Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 4.9.1 - RC 1 - Footprint Metrics - ALL-EXCEPT-DOCKER,CISCAT,OSQUERY,AZURE (2.5d) #25871

Closed
wazuhci opened this issue Sep 23, 2024 · 1 comment
Closed

Release 4.9.1 - RC 1 - Footprint Metrics - ALL-EXCEPT-DOCKER,CISCAT,OSQUERY,AZURE (2.5d) #25871

wazuhci opened this issue Sep 23, 2024 · 1 comment
Assignees
@fcaffieri
Labels
level/subtask tracking type/release type/test

Comments

@wazuhci
Copy link

wazuhci commented Sep 23, 2024
edited by fcaffieri
Loading

Footprint metrics information
Main release stage issue # #25833
Main footprint metrics issue # #25838
Version 4.9.1
Release stage # RC 1
Tag https://github.com/wazuh/wazuh/tree/v4.9.1-rc1

Stress test documentation

Packages used

Manager
Centos agent
Ubuntu agent
Windows agent
macOS agent
  • Plots
  • Logs and configuration
  • CSV
Solaris agent
  • Plots
  • Logs and configuration
  • CSV

Conclusion 🔴

Plots compared to #25514

Graphs 🔴

No abnormalities were detected in the graphs

Logs 🟡

Known issues:
@rauldpm rauldpm mentioned this issue Sep 23, 2024
Closed
1 task
@fcaffieri fcaffieri self-assigned this Sep 25, 2024
@fcaffieri
Copy link
Member

fcaffieri commented Sep 25, 2024
edited
Loading

Analysis report

Graphs 🔴

Compared to: #25514

Some plots are wrong, new issue: https://github.com/wazuh/wazuh-jenkins/issues/6990

Manager

Disk: small decrease of modulesd at the beginning of the test
PSS, RS_MAXMIN, RSS, USS: small decrease of analysisd

Centos

Disk: small decrease of modulesd at the beginning of the test
Disk_read: increase in msyscheckd and modulesd

Ubuntu

Disk: increase of modulesd peak size at the beginning of the test
Disk_written: increase of modulesd

Windows

No abnormal behavior detected

Logs 🟡

Wazuh manager

Expected errors in stress tests

Error: 2024/09/23 00:00:23 sca: WARNING: Interval overtaken.
File: manager/var/ossec/logs/ossec.log

Error: 2024/09/20 21:11:28 wazuh-logcollector: WARNING: Target 'agent' message queue is full (1024). Log lines may be lost.
File: manager/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

Error: 2024/09/22 00:00:54 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
File: manager/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 00:14:37 wazuh-logcollector: WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files".
File: manager/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 05:21:34 wazuh-db: WARNING: After vacuum, the database '003' has become just as fragmented or worse
File: manager/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/21 03:14:17 wazuh-analysisd: WARNING: Input queue is full.
File: manager/var/ossec/logs/wazuh/2024/Sep/ossec-21.log

New errors

Error found in file: manager/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

2024/09/20 21:09:22 indexer-connector: WARNING: No username and password found in the keystore, using default values.

Error found in file: manager/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

2024/09/20 21:09:22 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-4-21.ec2.internal', retrying until the connection is successful.

Error found in file: manager/tmp/monitor.log

2024-09-20 21:13:38,211 Error getting something from a dict
KeyError: 'rpm'
Wazuh centos

Expected errors in stress tests

Error: 2024/09/23 00:01:12 sca: WARNING: Interval overtaken.
File: centos/var/ossec/logs/ossec.log

Error: 2024/09/20 21:12:16 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

Error: 2024/09/20 21:12:16 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

Error: 2024/09/22 00:00:15 wazuh-logcollector: WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files".
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 00:01:03 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 21:11:47 wazuh-agentd: WARNING: Agent buffer is full: Events may be lost.
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/21 03:13:55 wazuh-logcollector: WARNING: Target 'agent' message queue is full (1024). Log lines may be lost.
File: centos/var/ossec/logs/wazuh/2024/Sep/ossec-21.log

New errors

Error found in file: centos/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

2024/09/20 21:12:16 wazuh-agentd: ERROR: (1216): Unable to connect to '[172.31.4.21]:1514/tcp': 'Connection refused'.

Error found in file: centos/tmp/monitor.log

2024-09-20 22:16:36,226 Error getting something from a dict
KeyError: 'systemctl'
KeyError: 'wazuh-modulesd'
AttributeError: _cache
Wazuh ubuntu

Expected errors in stress tests

Error: 2024/09/23 00:00:48 sca: WARNING: Interval overtaken.
File: ubuntu/var/ossec/logs/ossec.log

Error: 2024/09/22 00:00:35 wazuh-logcollector: WARNING: (1960): File limit has been reached (1000). Please reduce the number of files or increase "logcollector.max_files".
File: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 00:00:51 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
File: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/22 01:27:25 wazuh-agentd: WARNING: Agent buffer is flooded: Producing too many events.
File: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

Error: 2024/09/21 03:14:33 wazuh-logcollector: WARNING: Target 'agent' message queue is full (1024). Log lines may be lost.
File: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-21.log

New errors

Error found in file: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-20.log

2024/09/20 21:12:17 wazuh-agentd: ERROR: (1216): Unable to connect to '[172.31.4.21]:1514/tcp': 'Connection refused'.

Error found in file: ubuntu/var/ossec/logs/wazuh/2024/Sep/ossec-22.log

2024/09/22 05:35:41 wazuh-syscheckd: WARNING: (6922): Cannot open '/tmp/syscheck_test/directories/dir3309': No such file or directory

Error found in file: ubuntu/tmp/monitor.log

2024-09-20 22:29:55,110 Error getting something from a dict
KeyError: 'apparmor_status'
AttributeError: _cache
FileNotFoundError: [Errno 2] No such file or directory: '/proc/1154774/stat'
KeyError: 'dpkg-query'
Wazuh windows

Expected errors in stress tests

Error: 2024/09/21 03:13:35 wazuh-agent: WARNING: (6906): Real time process: no data. Probably buffer overflow.
File: windows/logs\2024\Sep\ossec-21.log

Error: 2024/09/21 03:13:48 wazuh-agent: WARNING: (1960): File limit has been reached (200).
File: windows/logs\2024\Sep\ossec-21.log

Error: 2024/09/21 03:13:48 wazuh-agent: WARNING: Agent buffer is full: Events may be lost.
File: windows/logs\2024\Sep\ossec-21.log

Error: 2024/09/21 03:17:20 sca: WARNING: Interval overtaken.
File: windows/logs\2024\Sep\ossec-21.log

Error: 2024/09/22 20:07:23 wazuh-agent: WARNING: Agent buffer is flooded: Producing too many events.
File: windows/logs\2024\Sep\ossec-22.log

New errors

Error found in file: windows/logs\2024\Sep\ossec-21.log

2024/09/21 03:15:24 wazuh-agent: ERROR: (6716): Could not open handle for 'c:\tmp\syscheck_test\files\fimstress.12485'. Error code: 2

Error found in file: windows/logs\2024\Sep\ossec-21.log

2024/09/21 03:15:24 wazuh-agent: WARNING: At get_user(c:\tmp\syscheck_test\files\fimstress.12485): CreateFile(): The system cannot find the file specified. (2)

Error found in file: windows/logs\2024\Sep\ossec-21.log

2024/09/21 03:44:38 wazuh-agent: WARNING: (6922): Cannot open 'c:\tmp\syscheck_test\directories\dir3328': No such file or directory

Error found in file: windows/logs\2024\Sep\ossec-20.log

2024/09/20 21:12:16 wazuh-agent: ERROR: (1216): Unable to connect to '[172.31.4.21]:1514/tcp': 'No connection could be made because the target machine actively refused it.'.

Error found in file: windows/fimError.log

[2024-09-21_08:47:13] [ERROR] (create_delete): files\fimStress.2290269 file cannot be deleted.

Error found in file: windows/logs\2024\Sep\ossec-22.log

2024/09/22 03:17:50 wazuh-agent: ERROR: (6613): Real time Windows callback process: 'Access is denied.' (5).

@rauldpm rauldpm closed this as completed Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fcaffieri fcaffieri

Labels
level/subtask tracking type/release type/test
Projects
Release 4.9.1
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rauldpm @wazuhci @fcaffieri