[17774]: Started wazuh-clusterd...
jun 03 14:50:52 wazuh-manager-master-0 env[17774]: Completed.
jun 03 14:50:52 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

/var/ossec/bin/wazuh-control status:

[root@wazuh-manager-master-0 wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

filebeat test output:

[root@wazuh-manager-master-0 wazuh-user]# filebeat test output
elasticsearch: https://10.0.2.226:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.226
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.188:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.188
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.12:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.12
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Wazuh Indexer

Bootstrap 🔴

journalctl -xe -u wazuh-indexer.service:

[root@ip-10-0-2-226 wazuh-user]# journalctl -xe -u wazuh-indexer.service
jun 03 14:41:09 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[15535]: WARNING: An illegal reflective access operation has occurred
jun 03 14:41:09 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[15535]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:41:09 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[15535]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:41:09 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[15535]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:41:09 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[15535]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:41:14 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
jun 06 15:13:27 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun shutting down.
jun 06 15:13:28 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished shutting down.
-- Reboot --
jun 06 15:13:40 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: An illegal reflective access operation has occurred
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/pl
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: All illegal access operations will be denied in a future release
jun 06 15:14:13 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log:

[root@ip-10-0-2-226 wazuh-user]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log 
[2022-06-06T01:06:36,397][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a2035342e3135332e34382e36313a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e302028636f6d70617469626c653b2043656e737973496e73706563742f312e313b202b68747470733a2f2f61626f75742e63656e7379732e696f2f290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
[2022-06-06T01:06:37,495][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
[2022-06-06T09:55:32,105][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f616c696173657320485454502f312e310d0a486f73743a2035342e3135332e34382e36313a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
[2022-06-06T10:02:03,777][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174732f696e646963657320485454502f312e310d0a486f73743a2035342e3135332e34382e36313a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
[2022-06-06T10:05:49,623][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f636c75737465722f6865616c74683f6c6576656c3d696e646963657320485454502f312e310d0a486f73743a2035342e3135332e34382e36313a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
[2022-06-06T10:19:04,657][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f73746174757320485454502f312e310d0a486f73743a2035342e3135332e34382e36313a393230300d0a557365722d4167656e743a204d6f7a696c6c612f352e30207a677261622f302e780d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a20677a69700d0a0d0a
	at org.opensearch.transport.InboundHandler.handlerResponseError(InboundHandler.java:335) [opensearch-1.2.4.jar:1.2.4]

[2022-06-06T15:13:53,107][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8926450441850256719, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2022-06-06T15:14:06,821][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.

systemctl status wazuh-indexer -l:

[root@ip-10-0-2-226 wazuh-user]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since lun 2022-06-06 15:14:13 UTC; 10min ago
     Docs: https://documentation.wazuh.com
 Main PID: 2515 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─2515 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-8926450441850256719 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

jun 06 15:13:40 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: An illegal reflective access operation has occurred
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 06 15:14:07 ip-10-0-2-226.us-west-1.compute.internal systemd-entrypoint[2515]: WARNING: All illegal access operations will be denied in a future release
jun 06 15:14:13 ip-10-0-2-226.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Master B 🔴

journalctl -xe -u wazuh-indexer.service:

jun 03 14:39:41 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:39:56 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[14180]: WARNING: An illegal reflective access operation has occurred
jun 03 14:39:56 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[14180]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:39:56 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[14180]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:39:56 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[14180]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:39:56 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[14180]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:40:00 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 14:41:39 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun shutting down.
jun 03 14:41:39 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: An illegal reflective access operation has occurred
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:42:00 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log:

[2022-06-06T12:54:42,013][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-2] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e300d0a0d0a
[2022-06-06T15:33:00,997][INFO ][o.o.n.Node               ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-12310468957220566266, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2022-06-06T15:33:13,755][ERROR][o.o.s.a.s.SinkProvider   ] [node-2] Default endpoint could not be created, auditlog will not work properly.

systemctl status wazuh-indexer -l:


[root@ip-10-0-2-188 wazuh-user]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 14:42:00 UTC; 6h ago
     Docs: https://documentation.wazuh.com
 Main PID: 15523 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─15523 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-7248741151444052373 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

jun 03 14:41:39 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: An illegal reflective access operation has occurred
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:41:55 ip-10-0-2-188.us-west-1.compute.internal systemd-entrypoint[15523]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:42:00 ip-10-0-2-188.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Master C 🔴

journalctl -xe -u wazuh-indexer.service:

[root@ip-10-0-2-12 wazuh-user]# journalctl -xe -u wazuh-indexer.service
-- Logs begin at vie 2022-06-03 14:23:51 UTC, end at vie 2022-06-03 20:47:57 UTC. --
jun 03 14:39:40 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:39:54 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[14157]: WARNING: An illegal reflective access operation has occurred
jun 03 14:39:54 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[14157]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/pl
jun 03 14:39:54 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[14157]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:39:54 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[14157]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:39:54 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[14157]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:40:00 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 14:41:18 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun shutting down.
jun 03 14:41:18 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: An illegal reflective access operation has occurred
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/pl
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:41:38 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log:

[2022-06-06T14:49:25,857][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-3] Exception during establishing a SSL connection: java.net.SocketException: Connection reset
[2022-06-06T15:58:20,276][INFO ][o.o.n.Node               ] [node-3] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3948m, -Xmx3948m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-470743058584004858, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2069889024, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2022-06-06T15:58:33,058][ERROR][o.o.s.a.s.SinkProvider   ] [node-3] Default endpoint could not be created, auditlog will not work properly.

systemctl status wazuh-indexer.service:


[root@ip-10-0-2-12 wazuh-user]# systemctl status wazuh-indexer.service
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 14:41:38 UTC; 6h ago
     Docs: https://documentation.wazuh.com
 Main PID: 15525 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─15525 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.h...

jun 03 14:41:18 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: An illegal reflective access operation has occurred
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazu...ble.cause
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:41:33 ip-10-0-2-12.us-west-1.compute.internal systemd-entrypoint[15525]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:41:38 ip-10-0-2-12.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

Wazuh Dashboard

wazuh-indexer 🔴

journalctl -xe -u wazuh-indexer.service:


[root@ip-10-0-0-165 wazuh-user]# journalctl -xe -u wazuh-indexer.service
-- Logs begin at vie 2022-06-03 14:23:50 UTC, end at vie 2022-06-03 20:58:07 UTC. --
jun 03 14:44:05 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:44:21 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[14134]: WARNING: An illegal reflective access operation has occurred
jun 03 14:44:21 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[14134]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:44:21 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[14134]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:44:21 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[14134]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:44:21 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[14134]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:44:26 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
jun 03 14:47:10 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun shutting down.
jun 03 14:47:10 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: An illegal reflective access operation has occurred
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:47:33 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log:

[root@ip-10-0-0-165 wazuh-user]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log 
[2022-06-06T16:12:43,334][INFO ][o.o.n.Node               ] [node-7] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms2560m, -Xmx2560m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-2676744226269389002, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=1342177280, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2022-06-06T16:12:57,904][ERROR][o.o.s.a.s.SinkProvider   ] [node-7] Default endpoint could not be created, auditlog will not work properly.

systemctl status wazuh-indexer -l:

[root@ip-10-0-0-165 wazuh-user]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since vie 2022-06-03 14:47:33 UTC; 6h ago
     Docs: https://documentation.wazuh.com
 Main PID: 16974 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─16974 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6104331748781638162 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

jun 03 14:47:10 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: An illegal reflective access operation has occurred
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:47:33 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

wazuh-dashboard 🔴

journalctl -xe -u wazuh-dashboard.service:

[root@ip-10-0-0-165 wazuh-user]# journalctl -xe -u wazuh-indexer.service
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: An illegal reflective access operation has occurred
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/p
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 03 14:47:27 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[16974]: WARNING: All illegal access operations will be denied in a future release
jun 03 14:47:33 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
jun 06 16:12:16 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun shutting down.
jun 06 16:12:17 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished shutting down.
-- Reboot --
jun 06 16:12:28 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
jun 06 16:12:58 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[2506]: WARNING: An illegal reflective access operation has occurred
jun 06 16:12:58 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[2506]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/pl
jun 06 16:12:58 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[2506]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jun 06 16:12:58 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[2506]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jun 06 16:12:58 ip-10-0-0-165.us-west-1.compute.internal systemd-entrypoint[2506]: WARNING: All illegal access operations will be denied in a future release
jun 06 16:13:04 ip-10-0-0-165.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

systemctl status wazuh-dashboard -l:

[root@ip-10-0-0-165 wazuh-user]# systemctl status wazuh-dashboard -l
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since lun 2022-06-06 16:12:24 UTC; 7min ago
 Main PID: 2011 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─2011 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml

jun 06 16:12:44 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:44Z","tags":["info","plugins-system"],"pid":2011,"message":"Setting up [45] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,advancedSettings,indexPatternManagement,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,anomalyDetectionDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,visualize,ganttChartDashboards,queryWorkbenchDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,observabilityDashboards,discover,wazuh,savedObjectsManagement,bfetch]"}
jun 06 16:12:45 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:45Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
jun 06 16:12:46 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:46Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Starting saved objects migrations"}
jun 06 16:12:46 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:46Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Creating index .kibana_2."}
jun 06 16:12:46 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:46Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
jun 06 16:12:46 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:46Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Pointing alias .kibana to .kibana_2."}
jun 06 16:12:46 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:46Z","tags":["info","savedobjects-service"],"pid":2011,"message":"Finished in 798ms."}
jun 06 16:12:47 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:47Z","tags":["info","plugins-system"],"pid":2011,"message":"Starting [45] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,advancedSettings,indexPatternManagement,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,anomalyDetectionDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,visualize,ganttChartDashboards,queryWorkbenchDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,observabilityDashboards,discover,wazuh,savedObjectsManagement,bfetch]"}
jun 06 16:12:48 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:48Z","tags":["listening","info"],"pid":2011,"message":"Server running at https://0.0.0.0:5601"}
jun 06 16:12:49 ip-10-0-0-165.us-west-1.compute.internal opensearch-dashboards[2011]: {"type":"log","@timestamp":"2022-06-06T16:12:49Z","tags":["info","http","server","OpenSearchDashboards"],"pid":2011,"message":"http server running at https://0.0.0.0:5601"}

cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log:

[root@ip-10-0-0-165 wazuh-user]# /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log
bash: /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log: Permission denied
[root@ip-10-0-0-165 wazuh-user]# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log
{"date":"2022-06-03T14:47:17.845Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"}
{"date":"2022-06-03T14:47:17.845Z","level":"info","location":"initialize","message":"App revision: 4305"}
{"date":"2022-06-03T14:47:17.846Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"}
{"date":"2022-06-03T14:47:19.053Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED 10.0.0.19:55000"}
{"date":"2022-06-03T14:47:41.182Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"}
{"date":"2022-06-03T14:47:41.182Z","level":"info","location":"initialize","message":"App revision: 4305"}
{"date":"2022-06-03T14:47:41.183Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"}
{"date":"2022-06-03T14:47:41.761Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED 10.0.0.19:55000"}
{"date":"2022-06-03T15:02:15.627Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"}
{"date":"2022-06-03T15:02:15.628Z","level":"info","location":"initialize","message":"App revision: 4305"}
{"date":"2022-06-03T15:02:15.628Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"}
{"date":"2022-06-03T15:04:13.408Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"}
{"date":"2022-06-03T15:04:13.408Z","level":"info","location":"initialize","message":"App revision: 4305"}
{"date":"2022-06-03T15:04:13.409Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"}
{"date":"2022-06-03T15:05:01.226Z","level":"error","location":"cron-scheduler|SaveDocument","message":"resource_already_exists_exception"}
{"date":"2022-06-06T00:00:01.978Z","level":"error","location":"cron-scheduler|SaveDocument","message":"resource_already_exists_exception"}
{"date":"2022-06-06T14:35:01.687Z","level":"info","location":"Cron-scheduler","data":{"message":"Request failed with status code 400","stack":"Error: Request failed with status code 400\n    at createError (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/core/createError.js:16:15)\n    at settle (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/core/settle.js:17:12)\n    at IncomingMessage.handleStreamEnd (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/adapters/http.js:269:11)\n    at IncomingMessage.emit (events.js:203:15)\n    at endReadableNT (_stream_readable.js:1145:12)\n    at process._tickCallback (internal/process/next_tick.js:63:19)","config":{"url":"https://10.0.0.19:55000/security/user/authenticate","method":"get"}}}
{"date":"2022-06-06T14:35:01.689Z","level":"info","location":"Cron-scheduler","data":{"message":"Request failed with status code 400","stack":"Error: Request failed with status code 400\n    at createError (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/core/createError.js:16:15)\n    at settle (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/core/settle.js:17:12)\n    at IncomingMessage.handleStreamEnd (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/adapters/http.js:269:11)\n    at IncomingMessage.emit (events.js:203:15)\n    at endReadableNT (_stream_readable.js:1145:12)\n    at process._tickCallback (internal/process/next_tick.js:63:19)","config":{"url":"https://10.0.0.19:55000/security/user/authenticate","method":"get"}}}
{"date":"2022-06-06T16:12:47.607Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"}
{"date":"2022-06-06T16:12:47.608Z","level":"info","location":"initialize","message":"App revision: 4305"}
{"date":"2022-06-06T16:12:47.608Z","level":"info","location":"initialize","message":"Total RAM: 7897MB"}

Issues:

Status
🔴	Errors were found
🟡	Warnings were found
🟢	No errors or warnings were found

BelenValdivia · 2022-06-03T23:50:27Z

Task 2: The daemons are running with the correct user

Agents

Amazon Linux 🟢

root     15276  0.0  0.2  37708  2892 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-execd
wazuh    15285  0.0  0.5 263692  5352 ?        Sl   15:07   0:05 /var/ossec/bin/wazuh-agentd
root     15300  0.0  0.8 203684  8336 ?        SNl  15:07   0:10 /var/ossec/bin/wazuh-syscheckd
root     15314  0.0  0.4 480232  4704 ?        Sl   15:07   0:02 /var/ossec/bin/wazuh-logcollector
root     15336  0.0  1.5 740780 15380 ?        Sl   15:07   0:04 /var/ossec/bin/wazuh-modulesd

RHEL 🟢

root     29908  0.0  0.0  35520  1628 ?        Sl   15:36   0:01 /var/ossec/bin/wazuh-execd
wazuh    29920  0.0  0.0 261256  3120 ?        Sl   15:36   0:11 /var/ossec/bin/wazuh-agentd
root     29935  0.1  0.2 480420  8980 ?        SNl  15:36   0:29 /var/ossec/bin/wazuh-syscheckd
root     29948  0.0  0.0 477936  2648 ?        Sl   15:36   0:08 /var/ossec/bin/wazuh-logcollector
root     29972  0.0  0.8 1033468 31432 ?       Sl   15:36   0:12 /var/ossec/bin/wazuh-modulesd

Ubuntu 🟢

root     10178  0.0  0.3  42728  3076 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-execd
wazuh    10189  0.0  0.5 268672  5684 ?        Sl   15:07   0:05 /var/ossec/bin/wazuh-agentd
root     10203  0.0  0.8 208128  8140 ?        SNl  15:07   0:08 /var/ossec/bin/wazuh-syscheckd
root     10216  0.0  0.4 485124  4652 ?        Sl   15:07   0:02 /var/ossec/bin/wazuh-logcollector
root     10255  0.0  1.4 748316 14312 ?        Sl   15:07   0:04 /var/ossec/bin/wazuh-modulesd

Centos 🟢

root      6368  0.0  0.1  35436  1476 ?        Sl   15:07   0:01 /var/ossec/bin/wazuh-execd
wazuh     6380  0.0  0.3 261256  3060 ?        Sl   15:07   0:09 /var/ossec/bin/wazuh-agentd
root      6395  0.0  0.7 201156  7216 ?        SNl  15:07   0:12 /var/ossec/bin/wazuh-syscheckd
root      6409  0.0  1.2 477812 12560 ?        Sl   15:07   0:04 /var/ossec/bin/wazuh-logcollector
root      6431  0.0  2.2 738416 22020 ?        Sl   15:07   0:06 /var/ossec/bin/wazuh-modulesd

Debian 🟢

root      6878  0.0  0.2  41412  2588 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-execd
wazuh     6889  0.0  0.5 267440  5204 ?        Sl   15:07   0:05 /var/ossec/bin/wazuh-agentd
root      6903  0.0  0.7 206680  7268 ?        SNl  15:07   0:07 /var/ossec/bin/wazuh-syscheckd
root      6920  0.0  0.4 484060  4356 ?        Sl   15:07   0:02 /var/ossec/bin/wazuh-logcollector
root      6959  0.0  1.1 744888 11924 ?        Sl   15:07   0:04 /var/ossec/bin/wazuh-modulesd

Windows 🟢

Managers

Master env 1 🟢

wazuh    24405  0.0  2.7 830044 110188 ?       Sl   15:07   0:28 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24428  0.0  0.1  38440  4260 ?        Sl   15:07   0:06 /var/ossec/bin/wazuh-integratord
root     24450  0.2  0.1 259704  5820 ?        Sl   15:07   1:24 /var/ossec/bin/wazuh-authd
wazuh    24467  0.0  0.5 775172 22928 ?        Sl   15:07   0:23 /var/ossec/bin/wazuh-db
wazuh    24479  0.0  1.5 317656 62304 ?        S    15:07   0:01 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24482  0.0  1.5 465576 63620 ?        S    15:07   0:25 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
root     24497  0.0  0.0  38480  3184 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-execd
wazuh    24512  4.3  3.9 1292884 159152 ?      Sl   15:07  22:23 /var/ossec/bin/wazuh-analysisd
root     24524  0.0  0.2 335312  8700 ?        SNl  15:07   0:12 /var/ossec/bin/wazuh-syscheckd
wazuh    24545  0.4  0.2 1187020 8296 ?        Sl   15:07   2:09 /var/ossec/bin/wazuh-remoted
root     24577  0.0  0.1 480880  5276 ?        Sl   15:07   0:02 /var/ossec/bin/wazuh-logcollector
wazuh    24624  0.0  0.0  38456  3152 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-monitord
root     24648  6.1  8.5 1458996 341348 ?      Sl   15:07  31:23 /var/ossec/bin/wazuh-modulesd
wazuh    24787  0.1  1.5 444412 60356 ?        Sl   15:07   0:37 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    24796  0.0  1.0 279676 43460 ?        S    15:07   0:19 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    24799  0.0  1.0 361604 43400 ?        S    15:07   0:19 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py

Worker env 1 🟢

wazuh    17055  0.0  2.3 740896 94272 ?        Sl   15:25   0:11 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    17081  0.0  0.1  38436  4328 ?        Sl   15:25   0:01 /var/ossec/bin/wazuh-integratord
wazuh    17098  0.1  0.5 775164 21100 ?        Sl   15:25   0:31 /var/ossec/bin/wazuh-db
root     17122  0.0  0.0  38476  3144 ?        Sl   15:25   0:00 /var/ossec/bin/wazuh-execd
wazuh    17124  0.0  1.4 309332 57240 ?        S    15:25   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    17127  0.0  1.5 463988 59892 ?        S    15:25   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    17143  0.0  2.6 1292680 105732 ?      Sl   15:25   0:16 /var/ossec/bin/wazuh-analysisd
root     17155  0.0  0.2 269664  8512 ?        SNl  15:25   0:12 /var/ossec/bin/wazuh-syscheckd
wazuh    17176  0.1  0.1 1178484 7568 ?        Sl   15:25   0:54 /var/ossec/bin/wazuh-remoted
root     17208  0.0  0.1 480872  5072 ?        Sl   15:25   0:02 /var/ossec/bin/wazuh-logcollector
wazuh    17232  0.0  0.0  38452  3224 ?        Sl   15:26   0:01 /var/ossec/bin/wazuh-monitord
root     17279  5.4  7.4 1205976 297844 ?      Sl   15:26  26:53 /var/ossec/bin/wazuh-modulesd
wazuh    17406  0.1  1.4 590520 59132 ?        Sl   15:26   0:34 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    17625  0.0  1.1 287428 45156 ?        S    15:26   0:10 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    18346  0.0  1.1 440048 44180 ?        S    15:30   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py

Master env 2 🟢

wazuh    24180  0.0  2.7 830300 110192 ?       Sl   15:07   0:24 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24203  0.0  0.1  38440  4312 ?        Sl   15:07   0:06 /var/ossec/bin/wazuh-integratord
root     24225  0.2  0.1 259708  5808 ?        Sl   15:07   1:26 /var/ossec/bin/wazuh-authd
wazuh    24242  0.0  0.4 709628 19132 ?        Sl   15:07   0:19 /var/ossec/bin/wazuh-db
wazuh    24254  0.0  1.5 317500 61952 ?        S    15:07   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24257  0.0  1.5 465320 63336 ?        S    15:07   0:19 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
root     24272  0.0  0.0  38480  3168 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-execd
wazuh    24287  4.2  3.4 1292636 138632 ?      Sl   15:07  21:55 /var/ossec/bin/wazuh-analysisd
root     24299  0.0  0.2 335308  8640 ?        SNl  15:07   0:12 /var/ossec/bin/wazuh-syscheckd
wazuh    24320  0.1  0.1 1186624 7036 ?        Sl   15:07   0:43 /var/ossec/bin/wazuh-remoted
root     24352  0.0  0.1 480880  5020 ?        Sl   15:07   0:02 /var/ossec/bin/wazuh-logcollector
wazuh    24375  0.0  0.0  38452  3244 ?        Sl   15:07   0:00 /var/ossec/bin/wazuh-monitord
root     24423  4.5  8.5 1524404 340132 ?      Sl   15:07  23:23 /var/ossec/bin/wazuh-modulesd
wazuh    24543  0.0  1.1 427680 45816 ?        Sl   15:07   0:07 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    24553  0.0  1.0 279664 43012 ?        S    15:07   0:09 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py
wazuh    24558  0.0  1.0 361592 43000 ?        S    15:07   0:09 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-clusterd.py

Wazuh Indexer

Bootstrap 🟢

`wazuh-i+ 15535  3.2 56.7 7153080 4588564 ?     Ssl  14:40  17:59 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10545042338456622215 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
`

Master B 🟢

wazuh-i+ 15523  2.0 56.4 7066864 4563656 ?     Ssl  14:41  11:26 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-7248741151444052373 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Master C 🟢

wazuh-i+ 15525  2.6 56.6 7114288 4578448 ?     Ssl  14:41  14:31 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3948m -Xmx3948m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-5466136299779105160 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2069889024 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Wazuh Dashboard

wazuh-indexer 🟢

wazuh-i+ 16974  2.2 37.9 5571004 3065916 ?     Ssl  jun03  12:10 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6104331748781638162 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

wazuh-dashboard 🟢

wazuh-d+ 20460  0.2  2.1 1009688 171568 ?      Ssl  jun03   1:13 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml

BelenValdivia · 2022-06-04T00:06:41Z

Task 3: The status of the Wazuh Indexer clusters is as expected 🟢

[root@ip-10-0-0-165 wazuh-user]# curl -k -u USER:PASS https://10.0.0.165:9200/_cat/nodes?v
ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.0.0.165           46          85   1    0.00    0.00     0.00 dimr      -      node-7
10.0.2.188            6          83   1    0.10    0.06     0.01 dimr      -      node-2
10.0.2.12            29          87   1    0.00    0.00     0.00 dimr      -      node-3
10.0.2.226           48          88   1    0.12    0.07     0.02 dimr      *      node-1

BelenValdivia · 2022-06-04T00:16:46Z

Task 4: No errors in browser's developer console when browsing the App 🔴

Console errors:

Wazuh-.developer.console.errors.mp4

Module disabled error:

GitHub.and.office.disabled.demo.mp4

Issues:

Dashboard section in differents modules is empty wazuh-dashboard-plugins#4217
Content security policy and 401 errors when login and logout the UI wazuh-dashboard-plugins#4221
Disabled plugins shouldn't appear in More menu wazuh-dashboard-plugins#4074

BelenValdivia · 2022-06-06T18:53:56Z

Task 5: Alerts are being generated for each of the modules configured for this purpose 🟢

BelenValdivia · 2022-06-06T20:52:05Z

Task 6: No warning symbols in Discover when expanding a document 🟢

juliamagan added team/qa manual-testing labels Jun 3, 2022

juliamagan added this to the Release 4.3.4 RC-1 milestone Jun 3, 2022

juliamagan added this to Release 4.3.4 Jun 3, 2022

juliamagan moved this to Todo in Release 4.3.4 Jun 3, 2022

juliamagan mentioned this issue Jun 3, 2022

Release 4.3.4 - Release Candidate 1 - E2E UX tests wazuh/wazuh#13670

Closed

1 task

juliamagan changed the title ~~Release 4.3.4-RC1 - Manual tests: Demo environment~~ Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment Jun 3, 2022

jmv74211 added release test/4.3.4 and removed release/4.3.4 labels Jun 3, 2022

BelenValdivia self-assigned this Jun 3, 2022

jmv74211 moved this from Todo to In Progress in Release 4.3.4 Jun 4, 2022

jmv74211 closed this as completed Jun 7, 2022

Repository owner moved this from In Progress to Done in Release 4.3.4 Jun 7, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment #2960

Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment #2960

juliamagan commented Jun 3, 2022 •

edited by alberpilot

Loading

BelenValdivia commented Jun 3, 2022 •

edited

Loading

BelenValdivia commented Jun 3, 2022 •

edited

Loading

BelenValdivia commented Jun 4, 2022

BelenValdivia commented Jun 4, 2022 •

edited

Loading

BelenValdivia commented Jun 6, 2022

BelenValdivia commented Jun 6, 2022

Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment #2960

Release 4.3.4 - Release Candidate 1 - E2E UX tests - Demo environment #2960

Comments

juliamagan commented Jun 3, 2022 • edited by alberpilot Loading

Test information

Test tasks

Open issues

Conclusion

Auditors validation

BelenValdivia commented Jun 3, 2022 • edited Loading

Task 1: No errors or warnings found in logs

Agents

Managers

Wazuh Indexer

Wazuh Dashboard

Issues:

BelenValdivia commented Jun 3, 2022 • edited Loading

Task 2: The daemons are running with the correct user

Agents

Managers

Wazuh Indexer

Wazuh Dashboard

BelenValdivia commented Jun 4, 2022

Task 3: The status of the Wazuh Indexer clusters is as expected 🟢

BelenValdivia commented Jun 4, 2022 • edited Loading

Task 4: No errors in browser's developer console when browsing the App 🔴

Console errors:

Module disabled error:

Issues:

BelenValdivia commented Jun 6, 2022

Task 5: Alerts are being generated for each of the modules configured for this purpose 🟢

BelenValdivia commented Jun 6, 2022

Task 6: No warning symbols in Discover when expanding a document 🟢

juliamagan commented Jun 3, 2022 •

edited by alberpilot

Loading

BelenValdivia commented Jun 3, 2022 •

edited

Loading

BelenValdivia commented Jun 3, 2022 •

edited

Loading

BelenValdivia commented Jun 4, 2022 •

edited

Loading