Release 4.8.0 - Beta 2 - E2E UX tests - Demo environment #22111

davidjiglesias · 2024-02-26T09:21:33Z

End-to-End (E2E) Testing Guideline

Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the CICD team through this link.
External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the CICD team here.
Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

🟢 All checks passed
🟡 Found a known issue
🔴 Found a new error

Issue delivery and completion

Initial delivery: The issue's assignee must complete the testing and deliver the results by Feb 27, 2024 and notify the @wazuh/devops team via Slack using the c-release channel
Review: The @wazuh/devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Feb 28, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
Auditor: The QA team must audit, validate the results, and close the issue by Feb 29, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer
Server
Dashboard		-
Agent		-

Test description

Test demo.wazuh.info environment:

Check that there are no errors in the manager, agent, cluster, indexer, and dashboard logs.
Check that the Wazuh daemons are running with the expected user.
Check that the status of the indexer cluster is the expected.
Check that there are no errors in the browser's developer console when browsing the App.
Check that there are alerts for each of the modules configured.
Check that no warning symbols appear in the browser's developer console when browsing the App
Generate an alert and check that this alert appears in the dashboard (end to end)
Check that the search engine works without specifying a field and using *

To access the demo environment, please contact @cicd-team.

Known issues

Conclusions 🔴

Execution stopped because the Servers are down, related to: #22141

New issues

Known issues

Status	Test	Failure type	Notes
🟡	Check logs: Indexers	Error logs found in indexers	Known issue: #21861
🟡	Check logs: Agent RHEL	Missing files	Known issue: https://github.com/wazuh/wazuh-automation/issues/1284
🔴	Check logs: Agent Windows & RHEL	Modulesd osquery error	New issue: #22145
🔴	Check logs: Servers	Modulesd not running	New issue: #22153
🔴	Check logs: Servers	Errors in wazuh cluster	New issue: #22146
🔴	Check logs: Servers	Modulesd content-updater interrupted	New issue: #22148
🔴	Check logs: Servers	Error trying to terminate cluster process	New issue: #22149
🟡	Check logs: Servers	Error in agent registration	Known issue: https://github.com/wazuh/wazuh-jenkins/issues/4867
🟡	Check logs: Servers	Indexer connection warning	Known issue: #21829
🟡	Check logs: Servers	Remoted unexpected/too big messsage	Known issue: #17596
🟡	Check logs: Servers	Vulnerability detector errors	Known issue: #22144

Feedback

We value your feedback. Please provide insights on your testing experience.

Was the testing guideline clear? Were there any ambiguities?
- It was clear
Did you face any challenges not covered by the guideline?
- No
Suggestions for improvement:
- For now, I think it is OK as it is, nothing to improve.

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

@davidjiglesias
@wazuh/devops

The text was updated successfully, but these errors were encountered:

QU3B1M · 2024-02-26T13:32:30Z

Available machines

Agents

RHEL9
Centos
Debian
Windows
Ubuntu
Amazon

Dashboard

WazuhDashboard

Indexers

IndexerBootstrap
IndexerMasterB
IndexerMasterC
WazuhDashboard

Managers

WazuhMasterEnv1
WazuhMasterEnv2
WazuhWorker

QU3B1M · 2024-02-26T13:54:39Z

Check components logs

Agent logs

Amazon 🟢

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="agent"

Component status

systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:53:00 UTC; 2h 25min ago
Process: 9819 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 9956 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/wazuh-agent.service
        ├─11520 /var/ossec/bin/wazuh-execd
        ├─11532 /var/ossec/bin/wazuh-agentd
        ├─11547 /var/ossec/bin/wazuh-syscheckd
        ├─11561 /var/ossec/bin/wazuh-logcollector
        └─11579 /var/ossec/bin/wazuh-modulesd

Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Starting Wazuh v4.8.0...
Feb 26 11:52:54 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-execd...
Feb 26 11:52:55 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-agentd...
Feb 26 11:52:56 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-syscheckd...
Feb 26 11:52:57 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-logcollector...
Feb 26 11:52:58 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-modulesd...
Feb 26 11:53:00 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Completed.
Feb 26 11:53:00 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service status

journalctl -xe -u wazuh-agent.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 14:46:46 UTC. --
Feb 26 11:52:38 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun starting up.
Feb 26 11:52:38 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Starting Wazuh v4.8.0...
Feb 26 11:52:39 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Started wazuh-execd...
Feb 26 11:52:40 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Started wazuh-agentd...
Feb 26 11:52:41 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Started wazuh-syscheckd...
Feb 26 11:52:42 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Started wazuh-logcollector...
Feb 26 11:52:43 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Started wazuh-modulesd...
Feb 26 11:52:45 ip-10-0-1-251.us-west-1.compute.internal env[9272]: Completed.
Feb 26 11:52:45 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.
Feb 26 11:52:49 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun shutting down.
Feb 26 11:52:49 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Killing wazuh-modulesd...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Killing wazuh-logcollector...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Killing wazuh-syscheckd...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Killing wazuh-agentd...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Killing wazuh-execd...
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9819]: Wazuh v4.8.0 Stopped
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished shutting down.
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has begun starting up.
Feb 26 11:52:53 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Starting Wazuh v4.8.0...
Feb 26 11:52:54 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-execd...
Feb 26 11:52:55 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-agentd...
Feb 26 11:52:56 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-syscheckd...
Feb 26 11:52:57 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-logcollector...
Feb 26 11:52:58 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Started wazuh-modulesd...
Feb 26 11:53:00 ip-10-0-1-251.us-west-1.compute.internal env[9956]: Completed.
Feb 26 11:53:00 ip-10-0-1-251.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
12

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 12:10:35 wazuh-agentd: WARNING: (1218): Unable to send message to 'server': Connection reset by peer
2024/02/26 12:10:36 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:10:36 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 12:10:46 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 12:45:47 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:45:59 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:48:42 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:48:42 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 13:48:52 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 14:15:33 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:16:11 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:16:47 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...

Expected as the server was restarted because of some inconvenients.

CentOS 🟢

System information

cat /etc/*release
CentOS Linux release 8.4.2105
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
CentOS Linux release 8.4.2105
CentOS Linux release 8.4.2105

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="agent"

Component status

systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:55:06 UTC; 2h 57min ago
Process: 8208 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 8363 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 32 (limit: 4668)
Memory: 425.2M
CGroup: /system.slice/wazuh-agent.service
        ├─9737 /var/ossec/bin/wazuh-execd
        ├─9749 /var/ossec/bin/wazuh-agentd
        ├─9764 /var/ossec/bin/wazuh-syscheckd
        ├─9779 /var/ossec/bin/wazuh-logcollector
        └─9798 /var/ossec/bin/wazuh-modulesd

Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Starting Wazuh v4.8.0...
Feb 26 11:54:59 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-execd...
Feb 26 11:55:01 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-agentd...
Feb 26 11:55:02 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-syscheckd...
Feb 26 11:55:03 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-logcollector...
Feb 26 11:55:04 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-modulesd...
Feb 26 11:55:06 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Completed.
Feb 26 11:55:06 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...

Service status

journalctl -xe -u wazuh-agent.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:05 UTC, end at Mon 2024-02-26 14:52:55 UTC. --
Feb 26 11:54:43 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has begun starting up.
Feb 26 11:54:43 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Starting Wazuh v4.8.0...
Feb 26 11:54:44 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Started wazuh-execd...
Feb 26 11:54:45 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Started wazuh-agentd...
Feb 26 11:54:46 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Started wazuh-syscheckd...
Feb 26 11:54:47 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Started wazuh-logcollector...
Feb 26 11:54:48 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Started wazuh-modulesd...
Feb 26 11:54:50 ip-10-0-1-237.us-west-1.compute.internal env[7678]: Completed.
Feb 26 11:54:50 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.
Feb 26 11:54:54 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has begun shutting down.
Feb 26 11:54:54 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Killing wazuh-modulesd...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Killing wazuh-logcollector...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Killing wazuh-syscheckd...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Killing wazuh-agentd...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Killing wazuh-execd...
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8208]: Wazuh v4.8.0 Stopped
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has finished shutting down.
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has begun starting up.
Feb 26 11:54:58 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Starting Wazuh v4.8.0...
Feb 26 11:54:59 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-execd...
Feb 26 11:55:01 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-agentd...
Feb 26 11:55:02 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-syscheckd...
Feb 26 11:55:03 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-logcollector...
Feb 26 11:55:04 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Started wazuh-modulesd...
Feb 26 11:55:06 ip-10-0-1-237.us-west-1.compute.internal env[8363]: Completed.
Feb 26 11:55:06 ip-10-0-1-237.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit wazuh-agent.service has finished starting up.
-- 
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
23

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:10:41 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:10:41 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:10:45 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:10:51 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:43:03 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:45:40 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:46:38 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:09:27 wazuh-agentd: ERROR: Duplicate agent name: Centos (from manager)
2024/02/26 13:09:27 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 13:09:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'Connection refused'.
2024/02/26 14:18:52 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:19:41 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:22:04 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:32 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[10.0.0.105]:1515'
2024/02/26 14:24:42 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.105'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 14:24:42 wazuh-agentd: WARNING: Unable to connect to any server.
2024/02/26 14:36:26 wazuh-agentd: ERROR: Duplicate agent name: Centos (from manager)
2024/02/26 14:36:26 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 14:36:36 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.

Expected as the server was restarted because of some inconvenients.

2024/02/26 12:43:03 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:45:40 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:46:38 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:09:27 wazuh-agentd: ERROR: Duplicate agent name: Centos (from manager)
2024/02/26 13:09:27 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 13:09:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.

Related to: https://github.com/wazuh/wazuh-jenkins/issues/4867. Known issue

2024/02/26 14:36:26 wazuh-agentd: ERROR: Duplicate agent name: Centos (from manager)
2024/02/26 14:36:26 wazuh-agentd: ERROR: Unable to add agent (from manager)

Debian 🟢

System information

cat /etc/*release
ID="ec2"
VERSION="20220503-998"
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="agent"

Component status

systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
    Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2024-02-26 11:53:20 UTC; 3h 11min ago
    Process: 7735 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 32 (limit: 1123)
    Memory: 28.4M
        CPU: 52.941s
    CGroup: /system.slice/wazuh-agent.service
            ├─9720 /var/ossec/bin/wazuh-execd
            ├─9731 /var/ossec/bin/wazuh-agentd
            ├─9745 /var/ossec/bin/wazuh-syscheckd
            ├─9759 /var/ossec/bin/wazuh-logcollector
            └─9776 /var/ossec/bin/wazuh-modulesd

Feb 26 11:53:12 ip-10-0-1-159 systemd[1]: Starting Wazuh agent...
Feb 26 11:53:13 ip-10-0-1-159 env[7735]: Starting Wazuh v4.8.0...
Feb 26 11:53:14 ip-10-0-1-159 env[7735]: Started wazuh-execd...
Feb 26 11:53:15 ip-10-0-1-159 env[7735]: Started wazuh-agentd...
Feb 26 11:53:16 ip-10-0-1-159 env[7735]: Started wazuh-syscheckd...
Feb 26 11:53:17 ip-10-0-1-159 env[7735]: Started wazuh-logcollector...
Feb 26 11:53:18 ip-10-0-1-159 env[7735]: Started wazuh-modulesd...
Feb 26 11:53:20 ip-10-0-1-159 env[7735]: Completed.
Feb 26 11:53:20 ip-10-0-1-159 systemd[1]: Started Wazuh agent.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service status

journalctl -xe -u wazuh-agent.service --no-pager
-- Journal begins at Mon 2024-02-26 11:21:06 UTC, ends at Mon 2024-02-26 15:04:54 UTC. --
Feb 26 11:52:38 ip-10-0-1-159 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 3245.
Feb 26 11:52:38 ip-10-0-1-159 env[6142]: Starting Wazuh v4.8.0...
Feb 26 11:52:39 ip-10-0-1-159 env[6142]: Started wazuh-execd...
Feb 26 11:52:40 ip-10-0-1-159 env[6142]: Started wazuh-agentd...
Feb 26 11:52:41 ip-10-0-1-159 env[6142]: Started wazuh-syscheckd...
Feb 26 11:52:42 ip-10-0-1-159 env[6142]: Started wazuh-logcollector...
Feb 26 11:52:43 ip-10-0-1-159 env[6142]: Started wazuh-modulesd...
Feb 26 11:52:45 ip-10-0-1-159 env[6142]: Completed.
Feb 26 11:52:45 ip-10-0-1-159 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 3245.
Feb 26 11:53:02 ip-10-0-1-159 systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 3515.
Feb 26 11:53:11 ip-10-0-1-159 env[7210]: Killing wazuh-modulesd...
Feb 26 11:53:12 ip-10-0-1-159 env[7210]: Killing wazuh-logcollector...
Feb 26 11:53:12 ip-10-0-1-159 env[7210]: Killing wazuh-syscheckd...
Feb 26 11:53:12 ip-10-0-1-159 env[7210]: Killing wazuh-agentd...
Feb 26 11:53:12 ip-10-0-1-159 env[7210]: Killing wazuh-execd...
Feb 26 11:53:12 ip-10-0-1-159 env[7210]: Wazuh v4.8.0 Stopped
Feb 26 11:53:12 ip-10-0-1-159 systemd[1]: wazuh-agent.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 11:53:12 ip-10-0-1-159 systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 3515 and the job result is done.
Feb 26 11:53:12 ip-10-0-1-159 systemd[1]: wazuh-agent.service: Consumed 18.424s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 11:53:12 ip-10-0-1-159 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 3515.
Feb 26 11:53:13 ip-10-0-1-159 env[7735]: Starting Wazuh v4.8.0...
Feb 26 11:53:14 ip-10-0-1-159 env[7735]: Started wazuh-execd...
Feb 26 11:53:15 ip-10-0-1-159 env[7735]: Started wazuh-agentd...
Feb 26 11:53:16 ip-10-0-1-159 env[7735]: Started wazuh-syscheckd...
Feb 26 11:53:17 ip-10-0-1-159 env[7735]: Started wazuh-logcollector...
Feb 26 11:53:18 ip-10-0-1-159 env[7735]: Started wazuh-modulesd...
Feb 26 11:53:20 ip-10-0-1-159 env[7735]: Completed.
Feb 26 11:53:20 ip-10-0-1-159 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 3515.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
21

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:10:51 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:43:15 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:43:46 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:46:03 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:09:27 wazuh-agentd: ERROR: Duplicate agent name: Debian (from manager)
2024/02/26 13:09:27 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 13:09:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'Connection refused'.
2024/02/26 14:19:53 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:20:50 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:40 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:25:33 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[10.0.0.105]:1515'
2024/02/26 14:25:43 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.105'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 14:25:43 wazuh-agentd: WARNING: Unable to connect to any server.
2024/02/26 14:32:33 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection timed out'.
2024/02/26 14:36:26 wazuh-agentd: ERROR: Duplicate agent name: Debian (from manager)
2024/02/26 14:36:26 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 14:36:36 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.

Expected as the server was restarted because of some inconvenients.

2024/02/26 14:19:53 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:20:50 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:40 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:25:33 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[10.0.0.105]:1515'
2024/02/26 14:25:43 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.105'. Ensure that the manager version is 'v4.8.0' or higher.

Related to: https://github.com/wazuh/wazuh-jenkins/issues/4867. Known issue

2024/02/26 14:36:26 wazuh-agentd: ERROR: Duplicate agent name: Debian (from manager)
2024/02/26 14:36:26 wazuh-agentd: ERROR: Unable to add agent (from manager)

RHEL 🔴

System information

cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Red Hat Enterprise Linux release 9.2 (Plow)
Red Hat Enterprise Linux release 9.2 (Plow)

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="agent"

Component status

systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
    Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled)
    Active: active (running) since Mon 2024-02-26 12:34:28 UTC; 2h 37min ago
    Process: 61528 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 54 (limit: 22632)
    Memory: 361.6M
        CPU: 1min 35.340s
    CGroup: /system.slice/wazuh-agent.service
            ├─61555 /var/ossec/bin/wazuh-execd
            ├─61567 /var/ossec/bin/wazuh-agentd
            ├─61582 /var/ossec/bin/wazuh-syscheckd
            ├─61602 /var/ossec/bin/wazuh-logcollector
            ├─61620 /var/ossec/bin/wazuh-modulesd
            ├─61630 python3 wodles/docker/DockerListener
            ├─61635 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf
            └─61643 /usr/bin/osqueryd

Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Starting Wazuh v4.8.0...
Feb 26 12:34:22 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-execd...
Feb 26 12:34:23 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-agentd...
Feb 26 12:34:24 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-syscheckd...
Feb 26 12:34:25 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-logcollector...
Feb 26 12:34:25 ip-10-0-1-83.us-west-1.compute.internal osqueryd[61635]: osqueryd started [version=4.4.0]
Feb 26 12:34:26 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-modulesd...
Feb 26 12:34:28 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Completed.
Feb 26 12:34:28 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service status

journalctl -xe -u wazuh-agent.service --no-pager
Feb 26 11:53:39 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 5507.
Feb 26 11:53:39 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Starting Wazuh v4.8.0...
Feb 26 11:53:40 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Started wazuh-execd...
Feb 26 11:53:41 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Started wazuh-agentd...
Feb 26 11:53:42 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Started wazuh-syscheckd...
Feb 26 11:53:43 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Started wazuh-logcollector...
Feb 26 11:53:44 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Started wazuh-modulesd...
Feb 26 11:53:46 ip-10-0-1-83.us-west-1.compute.internal env[6273]: Completed.
Feb 26 11:53:46 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 5507.
Feb 26 11:53:50 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 5776.
Feb 26 11:53:50 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Killing wazuh-modulesd...
Feb 26 11:53:54 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Killing wazuh-logcollector...
Feb 26 11:53:54 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Killing wazuh-syscheckd...
Feb 26 11:53:54 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Killing wazuh-agentd...
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Killing wazuh-execd...
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal env[6791]: Wazuh v4.8.0 Stopped
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 5776 and the job result is done.
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 3.459s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 5776.
Feb 26 11:53:55 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Starting Wazuh v4.8.0...
Feb 26 11:53:56 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Started wazuh-execd...
Feb 26 11:53:57 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Started wazuh-agentd...
Feb 26 11:53:58 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Started wazuh-syscheckd...
Feb 26 11:53:59 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Started wazuh-logcollector...
Feb 26 11:54:00 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Started wazuh-modulesd...
Feb 26 11:54:02 ip-10-0-1-83.us-west-1.compute.internal env[6931]: Completed.
Feb 26 11:54:02 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 5776.
Feb 26 12:06:58 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 18453.
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Killing wazuh-modulesd...
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Killing wazuh-logcollector...
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Killing wazuh-syscheckd...
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Killing wazuh-agentd...
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Killing wazuh-execd...
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49808]: Wazuh v4.8.0 Stopped
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 18453 and the job result is done.
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 41.457s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 18453.
Feb 26 12:06:59 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Starting Wazuh v4.8.0...
Feb 26 12:07:00 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Started wazuh-execd...
Feb 26 12:07:01 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Started wazuh-agentd...
Feb 26 12:07:02 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Started wazuh-syscheckd...
Feb 26 12:07:03 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Started wazuh-logcollector...
Feb 26 12:07:04 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Started wazuh-modulesd...
Feb 26 12:07:06 ip-10-0-1-83.us-west-1.compute.internal env[49872]: Completed.
Feb 26 12:07:06 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 18453.
Feb 26 12:08:15 ip-10-0-1-83.us-west-1.compute.internal osqueryd[52920]: osqueryd started [version=4.4.0]
Feb 26 12:08:24 ip-10-0-1-83.us-west-1.compute.internal osqueryd[53232]: osqueryd started [version=4.4.0]
Feb 26 12:11:03 ip-10-0-1-83.us-west-1.compute.internal osqueryd[55338]: osqueryd started [version=4.4.0]
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 22195.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Killing wazuh-modulesd...
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Killing wazuh-logcollector...
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Killing wazuh-syscheckd...
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Killing wazuh-agentd...
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Killing wazuh-execd...
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58633]: Wazuh v4.8.0 Stopped
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 55346 (osqueryd) remains running after unit stopped.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 58662 (wazuh-modulesd) remains running after unit stopped.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 58663 (wazuh-modulesd) remains running after unit stopped.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 22195 and the job result is done.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 2min 10.702s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 22195.
Feb 26 12:28:31 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Starting Wazuh v4.8.0...
Feb 26 12:28:32 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Started wazuh-execd...
Feb 26 12:28:33 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Started wazuh-agentd...
Feb 26 12:28:34 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Started wazuh-syscheckd...
Feb 26 12:28:35 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Started wazuh-logcollector...
Feb 26 12:28:36 ip-10-0-1-83.us-west-1.compute.internal osqueryd[58805]: osqueryd started [version=4.4.0]
Feb 26 12:28:37 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Started wazuh-modulesd...
Feb 26 12:28:39 ip-10-0-1-83.us-west-1.compute.internal env[58701]: Completed.
Feb 26 12:28:39 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 22195.
Feb 26 12:34:20 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 25586.
Feb 26 12:34:20 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Killing wazuh-modulesd...
Feb 26 12:34:20 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Killing wazuh-logcollector...
Feb 26 12:34:20 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Killing wazuh-syscheckd...
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Killing wazuh-agentd...
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Killing wazuh-execd...
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal env[61460]: Wazuh v4.8.0 Stopped
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 58816 (osqueryd) remains running after unit stopped.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61489 (wazuh-modulesd) remains running after unit stopped.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61490 (wazuh-modulesd) remains running after unit stopped.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 25586 and the job result is done.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 40.368s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 25586.
Feb 26 12:34:21 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Starting Wazuh v4.8.0...
Feb 26 12:34:22 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-execd...
Feb 26 12:34:23 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-agentd...
Feb 26 12:34:24 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-syscheckd...
Feb 26 12:34:25 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-logcollector...
Feb 26 12:34:25 ip-10-0-1-83.us-west-1.compute.internal osqueryd[61635]: osqueryd started [version=4.4.0]
Feb 26 12:34:26 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Started wazuh-modulesd...
Feb 26 12:34:28 ip-10-0-1-83.us-west-1.compute.internal env[61528]: Completed.
Feb 26 12:34:28 ip-10-0-1-83.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
44

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 12:02:30 wazuh-logcollector: WARNING: Target 'agent' message queue is full (1024). Log lines may be lost.
2024/02/26 12:08:15 wazuh-modulesd:osquery: WARNING: Results file '/var/log/osquery/osqueryd.results.log' not available: No such file or directory (2). Retrying in 1 sec.
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:10:41 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:10:51 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'Connection refused'.
2024/02/26 12:26:52 wazuh-syscheckd: ERROR: in w_compress_gzfile(): fopen error /tmp/ansible_file_payload__ovo4dkt/ansible_file_payload.zip (2):'No such file or directory'
2024/02/26 12:26:52 wazuh-syscheckd: WARNING: (6914): Cannot create a snapshot of file '/tmp/ansible_file_payload__ovo4dkt/ansible_file_payload.zip'
2024/02/26 12:29:09 wazuh-logcollector: WARNING: Target 'agent' message queue is full (1024). Log lines may be lost.
2024/02/26 12:29:11 wazuh-agentd: WARNING: Agent buffer at 90 %.
2024/02/26 12:29:11 wazuh-agentd: WARNING: Agent buffer is full: Events may be lost.
2024/02/26 12:29:13 wazuh-agentd: WARNING: Agent buffer is full: Events may be lost.
2024/02/26 12:43:59 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:43:59 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:44:31 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:44:47 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:45:00 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:09:27 wazuh-agentd: ERROR: Duplicate agent name: RHEL9 (from manager)
2024/02/26 13:09:27 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 13:09:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'Connection refused'.
2024/02/26 13:49:16 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:18:52 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:18:54 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:19:43 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:31 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:32 wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[10.0.0.105]:1515'
2024/02/26 14:24:42 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.105'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 14:24:42 wazuh-agentd: WARNING: Unable to connect to any server.
2024/02/26 14:27:21 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:34:36 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:36:26 wazuh-agentd: ERROR: Duplicate agent name: RHEL9 (from manager)
2024/02/26 14:36:26 wazuh-agentd: ERROR: Unable to add agent (from manager)
2024/02/26 14:36:36 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 14:36:39 wazuh-agentd: ERROR: Connection socket: Connection reset by peer (104)
2024/02/26 14:36:39 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:36:39 wazuh-agentd: WARNING: Process locked due to agent is offline. Waiting for connection...

Expected as the server was restarted because of some inconvenients.

2024/02/26 13:09:37 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure that the manager version is 'v4.8.0' or higher.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:11 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'Connection refused'.
2024/02/26 13:49:16 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:18:52 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:18:54 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:19:43 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:31 wazuh-modulesd: WARNING: Process locked due to agent is offline. Waiting for connection...

Related to: Modulesd osquery results file not available in Demo Environment for 4.8.0 Beta 2 #22145

2024/02/26 12:08:15 wazuh-modulesd:osquery: WARNING: Results file '/var/log/osquery/osqueryd.results.log' not available: No such file or directory (2). Retrying in 1 sec.

Related to: https://github.com/wazuh/wazuh-automation/issues/1284

2024/02/26 12:26:52 wazuh-syscheckd: ERROR: in w_compress_gzfile(): fopen error /tmp/ansible_file_payload__ovo4dkt/ansible_file_payload.zip (2):'No such file or directory'
2024/02/26 12:26:52 wazuh-syscheckd: WARNING: (6914): Cannot create a snapshot of file '/tmp/ansible_file_payload__ovo4dkt/ansible_file_payload.zip'

Ubuntu 🟢

System information

cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="agent"

Component status

systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
    Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2024-02-26 11:54:22 UTC; 3h 22min ago
    Process: 9073 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 32 (limit: 1116)
    Memory: 28.2M
        CPU: 37.726s
    CGroup: /system.slice/wazuh-agent.service
            ├─10117 /var/ossec/bin/wazuh-execd
            ├─10128 /var/ossec/bin/wazuh-agentd
            ├─10142 /var/ossec/bin/wazuh-syscheckd
            ├─10156 /var/ossec/bin/wazuh-logcollector
            └─10176 /var/ossec/bin/wazuh-modulesd

Feb 26 11:54:15 ip-10-0-1-96 systemd[1]: Starting Wazuh agent...
Feb 26 11:54:15 ip-10-0-1-96 env[9073]: Starting Wazuh v4.8.0...
Feb 26 11:54:16 ip-10-0-1-96 env[9073]: Started wazuh-execd...
Feb 26 11:54:17 ip-10-0-1-96 env[9073]: Started wazuh-agentd...
Feb 26 11:54:18 ip-10-0-1-96 env[9073]: Started wazuh-syscheckd...
Feb 26 11:54:19 ip-10-0-1-96 env[9073]: Started wazuh-logcollector...
Feb 26 11:54:20 ip-10-0-1-96 env[9073]: Started wazuh-modulesd...
Feb 26 11:54:22 ip-10-0-1-96 env[9073]: Completed.
Feb 26 11:54:22 ip-10-0-1-96 systemd[1]: Started Wazuh agent.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service status

journalctl -xe -u wazuh-agent.service --no-pager
Feb 26 11:53:39 ip-10-0-1-96 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 5879.
Feb 26 11:53:39 ip-10-0-1-96 env[7267]: Starting Wazuh v4.8.0...
Feb 26 11:53:40 ip-10-0-1-96 env[7267]: Started wazuh-execd...
Feb 26 11:53:41 ip-10-0-1-96 env[7267]: Started wazuh-agentd...
Feb 26 11:53:42 ip-10-0-1-96 env[7267]: Started wazuh-syscheckd...
Feb 26 11:53:43 ip-10-0-1-96 env[7267]: Started wazuh-logcollector...
Feb 26 11:53:44 ip-10-0-1-96 env[7267]: Started wazuh-modulesd...
Feb 26 11:53:46 ip-10-0-1-96 env[7267]: Completed.
Feb 26 11:53:46 ip-10-0-1-96 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 5879.
Feb 26 11:54:05 ip-10-0-1-96 systemd[1]: Stopping Wazuh agent...
░░ Subject: A stop job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 6317.
Feb 26 11:54:14 ip-10-0-1-96 env[8435]: Killing wazuh-modulesd...
Feb 26 11:54:14 ip-10-0-1-96 env[8435]: Killing wazuh-logcollector...
Feb 26 11:54:14 ip-10-0-1-96 env[8435]: Killing wazuh-syscheckd...
Feb 26 11:54:14 ip-10-0-1-96 env[8435]: Killing wazuh-agentd...
Feb 26 11:54:15 ip-10-0-1-96 env[8435]: Killing wazuh-execd...
Feb 26 11:54:15 ip-10-0-1-96 env[8435]: Wazuh v4.8.0 Stopped
Feb 26 11:54:15 ip-10-0-1-96 systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Feb 26 11:54:15 ip-10-0-1-96 systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-agent.service has finished.
░░ 
░░ The job identifier is 6317 and the job result is done.
Feb 26 11:54:15 ip-10-0-1-96 systemd[1]: wazuh-agent.service: Consumed 15.589s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Feb 26 11:54:15 ip-10-0-1-96 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-agent.service has begun execution.
░░ 
░░ The job identifier is 6317.
Feb 26 11:54:15 ip-10-0-1-96 env[9073]: Starting Wazuh v4.8.0...
Feb 26 11:54:16 ip-10-0-1-96 env[9073]: Started wazuh-execd...
Feb 26 11:54:17 ip-10-0-1-96 env[9073]: Started wazuh-agentd...
Feb 26 11:54:18 ip-10-0-1-96 env[9073]: Started wazuh-syscheckd...
Feb 26 11:54:19 ip-10-0-1-96 env[9073]: Started wazuh-logcollector...
Feb 26 11:54:20 ip-10-0-1-96 env[9073]: Started wazuh-modulesd...
Feb 26 11:54:22 ip-10-0-1-96 env[9073]: Completed.
Feb 26 11:54:22 ip-10-0-1-96 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-agent.service has finished successfully.
░░ 
░░ The job identifier is 6317.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
11

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 12:10:35 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:10:35 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 12:10:45 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 12:45:49 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 12:46:02 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:48:42 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:48:42 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 13:48:52 wazuh-agentd: ERROR: (1216): Unable to connect to '[10.0.0.16]:1514/tcp': 'Connection refused'.
2024/02/26 14:15:33 wazuh-agentd: WARNING: Server unavailable. Setting lock.
2024/02/26 14:16:14 wazuh-syscheckd: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:17:02 wazuh-logcollector: WARNING: Process locked due to agent is offline. Waiting for connection...

Expected as the server was restarted because of some inconvenients.

Windows 🔴

System information

systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
OS Name:                   Microsoft Windows Server 2019 Datacenter
OS Version:                10.0.17763 N/A Build 17763

Component version

(Get-Command "C:\Program Files (x86)\ossec-agent\wazuh-agent.exe").FileVersionInfo

ProductVersion   FileVersion      FileName
--------------   -----------      --------
v4.8.0           v4.8.0           C:\Program Files (x86)\ossec-agent\wazuh-agent.exe

Component status

NET START wazuh
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Error/Warning logs

(Get-Content -Path 'C:\Program Files (x86)\ossec-agent\ossec.log' | Select-String -Pattern "ERROR","WARNING" -CaseSensitive:$false).Count
94

Get-Content -Path 'C:\Program Files (x86)\ossec-agent\ossec.log' | Select-String -Pattern "ERROR","WARNING" -CaseSensitive:$false

2024/02/26 12:08:30 wazuh-modulesd:osquery: WARNING: The configuration file 'C:\Program Files\osquery\osquery.conf' is
not accessible: No such file or directory (2)
2024/02/26 12:08:30 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 1 sec.
2024/02/26 12:08:31 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 2 sec.
2024/02/26 12:08:33 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 3 sec.
2024/02/26 12:08:36 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 4 sec.
2024/02/26 12:08:40 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 5 sec.
2024/02/26 12:08:45 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 6 sec.
2024/02/26 12:08:51 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 7 sec.
2024/02/26 12:09:03 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 1 sec.
2024/02/26 12:09:03 wazuh-modulesd:osquery: WARNING: The configuration file 'C:\Program Files\osquery\osquery.conf' is
not accessible: No such file or directory (2)
2024/02/26 12:09:04 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 2 sec.
2024/02/26 12:09:06 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 3 sec.
2024/02/26 12:09:09 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 4 sec.
2024/02/26 12:09:13 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 5 sec.
2024/02/26 12:09:18 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 6 sec.
2024/02/26 12:09:24 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 7 sec.
2024/02/26 12:09:31 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 8 sec.
2024/02/26 12:09:39 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 9 sec.
2024/02/26 12:09:48 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 10 sec.
2024/02/26 12:09:58 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 11 sec.
2024/02/26 12:10:09 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 12 sec.
2024/02/26 12:10:21 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 13 sec.
2024/02/26 12:10:34 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 14 sec.
2024/02/26 12:10:48 wazuh-agent: ERROR: (1216): Unable to connect to '[10.0.0.15]:1514/tcp': 'No connection could be
made because the target machine actively refused it.'.
2024/02/26 12:10:58 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 1 sec.
2024/02/26 12:10:58 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240226.log'
due to [(3)-(No such process)].
2024/02/26 12:10:58 wazuh-modulesd:osquery: WARNING: The configuration file 'C:\Program Files\osquery\osquery.conf' is
not accessible: No such file or directory (2)
2024/02/26 12:10:59 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 2 sec.
2024/02/26 12:11:01 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 3 sec.
2024/02/26 12:11:04 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 4 sec.
2024/02/26 12:11:08 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 5 sec.
2024/02/26 12:11:13 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 6 sec.
2024/02/26 12:11:19 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 7 sec.
2024/02/26 12:11:26 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such process (3). Retrying in 8 sec.
2024/02/26 12:11:34 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log'
not available: No such file or directory (2). Retrying in 9 sec.
2024/02/26 12:13:38 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:15:09 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:15:39 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:15:39 wazuh-agent: WARNING: (1218): Unable to send message to 'server': The operation completed
successfully.
2024/02/26 12:18:09 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:22:09 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:23:08 wazuh-modulesd:osquery: ERROR: Couldn't execute osquery (C:\Program
Files\osquery\osqueryd/osqueryd.exe). Check file and permissions. Sleeping for 10 minutes.
2024/02/26 12:25:36 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:26:36 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 12:26:36 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:43:07 wazuh-agent: WARNING: Server unavailable. Setting lock.
2024/02/26 12:43:08 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:46:12 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 12:47:33 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:09:27 wazuh-agent: ERROR: Duplicate agent name: Windows (from manager)
2024/02/26 13:09:27 wazuh-agent: ERROR: Unable to add agent (from manager)
2024/02/26 13:09:37 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure
that the manager version is 'v4.8.0' or higher.
2024/02/26 13:09:54 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:11:49 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:38:50 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:41:10 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:41:29 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:41:29 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:43:39 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:43:39 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:44:30 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:44:30 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:44:49 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:44:49 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:44:59 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:44:59 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:49:11 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:12 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:49:12 wazuh-agent: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'No connection could be
made because the target machine actively refused it.'.
2024/02/26 13:49:53 wazuh-agent: ERROR: Connection socket: An existing connection was forcibly closed by the remote
host. (10054)
2024/02/26 13:49:53 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:53 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 13:53:03 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:00:23 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:00:23 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:00:52 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:00:52 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:01:03 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:01:03 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:02:03 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 14:18:53 wazuh-agent: WARNING: Server unavailable. Setting lock.
2024/02/26 14:21:13 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:22:42 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:22:45 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:23:34 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:29 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:24:34 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[10.0.0.105]:1515'
2024/02/26 14:24:44 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.105'. Ensure
that the manager version is 'v4.8.0' or higher.
2024/02/26 14:24:44 wazuh-agent: WARNING: Unable to connect to any server.
2024/02/26 14:29:45 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:34:28 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...
2024/02/26 14:36:26 wazuh-agent: ERROR: Duplicate agent name: Windows (from manager)
2024/02/26 14:36:26 wazuh-agent: ERROR: Unable to add agent (from manager)
2024/02/26 14:36:36 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: '10.0.0.15'. Ensure
that the manager version is 'v4.8.0' or higher.

Expected as the server was restarted because of some inconvenients.

2024/02/26 13:49:12 wazuh-agent: ERROR: (1216): Unable to connect to '[10.0.0.105]:1514/tcp': 'No connection could be
made because the target machine actively refused it.'.
2024/02/26 13:49:53 wazuh-agent: ERROR: Connection socket: An existing connection was forcibly closed by the remote
host. (10054)
2024/02/26 13:49:53 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2024/02/26 13:49:53 wazuh-agent: WARNING: Process locked due to agent is offline. Waiting for connection...

Related to: Modulesd osquery results file not available in Demo Environment for 4.8.0 Beta 2 #22145

2024/02/26 12:08:30 wazuh-modulesd:osquery: WARNING: The configuration file 'C:\Program Files\osquery\osquery.conf' is not accessible: No such file or directory (2)
2024/02/26 12:08:30 wazuh-modulesd:osquery: WARNING: Results file 'C:\Program Files\osquery\log\osqueryd.results.log' not available: No such process (3). Retrying in 1 sec.

Dashboard logs

Dashboard 🟢

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component version

cat /usr/share/wazuh-dashboard/plugins/wazuh/package.json
{
"name": "wazuh",
"version": "4.8.0",
"revision": "04",
"pluginPlatform": {
    "version": "2.10.0"
},
"description": "Wazuh dashboard",
"keywords": [
    "opensearch_dashboards",
    "wazuh",
    "ossec"
],
"node_build": "10.23.1",
"author": "Wazuh, Inc",
"license": "GPL-2.0",
"repository": {
    "type": "git",
    "url": "https://github.com/wazuh/wazuh-dashboard-plugins.git"
},
"bugs": {
    "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues"
},
"homepage": "https://www.wazuh.com/",
"scripts": {
    "lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}",
    "lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}",
    "lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}",
    "lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}",
    "lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'",
    "format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc",
    "kbn": "node ../../scripts/kbn",
    "es": "node ../../scripts/es",
    "start": "plugin-helpers start",
    "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION",
    "build:runner": "node scripts/runner build",
    "plugin-helpers": "node ../../scripts/plugin_helpers",
    "test:ui:runner": "node ../../scripts/functional_test_runner.js",
    "test:server": "plugin-helpers test:server",
    "test:browser": "plugin-helpers test:browser",
    "test:jest": "node scripts/jest --runInBand",
    "test:jest:runner": "node scripts/runner test",
    "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration",
    "prebuild": "node scripts/generate-build-version"
},
"dependencies": {
    "angular-animate": "1.8.3",
    "angular-material": "1.2.5",
    "axios": "^1.6.1",
    "install": "^0.13.0",
    "js2xmlparser": "^5.0.0",
    "json2csv": "^4.1.2",
    "jwt-decode": "^3.1.2",
    "loglevel": "^1.7.1",
    "markdown-it-link-attributes": "^4.0.1",
    "md5": "^2.3.0",
    "needle": "^3.2.0",
    "node-cron": "^1.1.2",
    "pdfmake": "0.2.7",
    "querystring-browser": "1.0.4",
    "react-codemirror": "^1.0.0",
    "react-cookie": "^4.0.3",
    "read-last-lines": "^1.7.2",
    "timsort": "^0.3.0",
    "typescript": "^5.0.4",
    "winston": "3.9.0"
},
"devDependencies": {
    "@types/node-cron": "^2.0.3",
    "@typescript-eslint/eslint-plugin": "^6.2.1",
    "@typescript-eslint/parser": "^6.2.1",
    "eslint": "^8.46.0",
    "eslint-config-prettier": "^8.5.0",
    "eslint-import-resolver-typescript": "3.5.5",
    "eslint-plugin-async-await": "^0.0.0",
    "eslint-plugin-cypress": "^2.12.1",
    "eslint-plugin-filenames-simple": "^0.8.0",
    "eslint-plugin-import": "^2.28.0",
    "eslint-plugin-prettier": "^4.2.1",
    "eslint-plugin-react": "^7.31.8",
    "eslint-plugin-react-hooks": "^4.6.0",
    "prettier": "^2.7.1",
    "redux-mock-store": "^1.5.4",
    "swagger-client": "^3.19.11"
},
"opensearchDashboards": {
    "version": "2.10.0"
}
}

Component status

systemctl status wazuh-dashboard -l
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:59:50 UTC; 3h 49min ago
Main PID: 19787 (node)
CGroup: /system.slice/wazuh-dashboard.service
        └─19787 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Feb 26 15:47:49 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:47:49Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-192x192.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /android-chrome-192x192.png 401 3ms - 9.0B"}
Feb 26 15:47:49 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:47:49Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-512x512.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /android-chrome-512x512.png 401 1ms - 9.0B"}
Feb 26 15:47:52 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:47:52Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-192x192.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-192x192.png 401 2ms - 9.0B"}
Feb 26 15:47:53 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:47:53Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-512x512.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-512x512.png 401 2ms - 9.0B"}
Feb 26 15:48:19 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:19Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-192x192.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-192x192.png 401 2ms - 9.0B"}
Feb 26 15:48:19 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:19Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-512x512.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-512x512.png 401 2ms - 9.0B"}
Feb 26 15:48:22 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:22Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-192x192.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-192x192.png 401 2ms - 9.0B"}
Feb 26 15:48:23 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:23Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-512x512.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /android-chrome-512x512.png 401 1ms - 9.0B"}
Feb 26 15:48:53 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:53Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-192x192.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /android-chrome-192x192.png 401 2ms - 9.0B"}
Feb 26 15:48:54 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[19787]: {"type":"response","@timestamp":"2024-02-26T15:48:54Z","tags":[],"pid":19787,"method":"get","statusCode":401,"req":{"url":"/android-chrome-512x512.png","method":"get","headers":{"host":"10.0.0.158:5601","connection":"close","sec-ch-ua":"\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"Linux\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","sec-fetch-site":"cross-site","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.0.0.158","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /android-chrome-512x512.png 401 3ms - 9.0B"}

Related to the

Service status

journalctl -xe -u wazuh-dashboard.service --no-pager | egrep "statusCode\"\:5[0-9][0-9]" | wc -l
0

Error/Warning logs
```
egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log |wc -l
208
```
Full errors log
Expected as the Wazuh API was down and the server restarted.

Indexer logs

Bootstrap 🟡

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component status

systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:36:34 UTC; 4h 56min ago
    Docs: https://documentation.wazuh.com
Main PID: 12341 (java)
CGroup: /system.slice/wazuh-indexer.service
        └─12341 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10137675549718947066 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Feb 26 11:36:11 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:34 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Service status

journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:33:00 UTC. --
Feb 26 11:34:07 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:34:10 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:34:10 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:34:10 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:34:10 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:12 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:34:12 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:34:12 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:34:12 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:30 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:36:10 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Feb 26 11:36:11 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Feb 26 11:36:11 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:36:14 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:36:16 ip-10-0-2-169.us-west-1.compute.internal systemd-entrypoint[12341]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:34 ip-10-0-2-169.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
24

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log
[2024-02-26T11:34:12,988][INFO ][o.o.n.Node               ] [node-3] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-1613714877562763697, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:34:24,284][ERROR][o.o.s.a.s.SinkProvider   ] [node-3] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T11:34:31,003][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,004][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,004][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,004][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,004][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,005][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,005][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,005][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,005][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:31,005][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,016][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,016][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,017][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,017][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,017][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,017][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,017][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,018][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,018][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:44,018][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-3] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:36:16,245][INFO ][o.o.n.Node               ] [node-3] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3928m, -Xmx3928m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-10137675549718947066, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2059403264, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:36:27,637][ERROR][o.o.s.a.s.SinkProvider   ] [node-3] Default endpoint could not be created, auditlog will not work properly.

Related to: Uninitialized index error logs appear in Wazuh-indexers on demo environment #21861. Known issue

Master B 🟡

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component status

systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:36:08 UTC; 5h 1min ago
    Docs: https://documentation.wazuh.com
Main PID: 12272 (java)
CGroup: /system.slice/wazuh-indexer.service
        └─12272 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-17791869226909718292 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:08 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Service status

journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:37:43 UTC. --
Feb 26 11:33:56 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:22 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:08 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
24

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log
[2024-02-26T11:34:01,085][INFO ][o.o.n.Node               ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15575994016027951250, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:34:12,047][ERROR][o.o.s.a.s.SinkProvider   ] [node-2] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T11:34:23,659][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,659][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,661][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,668][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,668][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:35:51,069][INFO ][o.o.n.Node               ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3928m, -Xmx3928m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-17791869226909718292, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2059403264, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:36:02,552][ERROR][o.o.s.a.s.SinkProvider   ] [node-2] Default endpoint could not be created, auditlog will not work properly.

Related to: Uninitialized index error logs appear in Wazuh-indexers on demo environment #21861. Known issue

Master C 🟡

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component status

systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:36:08 UTC; 5h 4min ago
    Docs: https://documentation.wazuh.com
Main PID: 12272 (java)
CGroup: /system.slice/wazuh-indexer.service
        └─12272 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-17791869226909718292 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:08 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Service status

journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:40:01 UTC. --
Feb 26 11:33:56 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:33:58 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:34:01 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[10453]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:34:22 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Feb 26 11:35:45 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:35:49 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:35:51 ip-10-0-2-112.us-west-1.compute.internal systemd-entrypoint[12272]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:36:08 ip-10-0-2-112.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--

Error/Warning logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
24

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log
[2024-02-26T11:34:01,085][INFO ][o.o.n.Node               ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-15575994016027951250, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:34:12,047][ERROR][o.o.s.a.s.SinkProvider   ] [node-2] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T11:34:23,659][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,659][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,661][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,662][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:23,663][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,668][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,668][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,669][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:34:36,670][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-2] Failure no such index [.opendistro_security] retrievingconfiguration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T11:35:51,069][INFO ][o.o.n.Node               ] [node-2] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3928m, -Xmx3928m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-17791869226909718292, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=2059403264, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:36:02,552][ERROR][o.o.s.a.s.SinkProvider   ] [node-2] Default endpoint could not be created, auditlog will not work properly.

Related to: Uninitialized index error logs appear in Wazuh-indexers on demo environment #21861. Known issue

Dashboard 🟡

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component status

systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 11:43:03 UTC; 5h 0min ago
    Docs: https://documentation.wazuh.com
Main PID: 14475 (java)
CGroup: /system.slice/wazuh-indexer.service
        └─14475 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10460859724403301268 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Feb 26 11:42:38 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:43:03 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.

Service status

journalctl -xe -u wazuh-indexer.service --no-pager-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:43:49 UTC. --Feb 26 11:39:20 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...-- Subject: Unit wazuh-indexer.service has begun start-up-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel---- Unit wazuh-indexer.service has begun starting up.Feb 26 11:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Feb 26 11:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchFeb 26 11:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: System::setSecurityManager will be removedin a future releaseFeb 26 11:39:25 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: A terminally deprecated method in java.lang.System has been calledFeb 26 11:39:25 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Feb 26 11:39:25 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.SecurityFeb 26 11:39:25 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[10333]: WARNING: System::setSecurityManager will be removedin a future releaseFeb 26 11:39:44 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:42:37 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Feb 26 11:42:38 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Feb 26 11:42:38 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 11:42:42 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager has been calledby org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 11:42:44 ip-10-0-0-158.us-west-1.compute.internal systemd-entrypoint[14475]: WARNING: System::setSecurityManager will be removedin a future release
Feb 26 11:43:03 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
4

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log
[2024-02-26T11:39:25,147][INFO ][o.o.n.Node               ] [node-7] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-6911747722374839225, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:39:36,607][ERROR][o.o.s.a.s.SinkProvider   ] [node-7] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T11:42:44,440][INFO ][o.o.n.Node               ] [node-7] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms2560m, -Xmx2560m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-10460859724403301268, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy, -XX:MaxDirectMemorySize=1342177280, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T11:42:56,388][ERROR][o.o.s.a.s.SinkProvider   ] [node-7] Default endpoint could not be created, auditlog will not work properly.

Related to: Uninitialized index error logs appear in Wazuh-indexers on demo environment #21861. Known issue

Server logs

Master Env1 🔴

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="server"

Component status

systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
    Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
    Active: active (exited) since Mon 2024-02-26 11:47:15 UTC; 5h 1min ago
  Process: 15130 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 15302 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

Feb 26 11:47:07 wazuh-manager-master-0 env[15302]: Started wazuh-syscheckd...
Feb 26 11:47:08 wazuh-manager-master-0 env[15302]: Started wazuh-remoted...
Feb 26 11:47:09 wazuh-manager-master-0 env[15302]: Started wazuh-logcollector...
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: Started wazuh-monitord...
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: 2024/02/26 11:47:10 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: 2024/02/26 11:47:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:47:11 wazuh-manager-master-0 env[15302]: Started wazuh-modulesd...
Feb 26 11:47:13 wazuh-manager-master-0 env[15302]: Started wazuh-clusterd...
Feb 26 11:47:15 wazuh-manager-master-0 env[15302]: Completed.
Feb 26 11:47:15 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd: Process 28423 not used by Wazuh, removing...
wazuh-modulesd not running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Modulesd not running. Related to: Modulesd is not running in Demo Environment for 4.8.0 Beta 2 #22153. New issue

Service status

journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:48:42 UTC. --
Feb 26 11:45:14 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:45:15 wazuh-manager-master-0 env[11345]: 2024/02/26 11:45:15 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:45:15 wazuh-manager-master-0 env[11345]: 2024/02/26 11:45:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:45:16 wazuh-manager-master-0 env[11345]: Starting Wazuh v4.8.0...
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: Started wazuh-apid...
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: Started wazuh-csyslogd...
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: Started wazuh-dbd...
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: 2024/02/26 11:45:18 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: Started wazuh-integratord...
Feb 26 11:45:18 wazuh-manager-master-0 env[11345]: Started wazuh-agentlessd...
Feb 26 11:45:19 wazuh-manager-master-0 env[11345]: Started wazuh-authd...
Feb 26 11:45:20 wazuh-manager-master-0 env[11345]: Started wazuh-db...
Feb 26 11:45:21 wazuh-manager-master-0 env[11345]: Started wazuh-execd...
Feb 26 11:45:22 wazuh-manager-master-0 env[11345]: Started wazuh-analysisd...
Feb 26 11:45:23 wazuh-manager-master-0 env[11345]: Started wazuh-syscheckd...
Feb 26 11:45:25 wazuh-manager-master-0 env[11345]: Started wazuh-remoted...
Feb 26 11:45:26 wazuh-manager-master-0 env[11345]: Started wazuh-logcollector...
Feb 26 11:45:27 wazuh-manager-master-0 env[11345]: Started wazuh-monitord...
Feb 26 11:45:27 wazuh-manager-master-0 env[11345]: 2024/02/26 11:45:27 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:45:27 wazuh-manager-master-0 env[11345]: 2024/02/26 11:45:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:45:28 wazuh-manager-master-0 env[11345]: Started wazuh-modulesd...
Feb 26 11:45:29 wazuh-manager-master-0 env[11345]: Started wazuh-clusterd...
Feb 26 11:45:31 wazuh-manager-master-0 env[11345]: Completed.
Feb 26 11:45:31 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:46:52 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
Feb 26 11:46:52 wazuh-manager-master-0 env[15130]: Killing wazuh-clusterd...
Feb 26 11:46:52 wazuh-manager-master-0 env[15130]: Killing wazuh-modulesd...
Feb 26 11:46:52 wazuh-manager-master-0 env[15130]: Killing wazuh-monitord...
Feb 26 11:46:53 wazuh-manager-master-0 env[15130]: Killing wazuh-logcollector...
Feb 26 11:46:53 wazuh-manager-master-0 env[15130]: Killing wazuh-remoted...
Feb 26 11:46:53 wazuh-manager-master-0 env[15130]: Killing wazuh-syscheckd...
Feb 26 11:46:54 wazuh-manager-master-0 env[15130]: Killing wazuh-analysisd...
Feb 26 11:46:54 wazuh-manager-master-0 env[15130]: wazuh-maild not running...
Feb 26 11:46:54 wazuh-manager-master-0 env[15130]: Killing wazuh-execd...
Feb 26 11:46:54 wazuh-manager-master-0 env[15130]: Killing wazuh-db...
Feb 26 11:46:55 wazuh-manager-master-0 env[15130]: Killing wazuh-authd...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: wazuh-agentlessd not running...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: wazuh-integratord not running...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: wazuh-dbd not running...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: wazuh-csyslogd not running...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: Killing wazuh-apid...
Feb 26 11:46:56 wazuh-manager-master-0 env[15130]: Wazuh v4.8.0 Stopped
Feb 26 11:46:56 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
Feb 26 11:46:56 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:46:58 wazuh-manager-master-0 env[15302]: 2024/02/26 11:46:58 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:46:58 wazuh-manager-master-0 env[15302]: 2024/02/26 11:46:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:46:59 wazuh-manager-master-0 env[15302]: Starting Wazuh v4.8.0...
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: Started wazuh-apid...
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: Started wazuh-csyslogd...
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: Started wazuh-dbd...
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: 2024/02/26 11:47:02 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: Started wazuh-integratord...
Feb 26 11:47:02 wazuh-manager-master-0 env[15302]: Started wazuh-agentlessd...
Feb 26 11:47:03 wazuh-manager-master-0 env[15302]: Started wazuh-authd...
Feb 26 11:47:04 wazuh-manager-master-0 env[15302]: Started wazuh-db...
Feb 26 11:47:05 wazuh-manager-master-0 env[15302]: Started wazuh-execd...
Feb 26 11:47:06 wazuh-manager-master-0 env[15302]: Started wazuh-analysisd...
Feb 26 11:47:07 wazuh-manager-master-0 env[15302]: Started wazuh-syscheckd...
Feb 26 11:47:08 wazuh-manager-master-0 env[15302]: Started wazuh-remoted...
Feb 26 11:47:09 wazuh-manager-master-0 env[15302]: Started wazuh-logcollector...
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: Started wazuh-monitord...
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: 2024/02/26 11:47:10 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:47:10 wazuh-manager-master-0 env[15302]: 2024/02/26 11:47:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:47:11 wazuh-manager-master-0 env[15302]: Started wazuh-modulesd...
Feb 26 11:47:13 wazuh-manager-master-0 env[15302]: Started wazuh-clusterd...
Feb 26 11:47:15 wazuh-manager-master-0 env[15302]: Completed.
Feb 26 11:47:15 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
39

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 11:45:27 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.
2024/02/26 11:45:29 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 4 seconds.
2024/02/26 11:45:33 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 8 seconds.
2024/02/26 11:45:41 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 16 seconds.
2024/02/26 11:45:57 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 32 seconds.
2024/02/26 11:46:29 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/26 11:57:09 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 11:58:43 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:08:07 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:08:20 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:08:53 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:10:37 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:13:38 wazuh-remoted: WARNING: Unexpected message (hex): 'ff0dff5e4c0cffffff31ffff5f2d74ffffffff1106ffffff46ff3c22ff35ff6476646dff5fff291dff472bffff59ffffffffff5966256427ff4cffffff1e5a7a4f261674ffffffffffff54ff1e79ff4affffff192a22ffffffffffffffff1525ff45161f340b3b75ff7c2310554c54ffff760315ff6f54ffffffffff4941ff38ff095507ffffff0fffff2506ffff4d20ff3cffffff7b74ff7d00ff51571612ff39ffffffffff00686e0a25354f7fffffff68ff68ff23534f69ffff301a29ff69ffffff471e1955ffff7fffffff1d395fffff02150eff0631ffffffff7e3113ffffff11ff0b354d1b763dff3145212f275eff4e55ffffffffffffff3effffff13ffffff3d48ff3f00120affffffffffff68ff06ffffffffffff21ffff1dff1fff2aff0a443dff2fffffffff04ffff09ff39ffffff6e38ffffffff6718064f552a243cff6a32ffff757aff636bffff16ffffff18ffffff536bffff5d29ffffff397007ffffffff61ffffff7fffff04ffffff662a393d506606676affffffff74ffff1b3dff4d0fffffffff31634f1d6a7cffff765fff4d74ff2739786861ff3cffffffffff5a7f1602ff39ff5f681dff48ffffffffff71ffff07ff2e68ff06ff6b7dffffffffff3d707c39ffff4a3cff0dff5e4c0cffffff31ffff5f2d74ffffffff1106ffffff46ff444bff7affffffffffffffffffffff78ffff18ff4276'
2024/02/26 12:13:38 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:15:09 wazuh-remoted: WARNING: Unexpected message (hex): '5e0c4d256cff22ffff76ff5cffffff4146ffff38ffff2aff2b0c7a22ffffff42ffff3b2754686effffff63ff7955ff2fffff28ff66ff327111ffffff1eff6d73ff4b566f2b4c6fff3040ffff07ffffffff0853ffff4bffffff1e4131ffffffffffff146775ff286f720effff4f00ff5c2affffff71ffffff347f28ff72ffff12727e7dff5eff554865ffff66ffffffffff00ff1957ff5054157222ff3c393cff4dffffff2c6f4fff532841ff405eff124aff2b21ff38ffff73ff595aff0b70ff111f5208ffffff6e38ff49ff0a5fff4e4c0937ffff4900ffff22ffff20ffff465e3a0f087c59ffff77ff6a7279ff0b16ff32ff02ff171b21ffffff2cff2d0eff4cff137bff134c08765e7463ffff01ffff43ff5463ffff0d622527ffff0510ffff644c434426ffff62ffffffffffff3b4a5b26ffff55ff0223ff362cffff78ffffffffffff017c63ff3f26ffff581cff54ffff792a5a2036ffff2949ff427b7eff1256ffff512c1b34ff0bffff2eff54047cffff3e30ffff47ffffff045bff1d3fff50ffffff213a1cffffff61ff3aff2d3556ff2dff0459ffffffffff10594bffffff5549ff59ff0bff4fffffffffff525dffffff18ffff12ff4fffffff0aff75ff73ffff4c403cff6d726637415e0c4d256cff22ffff76ff5cffffff4146ffff38ffff2aff2b0cffffff7b3429'
2024/02/26 12:15:09 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:15:39 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff61ffff1515ffff47ffff20ffff3dff63791e2856ff32ff3840577b79ff554dff7eff0238ff0aff7c4cff73ffffffff1a7cff2eff5268ff5f24112378ffff31ff5a5b62ff3a675b771cffff6c004655ffff57ff2a676eff655862ff45ff46ffff61422d6bff3bff5b57ff3d714544ff7b1effffffffffff4a22ff4750564626ffff2bffff5aff32ffffff7805ffffffffff4133ff7dffff1bffff3e4f3209ff71ffff1aff6c5472533aff6dffffff56ffff27ffffffff14ffff2238ffff653effffffff5effff320aff48ffffff3cffff196dff6176ff214aff7affffffff61ffff1515ffff47ffff20ffff3dff63791e2856ff32ff3840577b79ff554dff7eff0238ff0aff7c4cff73ffffffff1a7cff2eff5268ff5f24112378ffff31ff5a5b62ff3a675b771cffff6c004655ffff57ff2a676eff655862ff45ff46ffff61422d6bff3bff5b57ff3d714544ff7b1effffffffffff4a22ff4750564626ffff2bffff5aff32ffffff7805ffffffffff69ff1b5566ff2c13355b7b55ffffff5eff00ffff7e3fffffffff27ff4cffff5cff59ff71ffffff3872ff262eff43ff5effffff72ff1bff4f59ff1effff4601ffffffffffff4a3cff5e55ffffffffffff4357ffffff51ffff17ff74ff7dff4d00ffff56ffff2bffffffff09ff2f07060e2d6dff2b5a4dff49ffff5fffff2cff081f43ffff33ff72ffffffff400003ffffff4f0affff1b1a57432272485eff5fffff0906ff57ff45370f43ff1e17ffff2c63ff75ffffff0cff34ffffffffff7c662a4355ffffff5a40ffffff5fff5f5bffff55ff71ffffffffff46ff4c1bff24ffff4f7505ffffffffffffff577757ff06ffff27ffff1dff1bff1fff66ff26ff07486c22ff4168ff5effff47ff63ffff37657bff1dff2871ff73ffffffff08ff1bff51ff0e51ff49312228ffff6effffffffffff22ffff4d620effffffffff7f3e38ffffff07ffff22ff60ff38747fff157504ff7f30ff4bffff39ffffff4dffffffffffffffffff64ff19ffff39ffffffff14ff3538ffff6927ff1e2bffffff28ff7cff1eff58ff6c09ffff35ffffffffffff46ffff04065e24ffffff7fffffffffff3a6bffffff21ffffff4dffffff41ff49ff32ffff00ff2975ff4effffff4effffff3f5e5800ff3438ffffff29ffffffffff28ff610b44ffff22ffff11ff081cffff10ff6f6433ff416f191d'
2024/02/26 12:15:39 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:18:09 wazuh-remoted: WARNING: Unexpected message (hex): 'ff27ff0fffff1d5cffff4dffff2122570b3bff397aff07486b37ffffff75ffffff6a07ff131aff2f33ff7d1effffff2033ff04066cffff5e483bffff342e6aff5c5c0effff3774ffff6fffff22ff30ffff10ff0aff24ff02ff0f00ff331246ffff510125662c76ff3171ffffffffffffff44ff090316ff4cff101610692206ffffff5e020fff102fff00ffffff34ff66ffff47ff7f67ffffff4738ffff403fffff1b0521ff05622616230fffffff0c37ffffffffff7dff19ffff60ffffffff5464ff7bff08ffffff7624ffff6effff6affffffffffffff48ffffff0dff4dff7b390e2e37ffffff6815745bffff22ff17ff5a50705310ffff1818ff0bff74ff50ff3dffff5c076fff5d78ffff2a00ffff012b406119ffffffff205f5fff107fffffff40ffff7a75ffff21ff257dff36ff3e0d131f03ffff3dffffffffffffff1626ff781e1614ff59ffffffff41ffff46ff52ffff611c08ffff763bffff396a31ffffff5d1a74ffff19ffffff2effff3e7cff4d5724ff6226ff3e217052ff02ff5cffff24ff00ff3f45ff656fffff3fff5a546f5c69ffffffffffff13ffffffffffffff35ffffffff5f1affff32ffff71ff0cffff49ffff3cffffffff007e16ff3c227274284dffffff0affffffffffff1dffffff0e33ff1dffffff4e3bffff27ff0fffff1d5cffff4dffff2122570b3bff397aff07486b37ff12ff393cff'
2024/02/26 12:18:09 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:22:09 wazuh-remoted: WARNING: Unexpected message (hex): 'ff2361ff4d291379ff49197dff7c25ff5f04701c547b2968ff37ffff02506571ff442840ff4854ff41ffff6702ffff6203ffffff446508ff04ffffff7534ffffffff27ffffff0278121cff54ffffff1924624dff01ff07ffffff0a7bff6b7dffffff00ff215c2e74625a490fffff03ff2d7a13ff78495803ff1dff0aff45ff2122ff7affff0d26ffffff74ffffff264d4cff3628ffffffffffff4d1bffffffffff51ffffff14ff19ffffffff7effff087f34ff69ffffff4f3102ff3f767041ffffffff0277ff75ffff3aff737d40ff43470e3d2f655a1dffff0bffffff0827ff553c2c0effffff7614310010ffffff005aff184527ff22ffffffff1e1b58ffffff0730ffff305bff4eff5a4e10ff4cffffffffffffff2bffffff76113a6e41ff04ffff15ffffff71ffff594b77ff1affff4149ff19ff58ffff1bff1358ffff78ff69ffff0f6cff67ffff15ffff5846ffff6affff756a260fffffff122bff2319ff3505ff22ff20ff441a45ff3eff64700cff1b3553ffffffffff131c7c15ffff7dff57ff454d490bff0aff4dffffffff2e2a5471ffffff7a3effff61ffffff6937ffff2a31ffff47ff746dff4dff1dff7a51ffff2822ff37ff5cff5055ffff5c0d0f39ff5bffffff12ff18ff62ffff2361ff4d291379ff49197dff7c25ff5f04701c547b2968ff3758ff4fff4bff'
2024/02/26 12:22:09 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:23:15 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'
2024/02/26 12:25:36 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff69220affff63ff4a4145533affffff6509604dffff3f5a0bffffff5b34ff044cffff4541ffffff616bff75ff1affff4fff63ff5212ffffffffffff64732428ff6972ffff56ffffff1eff6a6825732c20ff665d664a20ffffffffff7c4fffff6b66ff12ff560dffff45ff244672ffffff45702505ff101d6f24ff32ff71ff69ffffffff6f1a4fffffffffffff26ff64ffff62185cffffffff22ff2f50ffffffff7aff6bffffff2443ffffff0affff1951ffffffffff30ff12ffff3763ff4fffff3fffff74ffffffffff147e2bffff61ffffff565b5aff1d3972ff7f2cffff590a58ff0eff0c77ffff3c65ffff15ffff31ff33ff64ffffffff32715a23671cff2f2f2378ff3746597948ff35ff46ffff1961ff11ff76ffff18483c2a70ff49ff7f29ffffff560d11ff42ff0b3fff7fff1e5a22ff680bffffffffffffff02ff09690957ffffffff7b4242ffff7effffffffffff75ff3e1363591effff7a7bffffff19ffff7bff02ff0aff4e6d5d753f1f4effffffff174dff4115ffffffffff6379ffffff2affffffff6413292fff0cffffff05485a30ffff2cff51ff23445aff12ffff5eff2cffffff7058ffffffff76ff48ff2fffff54ff52ffffffff11ff63ff4aff30ffff30173d65ff69ff4275460c16ff4eff28ffffff2167ffffffff69220affff63ff4a4947120dffff'
2024/02/26 12:25:36 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:26:36 wazuh-remoted: WARNING: Unexpected message (hex): 'ff5aff2cff29ffffffff4145533aff3b02ff2affffffff682b09ffffffffff6bffff48ff1f5715ffff485e23ff44ffff3237ffffff41ff202958ffff6a633e3cffff53ffff46ff45ff76ffffff174639615d4c48ffffff2f3effff4307ff2032ff3affff07ff5dff642eff7c64ff0112ff15ffffffff0bff6eff4e66ff22ffffffff0a3fffff087d16ff2e4178ff3f64ff7020ffff36025c7cff4cff3d3c33ffff785fff0affff69ff6678383535ff6cffffffffffffff1369ff1bff3d1dff72ffffffff4e4563ff1dff54ff17536c77ffffff37ffff415f0bffff25ffffff11ff22ffffff14ff67ff3732ff045cffffff6dffff39730eff32ffffffff11254c796317ff15ffff6fffffffff30ffff5eff437a7effff6aff3e186aff167679ffffffff2218ff287f727e2effffff51ff794bff66ff31ffff7f44ff5d6349ffffffff3130ff7f6c1bff4fff19ff60ffff7e58ff3cff1d177bffffff4840ff3f697d59ff787fff49ffffffff33ff4b01ff4fff51661c5274ff71ff7aff37ffff7dff4aff5d4d71ff4e1c2043ff27ffff6e49ff0eff60ff57021329ff0cffffffffffffff2effff3326ffffff31ffff7437ffffffff196b63ff2562ff42ff39796b35ff576bffffff6f33ffff10ffffff6dffffffff0141ffff11ffff79ff18ff5aff2cff29ffffffffffff00ffffffff04234affff6fffff3fffffff3a00ffff0100002130303421234145533a18ffffff4bff2bff36ff20585824ff6938774dff741236ff27ffffffffffffffff1bff2fff456cff3912ffff2a463930ffffff66ff6cff4201ff2006ffff6fff283e48ffff251f5fff2670ff5dffff28ff21ffffffffff0b12ff300527ff3445ff106526ff0fff3b2b19005cffff11ffff0446ffffff5418ffffff7b5aff56ffffffffff26ff7a5d6dff561d0b2c40ffff65ffff361fffffffffffff283522ff48ffffffffffff5e67ff6cffffffff465045ff2bff4effff60ff1c1dffffffff183cff7b5effffffff512a55ffffff0e7a6619276effff2e2cff0dffff1058111effffffffffff2357ffffffff1400ff4dff7bffffff04ff2b7aff1155104016555e5e52ffffff4934ff0b15ff5bffffff08ffff76ff24ff272d5552ff322702ff67214a220bffffff68ff0cffff4f5eff66ffff0bffffffffff5d1dffff062b4778ff26043dff3360077446ffff28ff6a3a7bffff36ff49ff29ffffffff3b0bff6f195730ffffffff6a30ff4a4fffff13ffff62ff1d52ff2b02ff3f2affff32ff20ff78ffff4b7c4e25ff78ff7cff27ff6473ff29ffffff056371ffff6affff0bff7127ff492eff33ff68013affff462873ffff2f50ffffff1a46ff303affffffff3c4fff206867255646ffffffffff'
2024/02/26 12:26:36 wazuh-remoted: WARNING: Too big message size from socket [28].
2024/02/26 12:40:19 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 13:09:27 wazuh-authd: WARNING: Duplicate name 'Centos', rejecting enrollment. Agent '003' can't be replaced since it is not disconnected.
2024/02/26 13:09:27 wazuh-authd: WARNING: Duplicate name 'Windows', rejecting enrollment. Agent '004' can't be replaced since it is notdisconnected.
2024/02/26 13:09:27 wazuh-authd: WARNING: Duplicate name 'Debian', rejecting enrollment. Agent '001' can't be replaced since it is not disconnected.
2024/02/26 13:09:27 wazuh-authd: WARNING: Duplicate name 'RHEL9', rejecting enrollment. Agent '002' can't be replaced since it is not disconnected.
2024/02/26 13:49:06 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 13:59:21 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:09:51 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:36:26 wazuh-authd: WARNING: Duplicate name 'RHEL9', rejecting enrollment. Agent '002' can't be replaced since it is not disconnected.
2024/02/26 14:36:26 wazuh-authd: WARNING: Duplicate name 'Centos', rejecting enrollment. Agent '003' can't be replaced since it is not disconnected.
2024/02/26 14:36:26 wazuh-authd: WARNING: Duplicate name 'Windows', rejecting enrollment. Agent '004' can't be replaced since it is notdisconnected.
2024/02/26 14:36:26 wazuh-authd: WARNING: Duplicate name 'Debian', rejecting enrollment. Agent '001' has not been disconnected long enough to be replaced.

Related to: Premature IndexerConnector warnings generated #21829. Known issue

2024/02/26 11:45:27 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.

Related to: https://github.com/wazuh/wazuh-jenkins/issues/4867. Known issue

2024/02/26 12:08:07 wazuh-remoted: WARNING: Agent key already in use: agent ID '004'

Related to: Remoted show Too big message size from socket after receiving a Wazuh agent message #17596. Known issue

2024/02/26 12:25:36 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff69220affff63ff4a4145533affffff6509604dffff3f5a0bffffff5b34ff044cffff4541ffffff616bff75ff1affff4fff63ff5212ffffffffffff64732428ff6972ffff56ffffff1eff6a6825732c20ff665d664a20ffffffffff7c4fffff6b66ff12ff560dffff45ff244672ffffff45702505ff101d6f24ff32ff71ff69ffffffff6f1a4fffffffffffff26ff64ffff62185cffffffff22ff2f50ffffffff7aff6bffffff2443ffffff0affff1951ffffffffff30ff12ffff3763ff4fffff3fffff74ffffffffff147e2bffff61ffffff565b5aff1d3972ff7f2cffff590a58ff0eff0c77ffff3c65ffff15ffff31ff33ff64ffffffff32715a23671cff2f2f2378ff3746597948ff35ff46ffff1961ff11ff76ffff18483c2a70ff49ff7f29ffffff560d11ff42ff0b3fff7fff1e5a22ff680bffffffffffffff02ff09690957ffffffff7b4242ffff7effffffffffff75ff3e1363591effff7a7bffffff19ffff7bff02ff0aff4e6d5d753f1f4effffffff174dff4115ffffffffff6379ffffff2affffffff6413292fff0cffffff05485a30ffff2cff51ff23445aff12ffff5eff2cffffff7058ffffffff76ff48ff2fffff54ff52ffffffff11ff63ff4aff30ffff30173d65ff69ff4275460c16ff4eff28ffffff2167ffffffff69220affff63ff4a4947120dffff'

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
10367

All the errors seems to be the same repeated over and over

2024/02/26 16:51:56 ERROR: [Worker] [Main] 'Agent-info sync'
2024/02/26 16:52:02 ERROR: [Worker] [Main] 'Integrity check'
2024/02/26 16:52:02 ERROR: [Worker] [Main] Unhandled error processing request 'b'new_file'': [Errno 2] No such file or directory: '/var/ossec/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
FileNotFoundError: [Errno 2] No such file or directory: '/var/ossec/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
2024/02/26 16:52:02 ERROR: [Worker] [Main] Unhandled error processing request 'b'file_upd'': b'/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
KeyError: b'/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
2024/02/26 16:52:02 ERROR: [Worker] [Main] Unhandled error processing request 'b'file_end'': b'/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
KeyError: b'/queue/cluster/worker_01/worker_01-1708966322.762772-b1c11fa6a60b46d69ab83f5deb9e2f38.zip'
2024/02/26 16:52:02 ERROR: [Worker] [Main] Internal error processing request 'b'syn_i_w_m_e'': Error 3027 - Unknown received task name:e3a19e8f-7abe-4495-92e6-c08fe5bc491d

Related to: Multiple errors on wazuh cluster in Demo Environment for 4.8.0 Beta 2 #22146. New issue

Filebeat test output

filebeat test output
elasticsearch: https://10.0.2.198:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.198
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.112:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.112
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.169:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.169
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Master Env2 🔴

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="server"

Component status

systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since Mon 2024-02-26 11:47:57 UTC; 5h 8min ago
  Process: 15135 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 15886 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

Feb 26 11:47:50 wazuh-manager-master-0 env[15886]: Started wazuh-syscheckd...
Feb 26 11:47:51 wazuh-manager-master-0 env[15886]: Started wazuh-remoted...
Feb 26 11:47:52 wazuh-manager-master-0 env[15886]: Started wazuh-logcollector...
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: Started wazuh-monitord...
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:53 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:53 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:47:54 wazuh-manager-master-0 env[15886]: Started wazuh-modulesd...
Feb 26 11:47:55 wazuh-manager-master-0 env[15886]: Started wazuh-clusterd...
Feb 26 11:47:57 wazuh-manager-master-0 env[15886]: Completed.
Feb 26 11:47:57 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd: Process 25404 not used by Wazuh, removing...
wazuh-modulesd not running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Modulesd not running. Related to: Modulesd is not running in Demo Environment for 4.8.0 Beta 2 #22153. New issue

Service status

journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 16:56:40 UTC. --
Feb 26 11:45:22 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:45:24 wazuh-manager-master-0 env[11389]: 2024/02/26 11:45:24 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:45:24 wazuh-manager-master-0 env[11389]: 2024/02/26 11:45:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:45:24 wazuh-manager-master-0 env[11389]: Starting Wazuh v4.8.0...
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: Started wazuh-apid...
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: Started wazuh-csyslogd...
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: Started wazuh-dbd...
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: 2024/02/26 11:45:28 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: Started wazuh-integratord...
Feb 26 11:45:28 wazuh-manager-master-0 env[11389]: Started wazuh-agentlessd...
Feb 26 11:45:29 wazuh-manager-master-0 env[11389]: Started wazuh-authd...
Feb 26 11:45:30 wazuh-manager-master-0 env[11389]: Started wazuh-db...
Feb 26 11:45:31 wazuh-manager-master-0 env[11389]: Started wazuh-execd...
Feb 26 11:45:32 wazuh-manager-master-0 env[11389]: Started wazuh-analysisd...
Feb 26 11:45:33 wazuh-manager-master-0 env[11389]: Started wazuh-syscheckd...
Feb 26 11:45:34 wazuh-manager-master-0 env[11389]: Started wazuh-remoted...
Feb 26 11:45:35 wazuh-manager-master-0 env[11389]: Started wazuh-logcollector...
Feb 26 11:45:36 wazuh-manager-master-0 env[11389]: Started wazuh-monitord...
Feb 26 11:45:36 wazuh-manager-master-0 env[11389]: 2024/02/26 11:45:36 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:45:36 wazuh-manager-master-0 env[11389]: 2024/02/26 11:45:36 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:45:37 wazuh-manager-master-0 env[11389]: Started wazuh-modulesd...
Feb 26 11:45:39 wazuh-manager-master-0 env[11389]: Started wazuh-clusterd...
Feb 26 11:45:41 wazuh-manager-master-0 env[11389]: Completed.
Feb 26 11:45:41 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:47:23 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
Feb 26 11:47:23 wazuh-manager-master-0 env[15135]: Killing wazuh-clusterd...
Feb 26 11:47:23 wazuh-manager-master-0 env[15135]: Killing wazuh-modulesd...
Feb 26 11:47:35 wazuh-manager-master-0 env[15135]: Killing wazuh-monitord...
Feb 26 11:47:35 wazuh-manager-master-0 env[15135]: Killing wazuh-logcollector...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: Killing wazuh-remoted...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: Killing wazuh-syscheckd...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: Killing wazuh-analysisd...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: wazuh-maild not running...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: Killing wazuh-execd...
Feb 26 11:47:36 wazuh-manager-master-0 env[15135]: Killing wazuh-db...
Feb 26 11:47:37 wazuh-manager-master-0 env[15135]: Killing wazuh-authd...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: wazuh-agentlessd not running...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: wazuh-integratord not running...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: wazuh-dbd not running...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: wazuh-csyslogd not running...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: Killing wazuh-apid...
Feb 26 11:47:38 wazuh-manager-master-0 env[15135]: Wazuh v4.8.0 Stopped
Feb 26 11:47:38 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
Feb 26 11:47:38 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:47:40 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:40 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:47:40 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:47:41 wazuh-manager-master-0 env[15886]: Starting Wazuh v4.8.0...
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: Started wazuh-apid...
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: Started wazuh-csyslogd...
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: Started wazuh-dbd...
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:45 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: Started wazuh-integratord...
Feb 26 11:47:45 wazuh-manager-master-0 env[15886]: Started wazuh-agentlessd...
Feb 26 11:47:46 wazuh-manager-master-0 env[15886]: Started wazuh-authd...
Feb 26 11:47:47 wazuh-manager-master-0 env[15886]: Started wazuh-db...
Feb 26 11:47:48 wazuh-manager-master-0 env[15886]: Started wazuh-execd...
Feb 26 11:47:49 wazuh-manager-master-0 env[15886]: Started wazuh-analysisd...
Feb 26 11:47:50 wazuh-manager-master-0 env[15886]: Started wazuh-syscheckd...
Feb 26 11:47:51 wazuh-manager-master-0 env[15886]: Started wazuh-remoted...
Feb 26 11:47:52 wazuh-manager-master-0 env[15886]: Started wazuh-logcollector...
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: Started wazuh-monitord...
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:53 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:47:53 wazuh-manager-master-0 env[15886]: 2024/02/26 11:47:53 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:47:54 wazuh-manager-master-0 env[15886]: Started wazuh-modulesd...
Feb 26 11:47:55 wazuh-manager-master-0 env[15886]: Started wazuh-clusterd...
Feb 26 11:47:57 wazuh-manager-master-0 env[15886]: Completed.
Feb 26 11:47:57 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
13

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 11:45:37 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.
2024/02/26 11:45:39 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 4 seconds.
2024/02/26 11:45:43 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 8 seconds.
2024/02/26 11:45:51 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 16 seconds.
2024/02/26 11:46:07 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 32 seconds.
2024/02/26 11:46:39 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/26 11:47:27 wazuh-modulesd:vulnerability-scanner: WARNING: Exception during re-scan: basic_string::_M_construct null not valid
2024/02/26 11:47:35 wazuh-modulesd:content-updater: WARNING: The offsets download has been interrupted
2024/02/26 12:43:04 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 12:46:08 wazuh-remoted: WARNING: Agent key already in use: agent ID '002'
2024/02/26 13:50:08 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 14:01:14 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:12:34 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source

Related to: Premature IndexerConnector warnings generated #21829. Known issue

2024/02/26 11:45:37 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.
2024/02/26 11:46:39 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.

Related to: Vulnerability detector refactor failing check analysis #22144. Known issue

2024/02/26 11:47:27 wazuh-modulesd:vulnerability-scanner: WARNING: Exception during re-scan: basic_string::_M_construct null not valid
2024/02/26 13:50:08 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 14:01:14 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source

Related to: https://github.com/wazuh/wazuh-jenkins/issues/4867. Known issue

2024/02/26 12:46:08 wazuh-remoted: WARNING: Agent key already in use: agent ID '002'

Related to: Modulesd content-updater offsets download interrupted in Demo Environment for 4.8.0 Beta 2 #22148. New issue

2024/02/26 11:47:35 wazuh-modulesd:content-updater: WARNING: The offsets download has been interrupted

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
1

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log
2024/02/26 11:47:23 ERROR: [Cluster] [Main] Error while trying to terminate the process with ID 11927.

Related to: Cluster error while trying to terminate process in Demo Environment for 4.8.0 Beta 2 #22149. New issue

Filebeat test output

filebeat test output
elasticsearch: https://10.0.2.198:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.198
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.112:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.112
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.169:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.169
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Worker 🔴

System information

cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Component version

/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40804"
WAZUH_TYPE="server"

Component status

systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since Mon 2024-02-26 11:51:55 UTC; 5h 8min ago
  Process: 14836 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 14984 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

Feb 26 11:51:47 wazuh-manager-worker-0 env[14984]: Started wazuh-syscheckd...
Feb 26 11:51:49 wazuh-manager-worker-0 env[14984]: Started wazuh-remoted...
Feb 26 11:51:50 wazuh-manager-worker-0 env[14984]: Started wazuh-logcollector...
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: Started wazuh-monitord...
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:51 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:51:52 wazuh-manager-worker-0 env[14984]: Started wazuh-modulesd...
Feb 26 11:51:53 wazuh-manager-worker-0 env[14984]: Started wazuh-clusterd...
Feb 26 11:51:55 wazuh-manager-worker-0 env[14984]: Completed.
Feb 26 11:51:55 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.

Modules status

/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd: Process 18236 not used by Wazuh, removing...
wazuh-modulesd not running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd not running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Modulesd not running. Related to: Modulesd is not running in Demo Environment for 4.8.0 Beta 2 #22153. New issue

Service status

journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Mon 2024-02-26 11:21:02 UTC, end at Mon 2024-02-26 17:01:12 UTC. --
Feb 26 11:49:57 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:49:59 wazuh-manager-worker-0 env[11097]: 2024/02/26 11:49:59 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:49:59 wazuh-manager-worker-0 env[11097]: 2024/02/26 11:49:59 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:49:59 wazuh-manager-worker-0 env[11097]: Starting Wazuh v4.8.0...
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: Started wazuh-apid...
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: Started wazuh-csyslogd...
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: Started wazuh-dbd...
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: 2024/02/26 11:50:02 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: Started wazuh-integratord...
Feb 26 11:50:02 wazuh-manager-worker-0 env[11097]: Started wazuh-agentlessd...
Feb 26 11:50:03 wazuh-manager-worker-0 env[11097]: Started wazuh-db...
Feb 26 11:50:04 wazuh-manager-worker-0 env[11097]: Started wazuh-execd...
Feb 26 11:50:05 wazuh-manager-worker-0 env[11097]: Started wazuh-analysisd...
Feb 26 11:50:06 wazuh-manager-worker-0 env[11097]: Started wazuh-syscheckd...
Feb 26 11:50:07 wazuh-manager-worker-0 env[11097]: Started wazuh-remoted...
Feb 26 11:50:08 wazuh-manager-worker-0 env[11097]: Started wazuh-logcollector...
Feb 26 11:50:10 wazuh-manager-worker-0 env[11097]: Started wazuh-monitord...
Feb 26 11:50:10 wazuh-manager-worker-0 env[11097]: 2024/02/26 11:50:10 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:50:10 wazuh-manager-worker-0 env[11097]: 2024/02/26 11:50:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:50:11 wazuh-manager-worker-0 env[11097]: Started wazuh-modulesd...
Feb 26 11:50:12 wazuh-manager-worker-0 env[11097]: Started wazuh-clusterd...
Feb 26 11:50:14 wazuh-manager-worker-0 env[11097]: Completed.
Feb 26 11:50:14 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
Feb 26 11:51:34 wazuh-manager-worker-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
Feb 26 11:51:34 wazuh-manager-worker-0 env[14836]: Killing wazuh-clusterd...
Feb 26 11:51:34 wazuh-manager-worker-0 env[14836]: Killing wazuh-modulesd...
Feb 26 11:51:35 wazuh-manager-worker-0 env[14836]: Killing wazuh-monitord...
Feb 26 11:51:35 wazuh-manager-worker-0 env[14836]: Killing wazuh-logcollector...
Feb 26 11:51:35 wazuh-manager-worker-0 env[14836]: Killing wazuh-remoted...
Feb 26 11:51:35 wazuh-manager-worker-0 env[14836]: Killing wazuh-syscheckd...
Feb 26 11:51:36 wazuh-manager-worker-0 env[14836]: Killing wazuh-analysisd...
Feb 26 11:51:36 wazuh-manager-worker-0 env[14836]: wazuh-maild not running...
Feb 26 11:51:36 wazuh-manager-worker-0 env[14836]: Killing wazuh-execd...
Feb 26 11:51:36 wazuh-manager-worker-0 env[14836]: Killing wazuh-db...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: wazuh-authd not running...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: wazuh-agentlessd not running...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: wazuh-integratord not running...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: wazuh-dbd not running...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: wazuh-csyslogd not running...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: Killing wazuh-apid...
Feb 26 11:51:37 wazuh-manager-worker-0 env[14836]: Wazuh v4.8.0 Stopped
Feb 26 11:51:37 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
Feb 26 11:51:37 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Feb 26 11:51:40 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:40 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:51:40 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:51:40 wazuh-manager-worker-0 env[14984]: Starting Wazuh v4.8.0...
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: Started wazuh-apid...
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: Started wazuh-csyslogd...
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: Started wazuh-dbd...
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:43 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: Started wazuh-integratord...
Feb 26 11:51:43 wazuh-manager-worker-0 env[14984]: Started wazuh-agentlessd...
Feb 26 11:51:44 wazuh-manager-worker-0 env[14984]: Started wazuh-db...
Feb 26 11:51:45 wazuh-manager-worker-0 env[14984]: Started wazuh-execd...
Feb 26 11:51:46 wazuh-manager-worker-0 env[14984]: Started wazuh-analysisd...
Feb 26 11:51:47 wazuh-manager-worker-0 env[14984]: Started wazuh-syscheckd...
Feb 26 11:51:49 wazuh-manager-worker-0 env[14984]: Started wazuh-remoted...
Feb 26 11:51:50 wazuh-manager-worker-0 env[14984]: Started wazuh-logcollector...
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: Started wazuh-monitord...
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:51 wazuh-modulesd:router: INFO: Loaded router module.
Feb 26 11:51:51 wazuh-manager-worker-0 env[14984]: 2024/02/26 11:51:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 26 11:51:52 wazuh-manager-worker-0 env[14984]: Started wazuh-modulesd...
Feb 26 11:51:53 wazuh-manager-worker-0 env[14984]: Started wazuh-clusterd...
Feb 26 11:51:55 wazuh-manager-worker-0 env[14984]: Completed.
Feb 26 11:51:55 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Error/Warning logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
44

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log
2024/02/26 11:50:10 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.
2024/02/26 11:50:12 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 4 seconds.
2024/02/26 11:50:16 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 8 seconds.
2024/02/26 11:50:24 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 16 seconds.
2024/02/26 11:50:40 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 32 seconds.
2024/02/26 11:51:12 indexer-connector: WARNING: Error initializing IndexerConnector: No available server, we will try again after 60 seconds.
2024/02/26 12:37:19 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 12:46:06 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 13:09:54 wazuh-remoted: WARNING: Unexpected message (hex): '37ff503d4851ff34ff6a4145533aff0fff097f6f170bffff6a20ffff524affffff49ffffff03054dffff760d166a0c7c70ffff00ffff09ffff65ffffffff0635ff43ff74590b4dff2fff28463430ffffff23ff53ffffffff1fffff0dffffffffff082eff72ffffff19ff25ff5f6bffffff28ffffffffff427cff21ffff6f3aff4419ffff5dff49ff5bff6a3f65ffffff2bffffffffffffffff17ff036fffff6568125148ff6cffffffffff79ff1e63066dff30ffffffffffff090c6dff14ffffff72ff37ffff20612305275554ff4aff4fff6b6f1eff07ffff05ff32ff19ffffffffffffffff0fffffff3c3e004effff06406effff76ff3800685a6d4a09ffffffff13ffffff7315467effffffffff56ff07325327402eff76ff04ff23ff0a29ff12ffff51ffff6dff2affff725a52ffffff06ff2d72ff0c487a7c50ff013772ff6c470b4fff33ff3e582e62752bffff10ff3bffffff2dffffffffff7fff047cffffffff7f2919ff1dff0258ffff14231d223f3e05212b1effff5b312614ffffff3a16ff3740ffffff4bffffff0e567154ffff1c5dff680057ff23ffffff4c570d3cffff29ffffffffff41ffffff28ff2d01ff2a47ffff7cffff5effffff761cff76ffff21ff2f06ffff6329ffffff4830586fff50ff5501ff3545ff197e37ff503d4851ff34ff6affffff54ffffffff366119ff0b2effffff13ffff5affffffff0bff4a07ffffff37786048ff63'
2024/02/26 13:09:54 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:11:49 wazuh-remoted: WARNING: Unexpected message (hex): '0d7fff54ff20ff5bff23ff27ffff041a73ffffff59051b0318ff65ffffffff3b2cffffffffffffff32ff69ff02ff225fff29ffff116923ff4cffff3f180a6effff5b342cffff61ffffff0f58ff64523cff60681d2d3affffff71ff78ff101bff433a6821ff1cff3dff08ffffff67ffff1029ff251dffff6b5723ff4bffffff5c16ffffff55ff1affffff53ffffffffffffff37ffff20ff4eff195c6d360affff17ff0e3e2effffff4dffff2eff2fffff1affff66ff7d58ffff5dffff52ffff067b405eff316cff7f747320060affffffff0dff24ff627b01490affffffff6e0fffffffffff40395c30ff18663e01ffffff34ff16ff2eff71ff37ff3dffff496260ff1affff780264ffff1fff553001ffff1bffffffffffff24332c1c1316ff4d03ffffffffff05423027ffff6116ff6a1e19ffff1eff31524963ffff5e51ffffff4e47ffff0a21ffff474eff52ff7bffff6b61ffff72153bffff13ffffffffff7eff45ff4bffff476affff7bffffffff5bff0eff420fffff4a4625ff5266ff213a28ff32ffffff4d0affffff12ffffffffff68ffff3d46ffffff45ffff4effffffffffffffff406fff79ff3616ff1d26ff081b07ff4a241eff5a5aff3120ffff42ffffffffffff18ffffffffffff0d7fff54ff20ff5bff23ff27ffff041a73ffffff59051b0318ff07ffff18ffffff0100002130303421234145533aff5dffff6d20236947ffffff51077dff2bff5937ffff5effff2d442f5b617d3bffffffffffff23ffff1affffffff2bffffff6fff29ff13621effffff694cff112a2f1d62ff6aff7c5749ffff490b5b33ff67ff2aff2b2aff60ff20ffff17ff19391c5331ff6d6bffffffffffffff28652843ffffffffff7f1b24ffff69ffffffff441546294aff3b23520d48ff46ff59ff6dffffff013fff2fffff1c102b7eff51ff1632ffffffffffffff627c73ff03ff19ffffff0cffff32ffffff75ffff35ffffffff54ff21ff7367ffffffffffffff71ffff56ff072130ff520949ffffff6b6c74ff7c0340ff38ff3b42ffff6703ff35ffffff43ff234d0460ff6f7dff5dffff440d2cffff2dffff0067ffffffffffff03ff5d106b24ff6a764eff4dffffff7bffffff3012ff246fffff64ffff20ff2fffffff4538ff5d55ff1dff6928ff6127324cff0bff2bff04221f135dff101d01ff6fff5bff24ffff68ffffffffff0e3706780f70ff382bff6a4f7bffff243d6d55ffff4fff33ff295e36ff35ff6affff08ffff317eff5fffffffffffff28ffff7bffff41ffffffffffffffff1eff7dffffffff43ffffffffffffffffffffffff63ffffff3063ffffff05ffffff57'
2024/02/26 13:11:49 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:38:50 wazuh-remoted: WARNING: Unexpected message (hex): 'ff640cffff693bff417a4145533a77ff611bff365e13ffffffff086bff7affff0b4d56ffffff0bffff7cffff121937ffff2f624b0a0affffff472f346dff7cffff5410ffffffff26ff36ff670aff163969ffffff5fffffff26ff1c2940ffffff3cffffff2928ffffffffff5b25ff27ff4533ff6202ffff3f19ff6818ffffff771a39173eff36ffffff14ffffffff55ffffff77ffffff19ffff7dffff3771ff4a22ff4f0cff3effff0b543bff67ffff2064ffff0fff49224affff3bffff3fff6bffffff415c5061ff605811ffff7770ff7a717115ffffffff0320ffff54ffff0dffffff7a363e7e3070ff03ffff6d2872ffffff060bffff2dffff532aff33ffffffff18ffffff18ff52ff71ffff15ff30ff5436ffff17ffffffffff6dff50ffff72ff265049ffffffffff04ff742a14ffff310c00ff68ffff251eff4323ffffffff4152ff7bffff13341d3bffff78ffffff2dffffff66ffff3559ffff617fff46ff2c25505610ff30ffff1605ff40ff575cff7dffff020fffff446e4d33ff0dff53ffffff0f0effffff5971ff6535ffff56ff67ff6411272bffffffff6dffff0dff55ffff72176affff57ffff353b4c270b575eff1d62ffffffffff0578ffffff12ffffffffff4aff360fff01ffffffffffff15ffffff3e5079ff6aff14ffff640cffff693bff417aff55ffff2fffffffffffff374cff726f0926ffffffff'
2024/02/26 13:38:50 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:41:10 wazuh-remoted: WARNING: Unexpected message (hex): '634537ffffffffffff49656d06ff1cff676aff2aff120fffffffff700741ffff75614424ffff555aff6256ff05ff693cff0fffffff776fffffffff7affff07ff56ff1b405effffffff07ffffff0a6cffffffff77ff1b53ffffff5d603d2e74ffff435c34ffff623bff09ff45ffff4b12ffffff776309ff49ffff4625ff77ffff29ffffffff3a24ffff11ff7fffff125329ffffff5aff52ff7f293b42ffffff7238ffffffff5a68ffff23ffffffff19ff7e79ff5affff65ff2a03427244ffffff47ff4fff136b22ff5a6c50ffff5bff532cffff467aff77ff0d2e2b7c66ffff1b62ff771f5d78ffffffffff73264a7d266566ff38ff012eff2effff6dff047c524e49ffff675fffff662a18346969ffff6c1dffff07ff726834ff4cffff1fffff3916ff4a732aff0215ffff6117ffff603e3bff626520ffffffffff6dff6b42ff7745ffff0c24ff6215ffffffff213300ffff3dff5effffff305cff37ff165560ff66127963ffff4542ff5540416410582b0cffff213bffff6920ff04ff76ff22044d04ffffff55ff4137ff624fffff706fff596bffffffffff7936ff315bffffffff2e1577ffffff3a6d5957ff7fff0139ff025fff332d7dff59ff591c6834026fffff7637ffff2aff3044ff6a30634537ffffffffffff49656d06ff1cff676aff2aff120fffffff6b67ffffffff6cff3dff17ff244c5c56ffffff090648'
2024/02/26 13:41:10 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:41:29 wazuh-remoted: WARNING: Unexpected message (hex): '5cff11ff4cffff5d03ff18ff4affff527cffffff3dff792a7affffffff41ffffffff4f2a5bff4cffffffffffffffffff19ffff47ffffff417818ff64124c275f71ff32ffff213978ff5964ff12ff24ff73482cff411741167767605a4cffff0d17ff2c25ffffffff7cffffffff705fff2f0019ff09ffff2d2d49ff4a74ffff7575ffffff04ffffffffffffff270d1dff7245ffffffff4779ffffffffff29ffff6a72ffff54ff5eff0239ffff5b066cff563a2f406446283216ff13ffff20254f266d4cff7affff5affffff00ff2753ffff3f14ffff4b04ff18354461ffff05ff66ff223cffffff7d19ff0c71ffff7effff576570ffff75ffff196aff673c0964ff0aff547effff250effff1bffff1fff4e78ffff1bffff24ff49ffffffff4e2dffffffffff791d6dffffff18ffffffffffff0b72ff5cffffff5c465e35ff79ff3153ff040effffff004a736657ff191b1b68ffffff6d48ffffff28ffffffffffff61ffffffffffffffff2fffff4dffff66ffffffffff6606ff0618ffff01ffff72ff5bffffffff15ff2932133f7f4cff71ff10ff206eff19143dff31ff6fff2bff34ffff1e2a2affffffff6667101cff563cffff586cff61ff1dff107bff4effffff79ffffffff02770bff186aff56ffff11ffffffffff035dffff7cff045cff11ff4cffff5d03ff18ff4affff527cffffff3dff792a7aff5fffffffff290a0200002130303421234145533a576fffffffffff37117bffffff2b634aff5eff4fffffff7dffff023a325cff2fffffff70ffffffffff513e22204207ff3a62085dffffff65333734ff7e2c52ffff04ffff70ff242959ffff1c2b5cffffffff14ffffffffffff68ffffff6e4007ffff741d57ff6530ffff6affffffff49ffffffff3306ffff34ff4f01ffff1d72ffff5519ff40ffffff374e240effffff4201086cffff7137ffffffff547fffff3affffff6bffffffffff17ff7009ffff73ffffffffff03ff49ffff53ff61ffffffffff1bffff4826ffff25ffffffff7f7071ffffff30ffff501529ffff54ff0bffffffffff360d2436ff734b487bffff5cffffffffff0bff157fff7f1964047bff674e3468487d0a590730414affff2f5fff1612364affff51795eff48ffff15ffffffff10ff0012ff7a6fffff48ffffffff317b0230ffff76ff7537ffffffffff06104f78350e59ffff66ffffff71ff5affff274b74ffffffff33ffff10ffff2b7d61ff587bff39ff6a121f4a33ff045dff1eff2767ff6e6737ffffffff58ff5e2fffffff23ffffff45ffffff4024ff0bff1e56ff52ffff22ffffff14ff5b44115254ffff1eff6854ff4bff5eff05ff0c1aff257aff22ffff6dffffff3aff19ff0130ff1f21ffffffff19ffff7bff2b52ff75ff0bffff1cffff6fffff46ffffffffff36003324ff3aff67ffffffff35ff46ff70'
2024/02/26 13:41:29 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:43:39 wazuh-remoted: WARNING: Unexpected message (hex): 'ff48ffff47ff7f42ffff60ffff01ff661478ffff7a5cff6dffff03ff0844502448ffff7fff6157ff1032325a3c7b361aff55ffffffffffff397fff4635ff28ff6c2eff602effffffffff203256ffffff636fff59ffffffff7bffffffffff5b4a416bff542b1effffff201eff1475ffffffff2744ff79ffff60ff546642ffffffff0eff5a3e51ff31380d1eff4d2a19ff30ffffff514a78ffffffffffffff7f38ff4079ff1aff7cffff5f4fffffffff6c1f18564433ff78ff67ffff13ff7569ff21ffffff0affffffff613a0affffffffff4effff60ff59ffffff0aff2b6c000b200dff6effff0eff38ffff667d79ffffff3bffff7bffffffff33ff3fff247b6d49ffff6dffff54ff06ffffffffff7f10ff6effffff7dffffffffffffffff6bff6b34ffffffff053cff6fff52ffff18447d3a5effff54ffffffff61ff51ff3f5a1aff6eff3cffff476634ff7e50ff22ff6a10ff072dff11ffff4c5fffff354dffffffffff2aff58ffffff7bff3dff0eff3735ffffff2a3bff1125ff39684fff7b0a3aff2563576e17ff19ffffffffffff17ff4dffff5affff017512ff75ff17226bff45ff18ff501029ff65ff32ff7bffffffff176b1fffff67ff77487fff58ff76ffffffff1e36ff541f3624ffff351eff5c52117fff08ffffffffff01ffff48ffff47ff7f42ffff60ffff01ff661478ffff7a5cff6dffff03ff0844502448ff7affffff08ff0240110e30434415ff0100002130303421234145533aff69ffff10ffff4a6f6f5e0015ff6dff6f7cffffffff536928ffff1bff64ffff47ffffffff715fffff5e1e55ff5dff067cff5753586c276778ffff2fff637661ff7effffff3d4b2fff6d520104ffff15ff35ffff0d29ffff20306bffff16233f2a3c20ff636c7dffff3dff0e22314a16330fff01ff1cff7eff33564effffffff2fff5eff7cffffffffff3139ffffff7fff0f49ff0dff4dffff5b68ffffff7eff58ff2fff1f1affffffff3effff520849ff02ff4cffffff73ff4c064affffffffff28ff62ffff28ffffffffffff72ff05ffffffff382b51ffff2fff4affffffffff54713d79ffff4c7c69ffffffffff5b533b54ffffffffffffffff0fffffff6affffffff7529ff3dff34537b1203ff3434564cff4f2d2dff27ff4e29335145085c4944635f7a6f7d261affffffff5b6712ffff6cffffffff7c0aff003eff2f5a17ffff47ffffffffffff764fff7c12ffff3275ff6472ffff1eff6cffffffffff552bffffff49ff404051ff04ff19ffff511cff62ff0d2dff09ff3b5d39ffff06ff0b7a5fff78ff5873ffffff31ff2aff4eff67ffffff761bffffff5fff364aff5354ffff14ffff397a7731561effffffff40ffffffff67ffffffff4705ff50ffffff1a0dffffffffffffff34ff74271b'
2024/02/26 13:43:39 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:44:30 wazuh-remoted: WARNING: Unexpected message (hex): '77237effff2cffffff7dff3a6aff4116ff7c24ffff00ffff10107e5d6e481affffffff1bffffffff51ff5d23ff7bffffff20ffffffff786466ffffffff6f1863ffff4371ffffff0330ff042c37ff2b58ffffffff64ff52ffffff7109ff3855ff11ffffff0c6a37491fffffffffff182aff6a79ff56ff5affff5eff4effff2b63ffff2dff6e2b6dffffffff7eff78ff7b164e52ff2262ff23ff1d0215ff6059ffff61ff5fff7fff48ff581f05ff64536dff57ff1a4f31ffffff14ff39ffff1038535c62ffffffff47ff30ffff587947ffffff7b3e5bffffffff02ff714bff36ffff526eff0031405a6c7dffffffffff0bffffff6e0d0a1b55ffffffffff29ffffff5effffff023c44557549ffffff0bff7fff16ff6915ff54ff66ff74ff4cffffffffffffff06ff31422fff2cff6264ff525a68ff0cffffffff42ffffff5c7174ff1d5868ff4eff511dff315866ff3d237fffffffffffff6329ffff24ff25ff442303ff175bff63ffffffffff5affffff7cffff20ff19ffff1015ff6fff5b3e22ffffffff76ff5c7eff37ffffffffffff4dff3c6d4cff314affffffffffffffff42096bffffff33ff3b7e7c754b64ffff5a550bffff567715ffffffffffff616cff6dff08ffffffffffffff50ff2677237effff2cffffff7dff3a6aff4116ff7c24ffff00ffff1010ffff616e7dffff0100002130303421234145533a1e79ffff09ff187f5410ff4cffffff5c1933ffff0c02655bffff6eff6852ffff48ff07ffffff3dffff717dff2f71ff79433cffff43ff3fffffff5fff320dff2349ffffff6071ff041c2b13ffffffffffffff3915ff49ff1514ffff63ff12ffff597c10ff281aff3b5cffff68ff65ffffff7f2f402a2741ff594bff02ffffff13ff53ffff1effffff51664cff7bffff6dff304effffff671dff21ffff17ffffffff55114fffffffff2d305465ff16ffff067065ffffffffffff6bffffff206639ff7441274e2356ff34586d68ffffffff22772214087e43150219ff354cffff7aff412dff6533ff7cffff43ff79ff28ff1e0aff6b107907ffff1dff550c2134ffffffff00ffffff004f78ffff0dff115fff7dff1c3fffff0045031c66ffffffff7affff7cff32ffff52ff65ffffff471e32ff62ff6d59ff3a6f124a554729ffff3bff7bffffffffffffff1affff753204ff2645ffffffffffff16ff45ffff17ff607fff3003ffff4c4cffffffff3b7a006d203e0e7734542021ff3bff322e584d4a4f4674ffffff1a053fffff1fff7bffffff42ff3e5effffff2bff18ffff2c57ff15064f2c186873ff3fff4a2d27ff16ff7e6aff75ffffffffff72ff3d0bffff'
2024/02/26 13:44:30 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:44:49 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff6058ff33337cffff362b7dff403529ff5effff14ff431c08ff5effffff4bffffff41200079081b3a4bffffff5310ff1f7b57ff1cffff23ffffff0471ffff7aff19ffffff03ff54ff09ffff56ffffff69ffffffffff0239ff27ffffffffffff6f4b15473b2800ff19ffffffff7effff58ff2a07297aff51ff2a76ff2a7c1bff51ffff2371164bff74ff7169ff3737ffffffffff1548ff3a4b620977ff0dffffff24ffff507fffff17ff41ff193bff3e59ffffff06ffff2dff69ffff587dffff5dff2dff1b7e38ff60ff55ffffffffff5fffff6effff1cffff71ff13ff3402ffffffff7dffffffffff3a4fff57ff20ff6e7704ffffff1eff192fff7163ffff101aff4c3fff0c18ffff557e1b764cff2b7c186d0a4b514674ff7effff39ff511943ff12ffff3e02ffff6effff20ff1fff5aff120cff310fffffff02ffffffffffff4d67596bff395f635e4aff63ffffffff7f2672ff2affff68ff2c4e5f7dff5c4eff3e7cffffffff7aff08783d16ffff76ff5344ff0a64ff6866ff69ffff7fffffffff5fffff6cffff09ffff7e7affff0effffff41ff28ff5d23ff2a67635d5cff7c6cff7dff1c08ffffffff0bff6bff5126ffffff51ff002b6504ffffff44ffff390effffffffffffffffffffffff6058ff33337cffff362b7dff403529ff5effff14ff431c080bff64ffff44ff0100002130303421234145533a363b317977553aff11ff7e58ffffff3d6415ff67ffffffffff4c7738ff60ff6341150c21706dffff08ff473c1affffff4aff3843ff7dffffff46ff084b6f64ffffffffffffffffffffffffff2bff7533ffffff7a655bff5615097eff50ffffff7fff38ffffff63ff3a510a6a4e2dff43ff04106cffff0220ffffff354c4dffffff1003ff415affffff111b406c07ff4cffffffffff357fff2610ffff2fff1f676e04ffffff71ffffff5f6062ffffff54ff5bffff737aff4effff2a06ffffffff7b3b3b4effff3effffffff60ff1c272cff75ffffff23ff08ff0c523bffff64ff0affffff06ffff4dff6bffffff25172d7376063affff6e29ffff12ffff74ffff7dff743dff44ff69ffff247a010820ffffff764474ffff5b18ff5967ff62ff0f384e2a005663ff4a3b6863ffff40ff2dffff6b511f5650ff72ff7b7e25ffffff57647eff25ffff546f345cffffffff1e2a27ffffff60ffffff4effff1740ffff5008ff3aff77ffff381b78ff576fffffff7effffffff61ffff37ff7f02ffff26ffff3e272c1cff52ff733dff13ffffff20ffff1bff1affff32ff32ff23ff54ffffff5739ffff32ffffff50ffffffff473a01ff3367323b5a3aff670cffff21ffffff1306ffffffff09ffffffff4a7966ff68ffffffff584b6f65ff5b013cffff'
2024/02/26 13:44:49 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:44:59 wazuh-remoted: WARNING: Unexpected message (hex): 'ff05ff04ffffff6212ff4145533aff6cffffffff453a791c2b51126931073bffffffffff78ffffffff40ffffff34ffffffffff03ffffff1affffff11ff26ffff48ffff2549ffff0dff54ff7744ff55ffffffffff5affff740cff5bff01ff703cff6cffff67ffff3938ffff04ff18ffff372bff6626ff0010ff10ffffff002eff3fffffff495c7f1cff44ff106645336bff1effffff6b0dffffffff0223157a552207783affff17ff43ff514c5dffff524d156d1137461dffff1effffffffff28653eff70ffff0aff03ff230370ffff03ffff13ff322fffffff44ff35ffff4a5754ffffffff0337ff2effffffff1aff2bff4dffff1c62ffff111072ffff3dffff470affff581e39ff4211ff45ffff715dffff0dff147affff57ffffffff70ff3f1e6dff0817ffffff78ff747c2a1effffffffffffff6e5968ffff32ffffffff0d22ffffff51ff6affffffffffff1aff7e08ff767b4b197aff03ffffff24ffff297dff2226ffff535c1f0555ffffffff4aff6b69ffffff7affff4c7f33ffff58ffff0d3e5c242cff0f14ffffff00ffff09ffff06037036ffffff0dff503171ff03ff3eff113e14ff34ffff01ff620eff4affff23ffff4fffff7dff7effffff494c05ff4bff712317ffffff30094bffff18ffffff27ff4546ffff1b46ffffffffffff790505ffff09ffff34ffff2166ff05ff04ffffff6212ffff1eff69ffffffff27024e7cff2dffffff101d35ff17'
2024/02/26 13:44:59 wazuh-remoted: WARNING: Too big message size from socket [30].
2024/02/26 13:49:32 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: [json.exception.out_of_range.403] key 'metrics' not found
2024/02/26 13:49:53 wazuh-remoted: WARNING: Unexpected message (hex): '7048ffffffff78ff15ff4145533a475c480412ffffffffff38ff78ff5aff76133061ff240effffffff34ff58ffffff2fffff13303e1e1a76ff2aff7a13ffffff22ff2cffffff6b2aff182e1dff62ffffffffff28ffffffff5fff5d64ffffff59ffffffffffffffff147d534c151b61ff6517ff5e2dff25ff0f17ffff657f542a6cffffff08ff6aff44ff57ffffffffff097bffffffffffff7502ffff6f7d3c7502ff4558ffffffffff66ff055fffffffff795fffffffffffffff25ff0cff14ffff3f67ff5effff6affff7c24ffff5eff2c0dffff56ff29ffff102c0fff2d1fffffff78576e5effffff7922026bff522cff7fff210319143325ff76716dff72ff1a636263ffffff70ffff1affff17016cff2c0a72094406ff19ff74ff37ff46ffffffffffffff7bff3f3c2b20ff6b45ff164aff3e72ffffffffff6910ffff15ff454d72ffff0c367918ffffff01ffffffff58ff69ffff73ff606c725a01ffff17ffff244922ff340b7857ffff1163585affff50ffff0eff762b09ffffffff6fffffff3eff4cff75ff3dffff4d2eff30ff71ffffffff3360ffffff70ffffffff51ffffffff3b78ffff5fff3dffffffffff6eff22ffff2769ff13ffff1a22ffffffffffff5726ffffffff7eff3b72ff4bff667418ffffff19ffff33ffffff1b03ffffffff34ff2affff0eff271affff7048ffffffff78ff15ffffffff6fffffff0100002130303421234145533a27516f1b3e73ffffff7b1052ffff42ffff69ffffff38ffff7510ffff6dffff46ff3d703100ff29432c3761ffffff09ffff0eff6bffffffffffffffffffff6f136c2eff461b16ff1b7704426a3dff4effff182508ffffff5523ffff1e68ff2761ff01ff110bffff25ff2447ff76ff6eff20ffff215276ffff48ffffff1773ff5bffffffffffff6bff66ff0217ffff60ffff335effff49401a1dffff1cffffffffffff5b25ff02ff2b2f19ffffff3941223514ffffff33ff52ffffff5dffff657dff157bff301d4e511fff7b4400ffff0c20ffff78ff370079ffff5fffffff791a3b4e365dff67ff16ffffff42ffff7effffff0bff66ff4dffffff212e7b7fffff2fffffff06ff701a4bff41ffffff6c7612ff371c1a401b296b5effffff4522ff194156ffff18ffffffff1244ffffffffffff5dff0bffffff290f4eff4a4bff7c3d25666fff745aff73382406ffff1342ffffff1fff71ffffff771cffff11693b5366ffff1bffffff460634ffff08ffff2affff24400fffffff4aff4444ff23ffff78ffffffffffffff0effffff1eff26ff6a227d01ff3b6b3469ff1d01ffffff1dff73ff76ffffffff28ff6cffff31ff51ff33ff3a77ffffffffff6aff384cff56ff12ff52ffff1c3aff21ffff0fff6effffffffffffffff3bffff06ffff2aff'
2024/02/26 13:49:53 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 13:53:03 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff0e07ffff4e62775cffff103a531f3fffff064cffffff48ffff14ffffff6d2d4bff2d41553cffff5cffffffffff38ffff29477e13ffff7e56ff55623bff1e0c4336576d1cffff3a1fffffffffffff63ff7e64ff196530ffff5cffffff28ff357f020cff52ffffffffffffff760aff73ff327e5e2d360cff7dffff2344ffff3d07ff01ff145b6e12ffff1cff585fffff14187a0276ffffff154effffff70ff13ffffffff1d3f07217bffff43ffff675165ffffffff18ffff35ff4961ff5dffff3d31ffffff26ffff0bff32564a5dffff20ffff7effffff1eff732837ff23ff15ff51ffffffffff4166ffff5861ffff2f287affffffffff5a032eff63ffffffff7e25ffffffffff36637d3aff4219ff2eff2a1a17ffff2e4cffffffff1674ff74ff67ff7a3bffff0b591b15ffffff3cffffff7cff57ff0effff2effff38ff41ff2cffffff5c52ff6b17ffff06ffffff7c21ffffffff06ffff3f163c22ffff36ffffffff7229ffff58ff02ff59ff52ffff67ffffff541b2eff4e3dff6548ffff49ffffff28ff38ffff2dffff51ffff7378313eff48ff5bffffff79ff391361ff5cff04343affff2bffffff005aff5d64ff69ffffff74ffffffff1d4c1649353b2e6fff0fff665741ff4d1d055f2cffff0e07ffff4e62775cffff103a531f3fffff064cffffff48ffffffff322609722d2a1320ff7a55ff0cffff145d1eff3cffff4507ff2bffffff15ff4d68272b'
2024/02/26 13:53:03 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 13:58:20 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:00:23 wazuh-remoted: WARNING: Unexpected message (hex): 'ffff0605ffffffff1bff2fff205b1aff54ffffff78ff35ff42ff17ff44ff5f39ffffff07ffffffff4c1cffff0dff673fff08ff3dff3fffff5328ff6fffffff2e6aff410727ffff1f5767120affff5bff141400771230ff69ffff1fff69ff0e2cffffffff3f421cff74ff676f1cffff142006644b0eff4fff0eff61ff161dffffff7affffff17ff7cffffffff7e70ffff7cff09ff0bffff153d28615cff2c31ffffff4fff18ff2a52ff37ffffff1826ff42ffff3bffffff0e7377ffff771e13ffffff4808ffff1eff1a48ff6b5369ff5cff77ffffff31617cffff73ff3cffffff2b2c6cff3170ff7037ff4a173cff0bffff76ffffffffff40ffff3aff3e4eff07ff60ffff313e67ff2aff6c50ffffff2d07595a293fff1fffffffffffff7dffff40ffffffff5aff34ffffff0919406d7d305b75ffffffff03ffffff7f2dffffff7aff79ffffff4fff7949ff4c6556ffff752c587b58ffff0bffff25ffff1a61ffff7cffff62ffffff4fff723bffffffff3f1b1a4e34ff79021e2b07ffffffff0c2f33ffffffff70274453753f386eff22ffff0cffff0615ff07ffff1dff1fff35ffff49ffff36ff39ff4053ff760c54ff7265ff3affff4c35ff3443203dffffffff2bffff5638ff23ffffff01233841ff17ff340253ffff093fffff44ffff63ff64ff73ff6e0f5bff5058ffffff5dff4164565c2fff13ff02ffffffffffffffff15ff37ff74ff6a30ff4230ffff09ff2d0619ffff5dffffffff1f12ffff07ffffffff0fffffff0953ff6dff0dffff005affff5f12ff3e76ff034277561fffffff365867485721ff1fff6cffffffff0c3bffffffffff7b7cffffff45ffff615c6a6a465069ff1376ffff5010ffff3fff03ff61157fffffff25ff61ff3d2b35ffff0605ffffffff1bff2fff205b1aff54ffffff78ff35ff42ff17ff44ff5f39ffffff07ffffffff4c1cffff0dff673fff0866ffffff124c1f200bffff5cffff7a0200002130303421234145533affff6546ff4e1fffffff79ffff06ff6c285f3fffffff4c3221ffffff58ffffff28ff04ff24ffffffffff16ff763956ff562a5aff46ffffff5c5b3cffff520c16624b22ff553b5b53ffff39193bffff1dffff1fffff76ffff4b222b7fffff501d5971ff7a566b24ff7825ffff3cffffffff0aff10ffffff627cff6fff7b1bff323e6a3b27793fff4609ffffffff5fff5fff5462ff7a671bff25ff52ffffffffffffffffffffffffff72ff033672ff2e23ffff09ffff46ff3fffff61ff0a78ffffffffff6d1f64ffff194202226eff556e5c600aff3affff6aff4eff3dffff640644ff5dff61ffffff33291972ffff1a4b48727823ff0dff486cffffff0dff3aff55ff7fffff31ffffff1b7b0affff0cff43ff73ff56ffffffff221cff1eff4cff0f04ffff44ffff01ff32613f7178ff506cff5e6c'
2024/02/26 14:00:23 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 14:00:52 wazuh-remoted: WARNING: Unexpected message (hex): '63ffff55ffff70ff581c4145533a3f1b384f18ff56ff070f2f4f42ffffff4e3b0951ffff19ff5fff43ffff0101ff61ff75ffffff64ffff545c1764223427ffffffffff6f0bffffffffff56ff03ff2239ffffffff50ff1a632cff5eff3fffffff365a486725ffff5bffff070b55780c54ff4cffff1b6cff3c14ffff371f380a61ffffff4affff73ffff3eff09ffffff0d73ffffffffff0b79447376ff03ffff57ffff0858ff4461ffffffffff2bff21ff4c4dffffff53ffffffffff1eff106f46147bff02ffffff03ffffff526eff2eff35ffffff64ffff31ffffff0f70ffff0146ffff19ff5720ff65ffffff5c22ffff413bffff4d1b1368ff5f6fffffffffff4cffffffff63ffffffffffff511b4166ffffff4804ff7fff06ff5a1c4b7d143f517060ffffffffff2effffffffffffff38ff00ff33ffff18657effffffff1e771cffff66ffff78ffff6affff1c67281e53ff31ff1effff59734b3767ff2a7730ff74ffffffffff2a2f30ff1678ff21ff780a7c0e0f2058ffff5fff205b1716ffff3210761b5b5cff130bffff2204ffffffff7bff7a640eff37581e32ffff77ffffff1fff11ffffff5575ff6cff3fffffffffff0affff312effff1b201d7e4bffff7eff4d0803ffffff2221351f07ffffff05ff3effffff24ffffffff757c63ffff55ffff70ff581c63ff5a0fff533b0d26ff3aff27ffff180affff442a5fff0100002130303421234145533affffffff36ff00ff3b4eff336f20ff3c713b6dffff4928ffff30ff55ff41ffff16ffff2cffff591863ffffff5affff445fff6cffffff7c071cff7200ff37ff49ffff1c49ff4d4cffff61042eff4c40ffff653372ffff6111ff13ffff20ff0dff55ffffffff06ff2fff3b3f2eff390aff65167555ffff13ffff0a0dff0fffffffffff620fffff3dffff253bffff4b76ff181f6bff605bffff2253ffff69ffffff64ffff54ffffffffffffff7a5b21ffff572d4e67443c20ffffffffffff22ffffffff05572cffff0e32ff5f10ff47ff443e40ff40ffff28ffffff6aff69ffff02ff1f3c3732ff79295bff2eff3effff3fffff38ff582affffffff2e564518ffffff22ffff060244ffffffff26ffffff64ff6174ffffff0effffff2929ffffff6effffff35ff4aff1a1bffff550200ff3245ff1d5f70ff24ffffff78ff71362dffffff5eff49ff752d1e40ff0bffff33ff65ff3f523b17ff7dffffffff27ff7aff4cff482249ff7270ffffffff21ffff0011645944ff71ff60ffffffff05ff27ff28ffff4bffff2c5cff65ffff4252ff6cff7847ff2d0fffffffffff3f1f28ffff6bff327e4375ff0eff2bffff1b7c05ffffffff35651428ff16ffffff5bff7eff3dffffff0b6903ff0affff7b42ff4aff76ffff17ffff416fffffffff1571ffff'
2024/02/26 14:00:52 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 14:01:03 wazuh-remoted: WARNING: Unexpected message (hex): 'ff6b7a05ff47ffffff4d4145533a00ffffff6fffffff1f51ffffffff400e6c47ff48ff62ff43ff01ff494bff23ff637927ffff4d247cff1f55ff27ffff786eff1734325e51ff64ff43ffffff2d4a38ffffffffffffffffffff51ffff3dffff0317ffff73ff38ffff3bff6fff4268ff06ffff74ff5dffff32ffffffffff15746bffff771bff0a53ffff64ff7f65ffff454eff0a03ff3eff40ff44ff322633ffffff3a61ff675333ff0335ff6f02ff2effffff5f3575ffffff072b4cff1150ffffffffffff1effffff7c2b64ffff0affffff4d58ff59ffffff19ff50ff38694aff7cff610274ff5cffffffff6bff28ffff190fffffffffffff39744c20ff33ff06745b6346ff3affff7049ff38ffffff7a32ff351fffffff526dffffff6eff15634347ffffff343e1bffff3c44ffffffffffffff160a286f6d07ffffff79ff51ff2bff32ffffffff1c1c0a63ffff330759ffffff2cffff781fff60ff7d74ff3effff2322ffff4bff2526ff23ffff0d0d69ffffffffffffff72ffff5454ffff7dffffff32ff4043ff5effff39ffff4effffffffff5309ff71ff5dffff0cff6d5dffff75752045ff5967ff086cff2b1844ffff7c3126ffff62ff72ffff01ff3bffffffff0a653715ff6f581dff765349ff3bff483cff4d76677a7258ff56ff43ff6b7a05ff47ffffff4dff63ffffffffff64ffffff4c6a33ffffff11ffffff144021ff6801ffffffff7d20ff45541effff0100002130303421234145533a31ffff62496cffff4542ffff1b3cffffffffff60ff42ffff5d15ff7bffff74ff304bffff22ffff28ffff20ff3314ffffff35ff5effffff52ffffffff69ffff286f24ffffffffff47ffff71ffffffffff55ff20ffffff4effffff3172ffff3affffff5bff365e25ffff2859ffffff2fffffff62ff0b407c6b65ff54ff5a494703737006ffffffff18ffff0b163affffff32ffff1aff422f517e685dff3d10ffffffff19ffffff47ffffff33ff59ff72ff0021ff274c293269ff5cffffffffff61254f311811ffffffffff68ff4971ff2effffff2d48147935ff0bffff151665ff012aff744971ff67ff62ff51ffffff35ff1e5d35ffff7371ff2f186effff60514b6b6621ffffffff67ff73ff27ff3effffff1eff720d2248183cffff2b45ff62ff04ffffff016d337effffffff0dffffff313fff187610ffff1aff30ffff30ffffff0bffff6dff36ff2a3bff2e6074ff36ff22ffffffff1a62577a40ffff2604ffffffffffffffffffff4f21ff6bff4affff7a771a0304ffff10ffff0bffffffff1cff37ff5955ffffffffff663bffff300320ff0e41ffff564dff777fffffff116bffffffffffffff2b64ffffff7d62144426ff445b58ffffffff77ffffff63'
2024/02/26 14:01:03 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 14:02:02 wazuh-remoted: WARNING: Unexpected message (hex): 'ff30ff0d77ffff0effff4145533a123f2403ffff275a6f1b6fff5bff1a3cffff4904ff01ff437213ffffff173004ffff1affff2aff3dff77ff3a25ffffff6e5fff3c607bff5fff22ff7eff1c795a0eff2cffff697fff61ffffffffffffffff3affffff4c69304539ff590d31ffff7d451a776fff52ffff300675ffffffffff29260b3035ffff23ff0f795154ff70751bff0a3648ffffff3e7d0fffff00ff0cffff0aff73ff73ffff39ffffffff6cffff04ffffff5d7bff306cff3aff657e3b5c7aff13ff5a37ffffffffff2d74ff11284fff4d674019ff2d18ffff52ffffff42031dffff68500a12ffff5d637affffffff64ffffffffffff40ffff3a38ffffffffff06ff43ff482e76ffffffffff413143ff11ff23ffffff326dff4cff42ff0a7dff6675ff63ffffff521cffffffff70ffffff205e2cff2f68ffff2aff23782b32ffffff02ff3941534e3f01ffffff73ff4eff19ffff210e03ffff7775ff26ffffff0dff294903ffff4d2dff77ffffff52ffffffff047cff7031ffffffffff3fff5c7dffffffffffff21ff75ff3108176dff5f2f13ff03ffff33ffffffff10621cffff190cff70ffff5b1576ffff26ff670a33ff1dff13ffff2d7fff4416ffff1bffff2aff7c1b260033ff4352ffffffffff66ffff7bffffffff25ff64ff08ff3d77ffff41ff14ff78ff1effffffff30ff0d77ffff0effff65ffffffffff'
2024/02/26 14:02:02 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 14:07:09 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:16:13 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source
2024/02/26 14:36:39 wazuh-remoted: WARNING: Unexpected message (hex): '6aff7179ffff4dffff366c60ff32397611ffff4cff3562ffff0e41ffffff6b4fff0d17ff366543ff02ff40ffffffffffffffffffff52ffffffffffff5d55ffffff68ffff6838ffffff0effffffffff5bff62214315722c4b7162ff63ffff58ff33ff2736464e5bffff58ff19ffff1f467affffff642852327dffffff23ffffff0b58ffff1bffff0cffffff5545ffff460924ff5f3629ffff4e24ffffffff6fff2effff4a5bffff5f57ff4cff50ff65ffffffff21ffffffff2bffff3eff17ffff21ffffff58ff397a4cffffff522e6aff7179ffff4dffff366c60ff32397611ffff4cff3562ffff0e41ffffff6b4fff0d17ff366543ff02ff40ffffffffffffffffffff52ffffffffffff5d55ffffff68ffff6838ffffff0effffffffff5bff62214315722c4b7162ff63ffff58ff33ff2736464e5bffff58ff19ffff1f467affffff642852327dffffff23ffffff0b58ffff1bffff0cffffff5545ffff460924ff5f3629ffff4e24ffffffff6fff2effff4a5bffff5f57ff4cff50ff65ffffffff21ffffffff2bffff3eff17ffff21ffffff58ff397a4cffffff522e6aff7179ffff4dffff366c60ff32397611ffff4cff3562ffff0e41ffffff6b4fff0d17ff366543ff02ff40ffffffffffffffffffff52ffffffffffff5d55ffffff68ffff6838ffffff0effffffffff5bff62214315722c4b7162ff63ffff58ff33ff2736464e5bffff58ff19ffff1f467affffff642852327dffffff23ffffff0b58ffff1bffff0cffffff5545ffff460924ff5f3629ffff4e24ffffffff6fff2effff4a5bffff5f57ff4cff50ff65ffffffff21ffffffff2bffff3eff17ffff21ffffff58ff397a4cffffff522e6aff7179ffff4dffff366c60ff32397611ffff4cff3562ffff0e41ffffff6b4fff0d17ff366543ff02ff40ffffffffffffffffffff52ffffffffffff5d55ffffff68ffff6838ffffff0effffffffff5bff62214315722b5eff47ff493bffff3224ffff6627ffff1aff6d6f3eff6f3eff7eff223dff7837ffffffff090aff6e36ffffff78ffff66602964ff38ff34ffffff5f63086effffff48ff2511ff56ff09ffff45ffffffffff276fff10ffffffff501423ffff396374ff0c34ffff47ffffff01ffffffffffff2bff47ff1c4847ffffff1120161659ffffff7016ffff63ff354cff0fff0effffff793e31ff724bffffff4558ff2dffff6d2dffff0bffffff44ff63ffffffff7030ff6b19ff7365ffff7e36ff04ff352e24ff563dffff3cffff566851ffffff3bffff78ffffffff7605ff5f413affffff1e7663ff32ff5d0328ffffff26ff40ff3c3dffff6443ffffff5bff1dff12ffffffff14ffff03ffffff44ffffffffffff6a59ff686429ff4aff7f12773dffff0cffffffffffff1effff19232f681550522dff36ffff653fffff5622ff4e59'
2024/02/26 14:36:39 wazuh-remoted: WARNING: Too big message size from socket [26].

Related to: Premature IndexerConnector warnings generated #21829. Known issue

2024/02/26 11:50:10 indexer-connector: WARNING: Error initializing IndexerConnector: Problem with the local SSL certificate, we will try again after 2 seconds.

Related to: Vulnerability detector refactor failing check analysis #22144. Known issue

2024/02/26 12:37:19 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Error getting CVEv5 Entry object from rocksdb. FlatBuffers verifier failed
2024/02/26 12:46:06 wazuh-modulesd:vulnerability-scanner: ERROR: Error processing message: Unable to parse payload: 1: 2700: error: unknown field: source

Related to: Remoted show Too big message size from socket after receiving a Wazuh agent message #17596. Known issue

2024/02/26 14:01:03 wazuh-remoted: WARNING: Too big message size from socket [33].
2024/02/26 14:02:02 wazuh-remoted: WARNING: Unexpected message (hex):

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
83

All the errors seems to be the same repeated over and over

2024/02/26 13:47:55 ERROR: [Local Server] [Main] Could not connect to master. Trying again in 10 seconds.
2024/02/26 14:12:18 ERROR: [Worker worker_01] [Agent-info sync] Error asking for permission: Error 3020 - Timeout sending request: syn_a_w_m_p
2024/02/26 14:12:20 ERROR: [Worker worker_01] [Integrity check] Error asking for permission: Error 3020 - Timeout sending request: syn_i_w_m_p
2024/02/26 14:12:47 ERROR: [Worker worker_01] [Keep Alive] Error sending keep alive: Error 3020 - Timeout sending request: echo-c
2024/02/26 14:12:48 ERROR: [Worker worker_01] [Agent-info sync] Error asking for permission: Error 3020 - Timeout sending request: syn_a_w_m_p
2024/02/26 14:12:49 ERROR: [Worker worker_01] [Integrity check] Error asking for permission: Error 3020 - Timeout sending request: syn_i_w_m_p
2024/02/26 14:13:18 ERROR: [Worker worker_01] [Agent-info sync] Error asking for permission: Error 3020 - Timeout sending request: syn_a_w_m_p
2024/02/26 14:13:18 ERROR: [Worker worker_01] [Integrity check] Error asking for permission: Error 3020 - Timeout sending request: syn_i_w_m_p
2024/02/26 14:13:47 ERROR: [Worker worker_01] [Integrity check] Error asking for permission: Error 3020 - Timeout sending request: syn_i_w_m_p
2024/02/26 14:13:48 ERROR: [Worker worker_01] [Agent-info sync] Error asking for permission: Error 3020 - Timeout sending request: syn_a_w_m_p
2024/02/26 14:14:07 ERROR: [Worker worker_01] [Keep Alive] Error sending keep alive: Error 3020 - Timeout sending request: echo-c
2024/02/26 14:14:07 ERROR: [Worker worker_01] [Keep Alive] Maximum number of failed keep alives reached. Disconnecting.
2024/02/26 14:14:37 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:15:07 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:15:37 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:16:07 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:16:37 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:17:07 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:17:37 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.
2024/02/26 14:36:36 ERROR: [Worker worker_01] [Main] Could not connect to master: Error 3020 - Timeout sending request: hello.

Related to: Multiple errors on wazuh cluster in Demo Environment for 4.8.0 Beta 2 #22146. New issue

Filebeat test output

filebeat test output
elasticsearch: https://10.0.2.198:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.198
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.112:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.112
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.169:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.169
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Conclusion 🔴

New issues

Known issues

QU3B1M · 2024-02-26T22:59:02Z

Check daemon status and user

Agent

Amazon 🟢

ps -aux | grep wazuh
root     11520  0.0  0.3  40768  3808 ?        Sl   12:10   0:01 /var/ossec/bin/wazuh-execd
wazuh    11532  0.0  0.8 262756  8252 ?        Sl   12:10   0:06 /var/ossec/bin/wazuh-agentd
root     11547  0.0  1.4 232896 13500 ?        SNl  12:10   0:13 /var/ossec/bin/wazuh-syscheckd
root     11561  0.0  0.5 483216  5532 ?        Sl   12:10   0:04 /var/ossec/bin/wazuh-logcollector
root     11579  0.0  2.0 686216 19316 ?        Sl   12:10   0:03 /var/ossec/bin/wazuh-modulesd
root     12135  0.0  0.9 150652  8644 ?        Ss   21:11   0:00 sshd: wazuh-user [priv]
wazuh-u+ 12147  0.0  0.3 150652  3592 ?        S    21:11   0:00 sshd: wazuh-user@pts/0
wazuh-u+ 12148  0.0  0.4 124740  3912 pts/0    Ss   21:11   0:00 -bash
root     12190  0.0  0.1 119424   964 pts/0    S+   21:16   0:00 grep --color=auto wazuh

CentOS 🟢

ps -aux | grep wazuh
root        9737  0.0  0.3  45828  2600 ?        Sl   12:10   0:00 /var/ossec/bin/wazuh-execd
wazuh       9749  0.0  1.3 277032 10548 ?        Sl   12:10   0:06 /var/ossec/bin/wazuh-agentd
root        9764  0.0  1.5 375404 12588 ?        SNl  12:10   0:16 /var/ossec/bin/wazuh-syscheckd
root        9779  0.0  0.6 488368  5124 ?        Sl   12:10   0:03 /var/ossec/bin/wazuh-logcollector
root        9798  0.0  2.8 761840 23268 ?        Sl   12:10   0:03 /var/ossec/bin/wazuh-modulesd
root       12725  0.1  1.2 163756 10356 ?        Ss   21:17   0:00 sshd: wazuh-user [priv]
wazuh-u+   12730  0.3  1.2 100700  9748 ?        Ss   21:17   0:00 /usr/lib/systemd/systemd --user
wazuh-u+   12735  0.0  0.9 266516  7236 ?        S    21:17   0:00 (sd-pam)
wazuh-u+   12741  0.0  0.6 163756  5548 ?        S    21:17   0:00 sshd: wazuh-user@pts/0
wazuh-u+   12750  0.0  0.4 233912  3828 pts/0    Ss   21:17   0:00 -bash
root       12792  0.0  0.1 221928  1088 pts/0    S+   21:17   0:00 grep --color=auto wazuh

Debian 🟢

ps -aux | grep wazuh
root        9720  0.0  0.3  26596  3580 ?        Sl   12:10   0:01 /var/ossec/bin/wazuh-execd
wazuh       9731  0.0  1.1 248768 11136 ?        Sl   12:10   0:08 /var/ossec/bin/wazuh-agentd
root        9745  0.0  1.2 345256 12476 ?        SNl  12:10   0:12 /var/ossec/bin/wazuh-syscheckd
root        9759  0.0  0.4 469144  4844 ?        Sl   12:10   0:05 /var/ossec/bin/wazuh-logcollector
root        9776  0.0  1.6 666004 16604 ?        Sl   12:10   0:03 /var/ossec/bin/wazuh-modulesd
root       13404  0.0  0.8  14216  8488 ?        Ss   21:17   0:00 sshd: wazuh-user [priv]
wazuh-u+   13407  0.0  0.8  15120  8488 ?        Ss   21:17   0:00 /lib/systemd/systemd --user
wazuh-u+   13408  0.0  0.3 104068  3312 ?        S    21:17   0:00 (sd-pam)
wazuh-u+   13427  0.0  0.4  14216  4856 ?        S    21:17   0:00 sshd: wazuh-user@pts/0
wazuh-u+   13429  0.0  0.4   6760  4532 pts/0    Ss   21:17   0:00 -bash
root       13440  0.0  0.0   5204   652 pts/0    S+   21:20   0:00 grep wazuh

RHEL 🟢

ps -aux | grep wazuh
root       61555  0.0  0.1  26384  6620 ?        Sl   12:34   0:00 /var/ossec/bin/wazuh-execd
wazuh      61567  0.0  0.3 248448 13324 ?        Sl   12:34   0:15 /var/ossec/bin/wazuh-agentd
root       61582  0.0  0.4 558228 18224 ?        SNl  12:34   0:27 /var/ossec/bin/wazuh-syscheckd
root       61602  0.0  0.2 468896  8552 ?        Sl   12:34   0:05 /var/ossec/bin/wazuh-logcollector
root       61620  0.0  1.0 1025084 40348 ?       Sl   12:34   0:09 /var/ossec/bin/wazuh-modulesd
root       98967  0.2  0.3  19012 11836 ?        Ss   21:20   0:00 sshd: wazuh-user [priv]
wazuh-u+   98979  1.0  0.3  22244 13652 ?        Ss   21:20   0:00 /usr/lib/systemd/systemd --user
wazuh-u+   98982  0.0  0.2 185156  9304 ?        S    21:20   0:00 (sd-pam)
wazuh-u+   98989  0.0  0.1  19184  7288 ?        S    21:20   0:00 sshd: wazuh-user@pts/0
wazuh-u+   98990  0.0  0.1   7384  4212 pts/0    Ss   21:20   0:00 -bash
root       99048  0.0  0.0   6408  2200 pts/0    S+   21:21   0:00 grep --color=auto wazuh

Ubuntu 🟢

ps -aux | grep wazuh
root       10117  0.0  0.2  26436  2608 ?        Sl   12:10   0:01 /var/ossec/bin/wazuh-execd
wazuh      10128  0.0  0.5 248404  5512 ?        Sl   12:10   0:07 /var/ossec/bin/wazuh-agentd
root       10142  0.0  0.9 214368  9292 ?        SNl  12:10   0:14 /var/ossec/bin/wazuh-syscheckd
root       10156  0.0  0.3 468904  3372 ?        Sl   12:11   0:04 /var/ossec/bin/wazuh-logcollector
root       10176  0.0  1.2 731332 11696 ?        Sl   12:11   0:03 /var/ossec/bin/wazuh-modulesd
root       14893  0.2  1.1  17172 10808 ?        Ss   21:22   0:00 sshd: wazuh-user [priv]
wazuh-u+   14896  1.7  0.9  17056  9560 ?        Ss   21:22   0:00 /lib/systemd/systemd --user
wazuh-u+   14897  0.0  0.5 170396  4992 ?        S    21:22   0:00 (sd-pam)
wazuh-u+   14978  0.0  0.8  17304  7980 ?        S    21:22   0:00 sshd: wazuh-user@pts/0
wazuh-u+   14979  1.0  0.5   9148  5260 pts/0    Ss   21:22   0:00 -bash
wazuh-u+   14989  0.0  0.3  10728  3628 pts/0    R+   21:22   0:00 ps -aux
wazuh-u+   14990  0.0  0.2   7004  2260 pts/0    S+   21:22   0:00 grep --color=auto wazuh

Windows 🟢

 tasklist /svc | Select-String "wazuh"

wazuh-agent.exe               1688 WazuhSvc

Dashboard

Dashboard 🟢

ps -aux | grep wazuh-dashboard
wazuh-d+ 19787  0.3  2.2 1034840 179864 ?      Ssl  11:59   2:24 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
root     20288  0.0  0.0 121272   956 pts/0    S+   22:50   0:00 grep --color=auto wazuh-dashboard

Indexer

Bootstrap 🟢

ps -aux | grep wazuh-indexer
wazuh-i+ 12341  1.3 56.8 7048432 4571992 ?     Ssl  11:36   9:23 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10137675549718947066 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     12775  0.0  0.0 121272   916 pts/0    S+   22:53   0:00 grep --color=auto wazuh-indexer

Master B 🟢

ps -aux | grep wazuh-indexer
wazuh-i+ 12272  1.4 56.9 7052744 4583504 ?     Ssl  11:35   9:39 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-17791869226909718292 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     12933  0.0  0.0 121272  1008 pts/0    S+   22:54   0:00 grep --color=auto wazuh-indexer

Master C 🟢

ps -aux | grep wazuh-indexer
wazuh-i+ 12357  1.6 57.0 7063940 4589304 ?     Ssl  11:35  11:21 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-8047596295582524169 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     13871  0.0  0.0 121272   976 pts/0    S+   22:55   0:00 grep --color=auto wazuh-indexer

Dashboard 🟢

ps -aux | grep wazuh-indexer
wazuh-i+ 14475  1.2 38.3 5478064 3082848 ?     Ssl  11:42   8:41 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10460859724403301268 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     20290  0.0  0.0 121272   996 pts/0    S+   22:51   0:00 grep --color=auto wazuh-indexer

Manager

Master Env1 🟢

ps -aux | grep wazuh
root      2304  0.0  0.0 121272   960 pts/1    S+   22:56   0:00 grep --color=auto wazuh
wazuh    28171  0.1  2.8 1018064 113428 ?      Sl   13:47   0:37 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    28172  0.0  1.8 297672 75080 ?        S    13:47   0:07 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    28175  0.1  1.9 382936 77616 ?        S    13:47   0:34 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    28178  0.0  1.3 511704 53988 ?        S    13:47   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    28204  0.0  0.1  41376  4536 ?        Sl   13:47   0:07 /var/ossec/bin/wazuh-integratord
root     28225  0.2  0.1 262812  6520 ?        Sl   13:47   1:31 /var/ossec/bin/wazuh-authd
wazuh    28242  0.1  0.4 945660 18900 ?        Sl   13:47   0:59 /var/ossec/bin/wazuh-db
root     28268  0.0  0.0  41440  1524 ?        Sl   13:47   0:03 /var/ossec/bin/wazuh-execd
wazuh    28283  4.2  3.2 1297024 129384 ?      Sl   13:47  23:18 /var/ossec/bin/wazuh-analysisd
root     28295  0.0  0.1 294728  6260 ?        SNl  13:47   0:29 /var/ossec/bin/wazuh-syscheckd
wazuh    28317  0.2  0.1 1102392 4688 ?        Sl   13:47   1:26 /var/ossec/bin/wazuh-remoted
root     28352  0.0  0.1 483836  4132 ?        Sl   13:47   0:11 /var/ossec/bin/wazuh-logcollector
wazuh    28372  0.0  0.0  41412  1532 ?        Sl   13:47   0:04 /var/ossec/bin/wazuh-monitord
wazuh    29038  0.1  1.3 435332 54688 ?        Sl   13:48   1:03 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    29044  0.0  1.2 276252 49300 ?        S    13:48   0:08 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    29045  0.0  1.2 276392 50348 ?        S    13:48   0:13 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

Master Env2 🟢

ps -aux | grep wazuh
wazuh    25152  0.0  2.8 1013448 112872 ?      Sl   13:48   0:25 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    25153  0.0  1.7 296024 67448 ?        S    13:48   0:03 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    25156  0.0  1.8 381588 74644 ?        S    13:48   0:11 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    25159  0.0  1.3 511708 53992 ?        S    13:48   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    25184  0.0  0.1  41372  4476 ?        Sl   13:48   0:03 /var/ossec/bin/wazuh-integratord
root     25206  0.2  0.0 197284  1712 ?        Sl   13:48   1:13 /var/ossec/bin/wazuh-authd
wazuh    25223  0.1  0.3 945656 14052 ?        Sl   13:48   0:54 /var/ossec/bin/wazuh-db
root     25248  0.0  0.0  41436  1524 ?        Sl   13:48   0:01 /var/ossec/bin/wazuh-execd
wazuh    25263  4.0  3.2 1297024 130360 ?      Sl   13:48  22:17 /var/ossec/bin/wazuh-analysisd
root     25277  0.0  0.1 294732  4140 ?        SNl  13:48   0:20 /var/ossec/bin/wazuh-syscheckd
wazuh    25298  0.2  0.1 1167940 6032 ?        Sl   13:48   1:06 /var/ossec/bin/wazuh-remoted
root     25333  0.0  0.1 483832  4280 ?        Sl   13:48   0:12 /var/ossec/bin/wazuh-logcollector
wazuh    25353  0.0  0.0  41408  3328 ?        Sl   13:48   0:02 /var/ossec/bin/wazuh-monitord
wazuh    26018  0.0  1.2 424028 48332 ?        Sl   13:48   0:16 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    26024  0.0  1.2 276380 50332 ?        S    13:48   0:08 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    26025  0.0  1.2 276248 50572 ?        S    13:48   0:07 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
root     30572  0.0  0.0 121272  1000 pts/1    S+   22:57   0:00 grep --color=auto wazuh

Worker 🟢

ps -aux | grep wazuh
wazuh    18004  0.0  2.3 860504 90984 ?        Sl   13:49   0:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18005  0.0  1.3 282184 53872 ?        S    13:49   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18008  0.0  1.3 364244 53932 ?        S    13:49   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18011  0.0  1.3 511708 53988 ?        S    13:49   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18036  0.0  0.1  41328  4556 ?        Sl   13:49   0:07 /var/ossec/bin/wazuh-integratord
wazuh    18056  0.2  0.5 945532 21424 ?        Sl   13:49   1:23 /var/ossec/bin/wazuh-db
root     18081  0.0  0.0  41372  1460 ?        Sl   13:49   0:03 /var/ossec/bin/wazuh-execd
wazuh    18096  0.3  2.5 1297076 101416 ?      Sl   13:49   2:01 /var/ossec/bin/wazuh-analysisd
root     18110  0.0  0.1 360292  4476 ?        SNl  13:49   0:28 /var/ossec/bin/wazuh-syscheckd
wazuh    18131  0.3  0.1 1103012 7580 ?        Sl   13:49   2:08 /var/ossec/bin/wazuh-remoted
root     18166  0.0  0.1 483768  4288 ?        Sl   13:49   0:21 /var/ossec/bin/wazuh-logcollector
wazuh    18186  0.0  0.0  41344  1472 ?        Sl   13:49   0:04 /var/ossec/bin/wazuh-monitord
wazuh    18833  0.1  1.4 576776 57696 ?        Sl   13:49   0:59 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    19160  0.0  1.3 276968 51624 ?        S    13:49   0:19 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    19800  0.0  1.2 429176 48444 ?        S    13:49   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
root     23340  0.0  0.0 121272   928 pts/1    S+   22:57   0:00 grep --color=auto wazuh

Conclusion 🟢

No abnormalities were found

QU3B1M · 2024-02-26T23:08:04Z

Check Indexer Cluster status

Check nodes 🟢

curl -k -u user:pass https://10.0.2.169:9200/_cat/nodes?v
ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.198           36          85   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client *     node-1
10.0.2.112           19          85   0    0.11    0.03     0.01 dimr      cluster_manager,data,ingest,remote_cluster_client -     node-2
10.0.0.158           35          87   1    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -     node-7
10.0.2.169           47          84   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -     node-3

Check cluster status 🟢

curl -k -u user:pass https://10.0.2.169:9200/_cat/health?v
epoch      timestamp cluster status node.total node.data discovered_cluster_manager shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1708988642 23:04:02  wazuh   green           4         4                       true     36  17    0    0        0             0         -                100.0%

Check cluster health 🟢

curl -k -u user:pass https://10.0.2.169:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 4,
"number_of_data_nodes" : 4,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 17,
"active_shards" : 36,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

Conclusion 🟢

No abnormalities found. The cluster is healthy and all nodes are up and running.

QU3B1M · 2024-02-27T12:21:47Z

On hold

Demo environment is down. This issue will remain on hold until the environment get fixed.

QU3B1M · 2024-02-27T14:34:22Z

Premature task finish

This issue cannot be continued because the Wazuh servers are down, so its execution is aborted. Related to: #22141

damarisg · 2024-02-27T16:58:03Z

It will close for problems with Demo environment. However, it will be test on 4.8.0 - Beta 3.

davidjiglesias added level/subtask type/test labels Feb 26, 2024

davidjiglesias mentioned this issue Feb 26, 2024

Release 4.8.0 - Beta 2 - E2E UX tests #22117

Closed

damarisg assigned QU3B1M Feb 26, 2024

damarisg closed this as completed Feb 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 4.8.0 - Beta 2 - E2E UX tests - Demo environment #22111

Release 4.8.0 - Beta 2 - E2E UX tests - Demo environment #22111

davidjiglesias commented Feb 26, 2024 •

edited by QU3B1M

Loading

QU3B1M commented Feb 26, 2024 •

edited

Loading

QU3B1M commented Feb 26, 2024 •

edited

Loading

QU3B1M commented Feb 26, 2024

QU3B1M commented Feb 26, 2024

QU3B1M commented Feb 27, 2024

QU3B1M commented Feb 27, 2024

damarisg commented Feb 27, 2024

Release 4.8.0 - Beta 2 - E2E UX tests - Demo environment #22111

Release 4.8.0 - Beta 2 - E2E UX tests - Demo environment #22111

Comments

davidjiglesias commented Feb 26, 2024 • edited by QU3B1M Loading

End-to-End (E2E) Testing Guideline

Issue delivery and completion

Deployment requirements

Test description

Known issues

Conclusions 🔴

Feedback

Reviewers validation

QU3B1M commented Feb 26, 2024 • edited Loading

Available machines

QU3B1M commented Feb 26, 2024 • edited Loading

Check components logs

Agent logs

Dashboard logs

Indexer logs

Server logs

Conclusion 🔴

New issues

Known issues

QU3B1M commented Feb 26, 2024

Check daemon status and user

Agent

Dashboard

Indexer

Manager

Conclusion 🟢

QU3B1M commented Feb 26, 2024

Check Indexer Cluster status

Conclusion 🟢

QU3B1M commented Feb 27, 2024

On hold

QU3B1M commented Feb 27, 2024

Premature task finish

damarisg commented Feb 27, 2024

davidjiglesias commented Feb 26, 2024 •

edited by QU3B1M

Loading

QU3B1M commented Feb 26, 2024 •

edited

Loading

QU3B1M commented Feb 26, 2024 •

edited

Loading