Release 4.8.0 - Beta 1 - Specific systems #21834

wazuhci · 2024-02-08T16:18:21Z

Packages tests metrics information


Main release stage issue	#21774
Main packages metrics issue	#21778
Version	4.8.0
Release stage	Beta 1
Tag	https://github.com/wazuh/wazuh/tree/v4.8.0-beta1

Test packages

System	Build	Install	Deployment install	Upgrade	Remove	TCP	UDP	Errors found	Warnings found	Alerts found	Check users
AIX	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪
HPUX	⚪	⚪	---	---	⚪	⚪	⚪	⚪	⚪	⚪	⚪
S10 SPARC	⚪	⚪	---	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪
S11 SPARC	⚪	⚪	---	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪
OVA	⚫	⚫	---	---	---	⚫	⚫	⚫	⚫	⚫	⚫
AMI	⚫	⚫	---	---	---	⚫	⚫	⚫	⚫	⚫	⚫

PPC64EL packages

System	Build	Install	Deployment install	Upgrade	Uninstall	Alerts	TCP	UDP	Errors	Warnings	System users
CentOS 7	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪
Debian Stretch	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪	⚪

OVA/AMI specific tests

System	Filebeat test	Cluster green/yellow	Production repositories	UI Access	No SSH root access	SSH user access	Wazuh dashboard/APP version	Dashboard/Indexer VERSION file
OVA	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢
AMI	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢

Status legend:
⚫ - Pending/In progress
⚪ - Skipped
🔴 - Rejected
🟡 - Ready to review
🟢 - Approved

Testing considerations

Testing on PPC64EL systems must be done inside a container.
- The container must be requested to CICD team using an internal-devel-request, with access through authorized keys and a specific password.
When testing on PPC64EL Debian, installing procps may be required if it is not present in the container.

Auditor's validation

In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.

@davidjiglesias

Conclusion 🔴

OVA 🟡

Known issues

Systemd-entrypoint warnings in wazuh indexer wazuh-packages#2046

AMI 🔴

New issues

The text was updated successfully, but these errors were encountered:

rafabailon · 2024-02-08T16:38:40Z

Analysis Report - OVA 🟢

Check System 🟢

System Info

[wazuh-user@wazuh-server ~]$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

Wazuh Processes

[root@wazuh-server wazuh-user]# ps aux | grep wazuh
wazuh-d+  2020  0.8  1.9 1019076 155236 ?      Ssl  16:45   0:06 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
root      3980  0.0  0.0  98668  3648 ?        Ss   16:45   0:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H wazuh-server eth0
wazuh-i+  4499  6.9 57.2 8288976 4668552 ?     Ssl  16:45   0:52 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3981m -Xmx3981m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-12712028542158524160 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/wazuh-indexer -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED -XX:MaxDirectMemorySize=2087714816 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root      4536  0.0  0.0  86424  3576 ?        Ss   16:45   0:00 login -- wazuh-user
wazuh     5676  0.2  1.2 1002400 104804 ?      Sl   16:45   0:02 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5684  0.0  0.7 281944 60544 ?        S    16:45   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5687  0.0  0.8 370644 71604 ?        S    16:45   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5692  0.0  0.7 510180 58180 ?        S    16:45   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
root      5767  0.0  0.0 262112  6008 ?        Sl   16:45   0:00 /var/ossec/bin/wazuh-authd
wazuh     6068  0.2  0.2 945152 20788 ?        Sl   16:45   0:01 /var/ossec/bin/wazuh-db
root      6325  0.0  0.0  40768  4032 ?        Sl   16:45   0:00 /var/ossec/bin/wazuh-execd
wazuh     6612  0.2  0.3 2490176 32132 ?       Sl   16:45   0:01 /var/ossec/bin/wazuh-analysisd
root      7012  1.2  0.1 359740 13196 ?        SNl  16:45   0:09 /var/ossec/bin/wazuh-syscheckd
wazuh     7058  0.2  0.1 1167372 14232 ?       Sl   16:45   0:01 /var/ossec/bin/wazuh-remoted
root      7375  0.0  0.0 483160  4980 ?        Sl   16:45   0:00 /var/ossec/bin/wazuh-logcollector
wazuh     7577  0.0  0.0  40832  3972 ?        Sl   16:45   0:00 /var/ossec/bin/wazuh-monitord
root      7759  0.1  0.9 599264 74060 ?        Sl   16:45   0:01 /var/ossec/bin/wazuh-modulesd
wazuh-u+  8518  0.0  0.0 124864  3900 tty1     Ss+  16:45   0:00 -bash
root     18591  0.0  0.1 150632  9100 ?        Ss   16:46   0:00 sshd: wazuh-user [priv]
wazuh-u+ 18693  0.0  0.0 150632  4740 ?        S    16:46   0:00 sshd: wazuh-user@pts/0
wazuh-u+ 18694  0.0  0.0 124732  3996 pts/0    Ss   16:46   0:00 -bash
root     19297  0.0  0.0 119436  1000 pts/0    R+   16:58   0:00 grep --color=auto wazuh

Manager Version

[root@wazuh-server wazuh-user]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40803"
WAZUH_TYPE="server"

Indexer Version

[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-indexer/VERSION
4.8.0

Dashboard Version

[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/VERSION
4.8.0
[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/package.json
{
  "name": "opensearch-dashboards",
  "description": "OpenSearch Dashboards is a browser based analytics and search dashboard for OpenSearch. OpenSearch Dashboards is a snap to setup and start using. OpenSearch Dashboards strives to be easy to get started with, while also being flexible and powerful, just like OpenSearch.",
  "keywords": [
    "opensearch-dashboards",
    "opensearch",
    "logstash",
    "analytics",
    "visualizations",
    "dashboards",
    "dashboarding"
  ],
  "version": "2.10.0",
  "branch": "2.x",
  "build": {
    "number": 48003,
    "sha": "c1120d93e2ee647977f917a1249258a622d4eb5b",
    "distributable": true,
    "release": true
  },
  "repository": {
    "type": "git",
    "url": "https://github.com/opensearch-project/opensearch-dashboards.git"
  },
  "engines": {
    "node": ">=14.20.1 <19"
  }
}

Users 🟢

[root@wazuh-server wazuh-user]# grep -R "wazuh" /etc/group
wheel:x:10:wazuh-user
wazuh-user:x:1000:
wazuh-indexer:x:993:
wazuh:x:992:wazuh
wazuh-dashboard:x:991:wazuh-dashboard
[root@wazuh-server wazuh-user]# grep -R "wazuh" /etc/passwd
wazuh-user:x:1000:1000::/home/wazuh-user:/bin/bash
wazuh-indexer:x:995:993:wazuh-indexer user:/usr/share/wazuh-indexer:/sbin/nologin
wazuh:x:994:992::/var/ossec:/sbin/nologin
wazuh-dashboard:x:993:991::/usr/share/wazuh-dashboard/:/sbin/nologin

WUI 🟢

Credentials: admin/admin

Logs 🟡

Wazuh Dashboard - journalctl 🟢

[root@wazuh-server wazuh-user]# journalctl -r -u wazuh-dashboard | grep -i -E "error|critical|fatal|warning"
feb 08 17:02:26 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:02:26Z","tags":["error","plugins","securityDashboards"],"pid":2020,"message":"Failed authentication: Error: Authentication Exception"}
feb 08 17:02:05 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:02:05Z","tags":["error","plugins","securityDashboards"],"pid":2020,"message":"Failed authentication: Error: Authentication Exception"}
feb 08 17:02:02 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:02:02Z","tags":["error","plugins","securityDashboards"],"pid":2020,"message":"Failed authentication: Error: Authentication Exception"}
feb 08 17:01:23 wazuh-server opensearch-dashboards[2020]: {"type":"error","@timestamp":"2024-02-08T17:01:23Z","tags":["connection","client","error"],"pid":2020,"level":"error","error":{"message":"140454547679104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 48\n","name":"Error","stack":"Error: 140454547679104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 48\n","code":"ERR_SSL_TLSV1_ALERT_UNKNOWN_CA"},"message":"140454547679104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 48\n"}
feb 08 17:45:43 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:43Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ResponseError]: Response Error"}
feb 08 17:45:40 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:40Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:38 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:38Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:35 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:35Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:33 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:33Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:30 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:30Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:28 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:28Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:25 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:25Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
feb 08 17:45:23 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:23Z","tags":["error","savedobjects-service"],"pid":2020,"message":"Unable to retrieve version information from OpenSearch nodes."}
feb 08 17:45:23 wazuh-server opensearch-dashboards[2020]: {"type":"log","@timestamp":"2024-02-08T17:45:23Z","tags":["error","opensearch","data"],"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}

Wazuh Indexer - journalctl 🟡

[root@wazuh-server wazuh-user]# journalctl -r -u wazuh-indexer | grep -i -E "error|critical|fatal|warning"
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager will be removed in a future release
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: A terminally deprecated method in java.lang.System has been called
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager will be removed in a future release
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: A terminally deprecated method in java.lang.System has been called

Wazuh Indexer - /var/logs/wazuh-indexer 🟢

[root@wazuh-server wazuh-user]# grep -R -i -E "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:30,665][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3981m, -Xmx3981m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-12712028542158524160, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2087714816, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:38,614][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,201][ERROR][o.o.i.i.ManagedIndexCoordinator] [node-1] Failed to get ISM policies with templates: Failed to execute phase [query], all shards failed
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,669][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,669][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,696][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,699][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,702][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:45:43,931][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:30,665Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3981m, -Xmx3981m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-12712028542158524160, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2087714816, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:38,614Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,201Z", "level": "ERROR", "component": "o.o.i.i.ManagedIndexCoordinator", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed to get ISM policies with templates: Failed to execute phase [query], all shards failed", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,669Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,669Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,696Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,699Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,702Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:45:43,931Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "Pye5KKHaQe2HwvvvHqPDYQ", "node.id": "YHFzfeITQvCY91cmBtugHw"  }

Wazuh Server - /var/ossec/logs 🟢

[root@wazuh-server wazuh-user]# grep -i -E "error|critical|fatal|warning" /var/ossec/logs/ossec.log
2024/02/08 17:45:37 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/08 17:45:39 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/08 17:45:43 indexer-connector: WARNING: Error initializing IndexerConnector: HTTP response code said error: 503, we will try again after 8 seconds.
2024/02/08 16:56:39 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'secretstorage', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:41 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'zipp', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:42 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'twisted', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:44 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-debian', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:45 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'httplib2', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:45 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-apt', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:46 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'systemd-python', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:46 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'zope.interface', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:47 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'unattended-upgrades', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:47 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyasn1', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:49 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'xkit', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:49 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'command-not-found', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:49 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pexpect', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:51 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyyaml', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:51 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'colorama', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:53 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'incremental', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:55 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'automat', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:56 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'keyring', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:56 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ubuntu-advantage-tools', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:57 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'lazr.uri', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:59 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'lazr.restfulclient', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:56:59 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'more-itertools', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:00 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ufw', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:01 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'importlib-metadata', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:03 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'blinker', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:07 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'constantly', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:08 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyopenssl', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:10 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pygobject', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:14 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'click', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:15 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'configobj', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:15 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'six', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:15 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-magic', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:15 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'cryptography', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'distro-info', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'chardet', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:18 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'launchpadlib', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:22 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyasn1-modules', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:22 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyparsing', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:24 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ubuntu-drivers-common', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:26 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'netifaces', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:26 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyserial', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:26 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'distro', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:27 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'idna', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:28 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ptyprocess', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:28 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'dbus-python', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:30 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'service-identity', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:35 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyjwt', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:38 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'setuptools', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:41 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyhamcrest', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:42 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ssh-import-id', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:45 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jeepney', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:46 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'hyperlink', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:55 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'sos', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:57:56 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'attrs', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:58:00 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'wadllib', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:58:02 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'bcrypt', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 16:58:03 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'oauthlib', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''

Filebeat Test 🟢

[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

Wazuh Indexer Cluster 🟢

[root@wazuh-server wazuh-user]# curl -k -u admin:admin https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Pye5KKHaQe2HwvvvHqPDYQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@wazuh-server wazuh-user]# curl -k -u admin:admin https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1            2          82   1    0.33    0.19     0.11 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@wazuh-server wazuh-user]# curl -k -u admin:admin https://127.0.0.1:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 17,
  "active_shards" : 17,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

No Root SSH Access 🟢

root@ubuntu2204:/home/vagrant# ssh root@192.168.1.86
The authenticity of host '192.168.1.86 (192.168.1.86)' can't be established.
ECDSA key fingerprint is SHA256:r9eJRrxYuLMuFq1HokQ0msKm028GuaOezl+FA2DJb9U.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.86' (ECDSA) to the list of known hosts.
root@192.168.1.86's password: 
Permission denied, please try again.
root@192.168.1.86's password: 
Permission denied, please try again.
root@192.168.1.86's password: 
root@192.168.1.86: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

System Info - Agent 🟢

root@ubuntu2204:/home/vagrant# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy


</details>

<details>
   <summary>Installation - Agent 🟢</summary>
   <br/>

- Download

```console
root@ubuntu2204:/home/vagrant# curl -OL https://packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9.8M  100  9.8M    0     0   781k      0  0:00:12  0:00:12 --:--:-- 2416k

Install

root@ubuntu2204:/home/vagrant# apt install ./wazuh-agent_4.8.0-1_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-agent' instead of './wazuh-agent_4.8.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-agent
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 0 B/10.3 MB of archives.
After this operation, 35.9 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-agent_4.8.0-1_amd64.deb wazuh-agent amd64 4.8.0-1 [10.3 MB]
Preconfiguring packages ...
Selecting previously unselected package wazuh-agent.
(Reading database ... 76324 files and directories currently installed.)
Preparing to unpack .../wazuh-agent_4.8.0-1_amd64.deb ...
Unpacking wazuh-agent (4.8.0-1) ...
Setting up wazuh-agent (4.8.0-1) ...
Scanning processes...                                                           
Scanning linux images...                                                        

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

Configure

root@ubuntu2204:/home/vagrant# nano /var/ossec/etc/ossec.conf
root@ubuntu2204:/home/vagrant# /var/ossec/bin/wazuh-control start
Starting Wazuh v4.8.0...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.
root@ubuntu2204:/home/vagrant# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Wazuh Server

[root@wazuh-server wazuh-user]# /var/ossec/bin/agent_control -i 001

Wazuh agent_control. Agent information:
   Agent ID:   001
   Agent Name: ubuntu2204.localdomain
   IP address: any
   Status:     Active

   Operating system:    Linux |ubuntu2204.localdomain |5.15.0-91-generic |#101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 |x86_64
   Client version:      Wazuh v4.8.0
   Configuration hash:  ab73af41699f13fdd81903b5f23d8d00
   Shared file hash:    4a8724b20dee0124ff9656783c490c4e
   Last keep alive:     1707412382

   Syscheck last started at:  Thu Feb  8 16:56:30 2024
   Syscheck last ended at:    Thu Feb  8 16:56:32 2024

Conclusions

Warnings related to setSecurityManager in Wazuh Indexer - journalctl

[root@wazuh-server wazuh-user]# journalctl -r -u wazuh-indexer | grep -i -E "error|critical|fatal|warning"
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager will be removed in a future release
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
feb 08 17:45:30 wazuh-server systemd-entrypoint[4499]: WARNING: A terminally deprecated method in java.lang.System has been called
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager will be removed in a future release
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
feb 08 17:45:29 wazuh-server systemd-entrypoint[4499]: WARNING: A terminally deprecated method in java.lang.System has been called

Reported in wazuh/wazuh-packages#2046

jnasselle · 2024-02-08T18:17:26Z

Analysis Report - AMI 🔴

WUI 🔴

Loading Screen: OK
Login Screen: OK
Credentials: OK
Health Check 🔴
Overview OK

Logs 🟡

Wazuh Dashboard - journalctl 🟢

[wazuh-user@wazuh-server ~]$ journalctl -r -u wazuh-dashboard | grep -i -E "error|critical|fatal|warning"
Feb 08 17:15:00 wazuh-server opensearch-dashboards[6229]: {"type":"log","@timestamp":"2024-02-08T17:15:00Z","tags":["error","opensearch","data"],"pid":6229,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.6w/qh5SUHXkS-yihYsJGH4aAA] already exists"}
Feb 08 17:11:01 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:11:01Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:11:00 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:11:00Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:11:00 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:11:00Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:59 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:59Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:59 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:59Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:59 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:59Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:58 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:58Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:58 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:58Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:56 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:56Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:56 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:56Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:56 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:56Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:56 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:10:56Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:10:28 wazuh-server opensearch-dashboards[6229]: {"type":"log","@timestamp":"2024-02-08T17:10:28Z","tags":["error","plugins","securityDashboards"],"pid":6229,"message":"Failed authentication: Error: Authentication Exception"}
Feb 08 17:08:52 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:52Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:34 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:34Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:34 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:34Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:12 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:12Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:12 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:12Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:11 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:11Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:11 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:11Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:11 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:11Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:09 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:09Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:09 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:09Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:09 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:09Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:08 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:08Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:08:08 wazuh-server opensearch-dashboards[6229]: {"type":"error","@timestamp":"2024-02-08T17:08:08Z","tags":["connection","client","error"],"pid":6229,"level":"error","error":{"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140337361356672:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:49 wazuh-server opensearch-dashboards[1889]: {"type":"error","@timestamp":"2024-02-08T17:07:49Z","tags":["connection","client","error"],"pid":1889,"level":"error","error":{"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:49 wazuh-server opensearch-dashboards[1889]: {"type":"error","@timestamp":"2024-02-08T17:07:49Z","tags":["connection","client","error"],"pid":1889,"level":"error","error":{"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:49 wazuh-server opensearch-dashboards[1889]: {"type":"error","@timestamp":"2024-02-08T17:07:49Z","tags":["connection","client","error"],"pid":1889,"level":"error","error":{"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:48 wazuh-server opensearch-dashboards[1889]: {"type":"error","@timestamp":"2024-02-08T17:07:48Z","tags":["connection","client","error"],"pid":1889,"level":"error","error":{"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:48 wazuh-server opensearch-dashboards[1889]: {"type":"error","@timestamp":"2024-02-08T17:07:48Z","tags":["connection","client","error"],"pid":1889,"level":"error","error":{"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"139819887675264:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Feb 08 17:07:38 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:38Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:36 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:36Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:33 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:33Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:31 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:31Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:28 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:28Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:26 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:26Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ResponseError]: Response Error"}
Feb 08 17:07:23 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:23Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:21 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:21Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:18 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:18Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:16 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:16Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:13 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:13Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:11 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:11Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:08 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:08Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Feb 08 17:07:06 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:06Z","tags":["error","savedobjects-service"],"pid":1889,"message":"Unable to retrieve version information from OpenSearch nodes."}
Feb 08 17:07:06 wazuh-server opensearch-dashboards[1889]: {"type":"log","@timestamp":"2024-02-08T17:07:06Z","tags":["error","opensearch","data"],"pid":1889,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}

Wazuh Indexer - journalctl 🟡

[wazuh-user@wazuh-server ~]$ journalctl -r -u wazuh-indexer | grep -i -E "error|critical|fatal|warning"
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: WARNING: System::setSecurityManager will be removed in a future release
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 08 17:06:20 wazuh-server systemd-entrypoint[2409]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 08 17:06:13 wazuh-server systemd-entrypoint[2409]: WARNING: System::setSecurityManager will be removed in a future release
Feb 08 17:06:13 wazuh-server systemd-entrypoint[2409]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 08 17:06:13 wazuh-server systemd-entrypoint[2409]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 08 17:06:13 wazuh-server systemd-entrypoint[2409]: WARNING: A terminally deprecated method in java.lang.System has been called

Wazuh Indexer - /var/logs/wazuh-indexer 🟢

[root@wazuh-server wazuh-user]# grep -R -i -E "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:06:20,434Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3930m, -Xmx3930m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-9950182819536823635, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2060451840, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:18,077Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:24,777Z", "level": "ERROR", "component": "o.o.i.i.ManagedIndexCoordinator", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed to get ISM policies with templates: Failed to execute phase [query], all shards failed", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,595Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,596Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,596Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,596Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,596Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,597Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,597Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,597Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,597Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:25,597Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:26,642Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:26,656Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:26,659Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:26,662Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:27,052Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:28,586Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:28,589Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:28,592Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:28,595Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:31,087Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:31,089Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:31,091Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:31,093Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:33,587Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:33,591Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:33,592Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:33,594Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:36,089Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:36,091Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:36,097Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:36,099Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:37,898Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:38,590Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:38,592Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:38,594Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-02-08T17:07:38,596Z", "level": "ERROR", "component": "o.o.s.a.BackendRegistry", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Not yet initialized (you may need to run securityadmin)", "cluster.uuid": "E5opbFb4RWSyj--q0UVgyw", "node.id": "430dOwk-TaKMBE_lz2z5mw"  }
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:06:20,434][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3930m, -Xmx3930m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-9950182819536823635, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2060451840, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:18,077][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:24,777][ERROR][o.o.i.i.ManagedIndexCoordinator] [node-1] Failed to get ISM policies with templates: Failed to execute phase [query], all shards failed
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,595][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,596][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,596][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,596][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,596][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,597][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,597][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,597][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,597][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:25,597][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@2d4b867] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:26,642][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:26,656][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:26,659][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:26,662][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:27,052][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:28,586][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:28,589][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:28,592][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:28,595][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:31,087][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:31,089][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:31,091][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:31,093][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:33,587][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:33,591][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:33,592][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:33,594][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:36,089][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:36,091][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:36,097][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:36,099][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:37,898][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:38,590][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:38,592][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:38,594][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-08T17:07:38,596][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)

Wazuh Server - /var/ossec/logs 🟢

[root@wazuh-server wazuh-user]# grep -i -E "error|critical|fatal|warning" /var/ossec/logs/ossec.log
2024/02/06 19:09:42 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.
2024/02/06 19:09:44 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 4 seconds.
2024/02/06 19:09:46 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyliblzma', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:47 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'babel', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:47 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'yum-metadata-parser', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:47 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'aws-cfn-bootstrap', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:48 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 8 seconds.
2024/02/06 19:09:49 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'langtable', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:49 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyxattr', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:52 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'docutils', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:53 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'lockfile', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:54 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'kitchen', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:55 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'simplejson', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:56 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-dateutil', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:56 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-daemon', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:57 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pystache', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:58 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ec2-hibinit-agent', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:09:58 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'urllib3', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:04 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'cloud-init', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:04 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'iniparse', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:04 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'setuptools', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:04 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'cffi', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:05 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'python-daemon', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:07 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'lockfile', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:07 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jsonpatch', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:07 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jwcrypto', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:07 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jinja2', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:11 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jmespath', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:11 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 's3transfer', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:12 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jsonpointer', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:12 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'repoze.lru', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:14 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pycurl', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:15 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'colorama', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:16 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'hibagent', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pycparser', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyasn1', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'idna', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:17 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'markupsafe', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:18 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'botocore', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:23 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pip', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:23 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'jsonschema', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:25 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'rsa', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:25 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pyyaml', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:25 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'six', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:25 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ipaddress', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:25 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pystache', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:26 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'cryptography', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:27 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pygpgme', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:28 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'futures', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:29 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'amazon-linux-extras', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:29 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'oauthlib', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:30 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'pillow', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:32 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'backports.ssl_match_hostname', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:34 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'rpm-python', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:34 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'configobj', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:34 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'yum-langpacks', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:35 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'docutils', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:35 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'requests', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:36 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'chardet', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:38 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'enum34', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:38 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'urlgrabber', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:38 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'ply', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:39 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'setuptools', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:39 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'simplejson', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/06 19:10:39 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'awscli', CVE Numbering Authorities (CNA): 'pypi', Error: 'Couldn't find column family: 'pypi''
2024/02/08 17:06:49 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 2 seconds.
2024/02/08 17:06:51 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 4 seconds.
2024/02/08 17:06:55 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 8 seconds.
2024/02/08 17:07:03 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 16 seconds.
2024/02/08 17:07:19 indexer-connector: WARNING: Error initializing IndexerConnector: Couldn't connect to server, we will try again after 32 seconds.
2024/02/08 17:07:46 indexer-connector: WARNING: Error initializing IndexerConnector: HTTP response code said error: 401, we will try again after 2 seconds.
2024/02/08 17:07:48 indexer-connector: WARNING: Error initializing IndexerConnector: HTTP response code said error: 401, we will try again after 4 seconds.

Filebeat Test 🟢

[root@wazuh-server wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2

Wazuh Indexer Cluster 🟢

[root@wazuh-server wazuh-user]# curl -k -u admin:$PASSWORD https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "E5opbFb4RWSyj--q0UVgyw",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}


[root@wazuh-server wazuh-user]# curl -k -u admin:$PASSWORD https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1            7          82   2    0.06    0.06     0.21 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1


[root@wazuh-server wazuh-user]# curl -k -u admin:$PASSWORD https://127.0.0.1:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 17,
  "active_shards" : 17,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Users 🟢

[root@wazuh-server wazuh-user]# grep -R "wazuh" /etc/group
wheel:x:10:wazuh-user
wazuh-user:x:1001:
wazuh-indexer:x:993:
wazuh:x:992:wazuh
wazuh-dashboard:x:991:wazuh-dashboard
[root@wazuh-server wazuh-user]# grep -R "wazuh" /etc/passwd
wazuh-user:x:1001:1001::/home/wazuh-user:/bin/bash
wazuh-indexer:x:995:993:wazuh-indexer user:/usr/share/wazuh-indexer:/sbin/nologin
wazuh:x:994:992::/var/ossec:/sbin/nologin
wazuh-dashboard:x:993:991::/usr/share/wazuh-dashboard/:/sbin/nologin

Versions 🟢

[root@wazuh-server wazuh-user]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40803"
WAZUH_TYPE="server"
[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-indexer/VERSION 
4.8.0
[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/VERSION
4.8.0
[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/package.json
{
  "name": "opensearch-dashboards",
  "description": "OpenSearch Dashboards is a browser based analytics and search dashboard for OpenSearch. OpenSearch Dashboards is a snap to setup and start using. OpenSearch Dashboards strives to be easy to get started with, while also being flexible and powerful, just like OpenSearch.",
  "keywords": [
    "opensearch-dashboards",
    "opensearch",
    "logstash",
    "analytics",
    "visualizations",
    "dashboards",
    "dashboarding"
  ],
  "version": "2.10.0",
  "branch": "2.x",
  "build": {
    "number": 48003,
    "sha": "c1120d93e2ee647977f917a1249258a622d4eb5b",
    "distributable": true,
    "release": true
  },
  "repository": {
    "type": "git",
    "url": "https://github.com/opensearch-project/opensearch-dashboards.git"
  },
  "engines": {
    "node": ">=14.20.1 <19"
  }
}

Processes 🟢

[root@wazuh-server wazuh-user]# ps -ef | grep wazuh
root      2163     1  0 17:05 ?        00:00:00 /sbin/dhclient -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H wazuh-server eth0
root      2202     1  0 17:05 ?        00:00:00 /sbin/dhclient -6 -nw -lf /var/lib/dhclient/dhclient6--eth0.lease -pf /var/run/dhclient6-eth0.pid eth0 -H wazuh-server
wazuh-i+  2409     1  3 17:05 ?        00:01:13 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3930m -Xmx3930m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9950182819536823635 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/wazuh-indexer -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED -XX:MaxDirectMemorySize=2060451840 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
wazuh     5015     1  0 17:07 ?        00:00:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5016  5015  0 17:07 ?        00:00:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5019  5015  0 17:07 ?        00:00:02 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh     5022  5015  0 17:07 ?        00:00:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
root      5064     1  0 17:07 ?        00:00:03 /var/ossec/bin/wazuh-authd
wazuh     5078     1  0 17:07 ?        00:00:01 /var/ossec/bin/wazuh-db
root      5104     1  0 17:07 ?        00:00:00 /var/ossec/bin/wazuh-execd
wazuh     5116     1  0 17:07 ?        00:00:01 /var/ossec/bin/wazuh-analysisd
root      5126     1  0 17:07 ?        00:00:07 /var/ossec/bin/wazuh-syscheckd
wazuh     5194     1  0 17:07 ?        00:00:01 /var/ossec/bin/wazuh-remoted
root      5238     1  0 17:07 ?        00:00:00 /var/ossec/bin/wazuh-logcollector
wazuh     5255     1  0 17:07 ?        00:00:00 /var/ossec/bin/wazuh-monitord
root      5265     1  0 17:07 ?        00:00:01 /var/ossec/bin/wazuh-modulesd
wazuh-d+  6229     1  0 17:07 ?        00:00:10 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
root      7430  3225  0 17:16 ?        00:00:00 sshd: wazuh-user [priv]
wazuh-u+  7462  7430  0 17:16 ?        00:00:00 sshd: wazuh-user@pts/0
wazuh-u+  7463  7462  0 17:16 pts/0    00:00:00 -bash
root      7649  7495  0 17:37 pts/0    00:00:00 grep --color=auto wazuh


[root@wazuh-server wazuh-user]# /var/ossec/bin/wazuh-control status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

SSH Root Access Denied 🟢

[jnasselle@t14 Downloads]$ ssh -p 2200 -i "Ephemeral.pem" root@54.80.115.247
Please login as the user "wazuh-user" rather than the user "root".

SSH wazuh-user Access Allowed 🟢

[jnasselle@t14 Downloads]$ ssh -p 2200 -i "Ephemeral.pem" wazuh-user@54.80.115.247


wwwwww.           wwwwwww.          wwwwwww.
wwwwwww.          wwwwwww.          wwwwwww.
 wwwwww.         wwwwwwwww.        wwwwwww.
 wwwwwww.        wwwwwwwww.        wwwwwww.
  wwwwww.       wwwwwwwwwww.      wwwwwww.
  wwwwwww.      wwwwwwwwwww.      wwwwwww.
   wwwwww.     wwwwww.wwwwww.    wwwwwww.
   wwwwwww.    wwwww. wwwwww.    wwwwwww.
    wwwwww.   wwwwww.  wwwwww.  wwwwwww.
    wwwwwww.  wwwww.   wwwwww.  wwwwwww.
     wwwwww. wwwwww.    wwwwww.wwwwwww.
     wwwwwww.wwwww.     wwwwww.wwwwwww.
      wwwwwwwwwwww.      wwwwwwwwwwww.
      wwwwwwwwwww.       wwwwwwwwwwww.      oooooo
       wwwwwwwwww.        wwwwwwwwww.      oooooooo
       wwwwwwwww.         wwwwwwwwww.     oooooooooo
        wwwwwwww.          wwwwwwww.      oooooooooo
        wwwwwww.           wwwwwwww.       oooooooo
         wwwwww.            wwwwww.         oooooo


         WAZUH Open Source Security Platform
                  https://wazuh.com


[wazuh-user@wazuh-server ~]$

Production Repositories 🟢

[wazuh-user@wazuh-server ~]$ cat /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1

Conclusions 🔴

New issues

QU3B1M · 2024-02-08T18:36:39Z

LGTM!

davidjiglesias · 2024-02-09T09:23:50Z

LGTM!

wazuhci added level/subtask type/test labels Feb 8, 2024

wazuhci mentioned this issue Feb 8, 2024

Release 4.8.0 - Beta 1 - Packages tests #21778

Closed

1 task

wazuhci added this to Release 4.8.0 Feb 8, 2024

wazuhci moved this to Backlog in Release 4.8.0 Feb 8, 2024

rafabailon self-assigned this Feb 8, 2024

wazuhci moved this from Backlog to In progress in Release 4.8.0 Feb 8, 2024

jnasselle self-assigned this Feb 8, 2024

wazuhci moved this from In progress to Pending final review in Release 4.8.0 Feb 8, 2024

davidjiglesias closed this as completed Feb 9, 2024

wazuhci moved this from Pending final review to Done in Release 4.8.0 Feb 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 4.8.0 - Beta 1 - Specific systems #21834

Release 4.8.0 - Beta 1 - Specific systems #21834

wazuhci commented Feb 8, 2024 •

edited by QU3B1M

Loading

rafabailon commented Feb 8, 2024 •

edited

Loading

jnasselle commented Feb 8, 2024 •

edited

Loading

QU3B1M commented Feb 8, 2024

davidjiglesias commented Feb 9, 2024

Release 4.8.0 - Beta 1 - Specific systems #21834

Release 4.8.0 - Beta 1 - Specific systems #21834

Comments

wazuhci commented Feb 8, 2024 • edited by QU3B1M Loading

Packages tests metrics information

Test packages

PPC64EL packages

OVA/AMI specific tests

Testing considerations

Auditor's validation

Conclusion 🔴

OVA 🟡

Known issues

AMI 🔴

New issues

rafabailon commented Feb 8, 2024 • edited Loading

Analysis Report - OVA 🟢

Conclusions

jnasselle commented Feb 8, 2024 • edited Loading

Analysis Report - AMI 🔴

Conclusions 🔴

New issues

QU3B1M commented Feb 8, 2024

davidjiglesias commented Feb 9, 2024

wazuhci commented Feb 8, 2024 •

edited by QU3B1M

Loading

rafabailon commented Feb 8, 2024 •

edited

Loading

jnasselle commented Feb 8, 2024 •

edited

Loading