-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.8.0 - RC 2 - E2E UX tests - Demo environment #23415
Comments
Note
|
The available machines are: Agents
Dashboard
Indexers
Managers
|
Check Agent, Dashboard, Indexer, and Manager Logs 🟡Agent LogsAmazon 🟢System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Agent Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Agent Statussystemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 09:04:32 UTC; 22h ago
Process: 9624 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 9762 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/wazuh-agent.service
├─11195 /var/ossec/bin/wazuh-execd
├─11207 /var/ossec/bin/wazuh-agentd
├─11222 /var/ossec/bin/wazuh-syscheckd
├─11238 /var/ossec/bin/wazuh-logcollector
└─11256 /var/ossec/bin/wazuh-modulesd
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0...
May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd...
May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd...
May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd...
May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector...
May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd...
May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed.
May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root) Module Status/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running... Service Statusjournalctl -xe -u wazuh-agent.service
May 15 09:04:17 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done.
May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has begun shutting down.
May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-modulesd...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-logcollector...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-syscheckd...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-agentd...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-execd...
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Wazuh v4.8.0 Stopped
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished shutting down.
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has begun starting up.
May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0...
May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd...
May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd...
May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd...
May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector...
May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd...
May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed.
May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done.
May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root) Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0 Centos 🟢System informationcat /etc/*release
CentOS Linux release 8.4.2105
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
CentOS Linux release 8.4.2105
CentOS Linux release 8.4.2105 Agent Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Agent Statussystemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 09:06:32 UTC; 22h ago
Process: 7982 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 8375 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 32 (limit: 4668)
Memory: 356.8M
CGroup: /system.slice/wazuh-agent.service
├─9753 /var/ossec/bin/wazuh-execd
├─9765 /var/ossec/bin/wazuh-agentd
├─9780 /var/ossec/bin/wazuh-syscheckd
├─9795 /var/ossec/bin/wazuh-logcollector
└─9812 /var/ossec/bin/wazuh-modulesd
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0...
May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd...
May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd...
May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd...
May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector...
May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd...
May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed.
May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent. Module Status/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running... Service Statusjournalctl -xe -u wazuh-agent.service
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done.
May 15 09:06:20 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit wazuh-agent.service has begun shutting down.
May 15 09:06:21 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-modulesd...
May 15 09:06:24 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-logcollector...
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-syscheckd...
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-agentd...
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-execd...
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Wazuh v4.8.0 Stopped
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit wazuh-agent.service has successfully entered the 'dead' state.
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit wazuh-agent.service has finished shutting down.
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit wazuh-agent.service has begun starting up.
May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0...
May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd...
May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd...
May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd...
May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector...
May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd...
May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed.
May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0 Debian 🟢System informationcat /etc/*release
ID="ec2"
VERSION="20220503-998"
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/" Agent Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Agent Statussystemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 09:04:52 UTC; 22h ago
Tasks: 32 (limit: 1123)
Memory: 46.8M
CPU: 1min 54.756s
CGroup: /system.slice/wazuh-agent.service
├─9771 /var/ossec/bin/wazuh-execd
├─9782 /var/ossec/bin/wazuh-agentd
├─9796 /var/ossec/bin/wazuh-syscheckd
├─9811 /var/ossec/bin/wazuh-logcollector
└─9830 /var/ossec/bin/wazuh-modulesd
May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent...
May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0...
May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd...
May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd...
May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd...
May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector...
May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd...
May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed.
May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent. Module Status/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running... Service Statusjournalctl -xe -u wazuh-agent.service
May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-logcollector...
May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-syscheckd...
May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-agentd...
May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-execd...
May 15 09:04:45 ip-10-0-1-76 env[7226]: Wazuh v4.8.0 Stopped
May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
May 15 09:04:45 ip-10-0-1-76 systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 3515 and the job result is done.
May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Consumed 18.921s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 3515.
May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0...
May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd...
May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd...
May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd...
May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector...
May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd...
May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed.
May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 3515. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0 RHEL9 🟢System informationcat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Red Hat Enterprise Linux release 9.2 (Plow)
Red Hat Enterprise Linux release 9.2 (Plow) Agent Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Agent Statussystemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-05-15 09:54:54 UTC; 22h ago
Process: 62223 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 54 (limit: 22632)
Memory: 527.6M
CPU: 9min 28.962s
CGroup: /system.slice/wazuh-agent.service
├─62250 /var/ossec/bin/wazuh-execd
├─62262 /var/ossec/bin/wazuh-agentd
├─62277 /var/ossec/bin/wazuh-syscheckd
├─62291 /var/ossec/bin/wazuh-logcollector
├─62314 /var/ossec/bin/wazuh-modulesd
├─62326 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf
├─62327 python3 wodles/docker/DockerListener
└─62336 /usr/bin/osqueryd
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0...
May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd...
May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd...
May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd...
May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector...
May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0]
May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd...
May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed.
May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent. Module Status/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running... Service Statusjournalctl -xe -u wazuh-agent.service
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62155]: Wazuh v4.8.0 Stopped
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 59551 (osqueryd) remains running after unit stopped.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62184 (wazuh-modulesd) remains running after unit stopped.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62185 (wazuh-modulesd) remains running after unit stopped.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 27242 and the job result is done.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 37.853s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 27242.
May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0...
May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd...
May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd...
May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd...
May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector...
May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0]
May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd...
May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed.
May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 27242. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0 Ubuntu 🟢System informationcat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy Agent Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="agent" Agent Statussystemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 09:05:48 UTC; 22h ago
Tasks: 32 (limit: 1116)
Memory: 32.2M
CPU: 1min 40.086s
CGroup: /system.slice/wazuh-agent.service
├─9671 /var/ossec/bin/wazuh-execd
├─9682 /var/ossec/bin/wazuh-agentd
├─9696 /var/ossec/bin/wazuh-syscheckd
├─9711 /var/ossec/bin/wazuh-logcollector
└─9730 /var/ossec/bin/wazuh-modulesd
May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent...
May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running...
May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed.
May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent. Module Status/var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running... Service Statusjournalctl -xe -u wazuh-agent.service
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Unit process 8643 (wazuh-modulesd) remains running after unit stopped.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 6222 and the job result is done.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Consumed 15.219s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8571 (wazuh-execd) in control group while starting unit. Ignoring.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8586 (wazuh-agentd) in control group while starting unit. Ignoring.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8604 (wazuh-syscheckd) in control group while starting unit. Ignoring.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8623 (wazuh-logcollec) in control group while starting unit. Ignoring.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8643 (wazuh-modulesd) in control group while starting unit. Ignoring.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 6222.
May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running...
May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running...
May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed.
May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 6222. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0 Windows 🟡System informationsysteminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
OS Name: Microsoft Windows Server 2019 Datacenter
OS Version: 10.0.17763 N/A Build 17763 Agent Versioncd 'C:\Program Files (x86)\ossec-agent\'
(Get-Command .\wazuh-agent.exe).FileVersionInfo
ProductVersion FileVersion FileName
-------------- ----------- --------
v4.8.0 v4.8.0 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe Agent StatusNET START wazuh
The requested service has already been started. Error LogsGet-Content "C:\Program Files (x86)\ossec-agent\ossec.log" | Select-String -Pattern "ERR|WARN|CRIT|FAT"
2024/05/16 00:00:17 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240516.log' due to [(2)-(No such file or directory)].
Dashboard LogsWazuhDashboard 🟢System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Dashboard Versioncat /usr/share/wazuh-dashboard/plugins/wazuh/package.json
{
"name": "wazuh",
"version": "4.8.0",
"revision": "10",
"pluginPlatform": {
"version": "2.10.0"
},
"description": "Wazuh dashboard",
"keywords": [
"opensearch_dashboards",
"wazuh",
"ossec"
],
"node_build": "10.23.1",
"author": "Wazuh, Inc",
"license": "GPL-2.0",
"repository": {
"type": "git",
"url": "https://github.com/wazuh/wazuh-dashboard-plugins.git"
},
"bugs": {
"url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues"
},
"homepage": "https://www.wazuh.com/",
"scripts": {
"lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}",
"lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}",
"lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}",
"lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}",
"lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'",
"format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc",
"kbn": "node ../../scripts/kbn",
"es": "node ../../scripts/es",
"start": "plugin-helpers start",
"build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION",
"build:runner": "node scripts/runner build",
"plugin-helpers": "node ../../scripts/plugin_helpers",
"test:ui:runner": "node ../../scripts/functional_test_runner.js",
"test:server": "plugin-helpers test:server",
"test:browser": "plugin-helpers test:browser",
"test:jest": "node scripts/jest --runInBand",
"test:jest:runner": "node scripts/runner test",
"generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration",
"prebuild": "node scripts/generate-build-version"
},
"dependencies": {
"angular-animate": "1.8.3",
"angular-material": "1.2.5",
"axios": "^1.6.1",
"install": "^0.13.0",
"js2xmlparser": "^5.0.0",
"json2csv": "^4.1.2",
"jwt-decode": "^3.1.2",
"loglevel": "^1.7.1",
"markdown-it-link-attributes": "^4.0.1",
"md5": "^2.3.0",
"needle": "^3.2.0",
"node-cron": "^1.1.2",
"pdfmake": "0.2.7",
"querystring-browser": "1.0.4",
"react-codemirror": "^1.0.0",
"react-cookie": "^4.0.3",
"read-last-lines": "^1.7.2",
"timsort": "^0.3.0",
"typescript": "^5.0.4",
"winston": "3.9.0"
},
"devDependencies": {
"@types/node-cron": "^2.0.3",
"@typescript-eslint/eslint-plugin": "^6.2.1",
"@typescript-eslint/parser": "^6.2.1",
"eslint": "^8.46.0",
"eslint-config-prettier": "^8.5.0",
"eslint-import-resolver-typescript": "3.5.5",
"eslint-plugin-async-await": "^0.0.0",
"eslint-plugin-cypress": "^2.12.1",
"eslint-plugin-filenames-simple": "^0.8.0",
"eslint-plugin-import": "^2.28.0",
"eslint-plugin-prettier": "^4.2.1",
"eslint-plugin-react": "^7.31.8",
"eslint-plugin-react-hooks": "^4.6.0",
"prettier": "^2.7.1",
"redux-mock-store": "^1.5.4",
"swagger-client": "^3.19.11"
},
"opensearchDashboards": {
"version": "2.10.0"
}
} Dashboard Statussystemctl status wazuh-dashboard -l
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 09:11:05 UTC; 22h ago
Main PID: 19828 (node)
CGroup: /system.slice/wazuh-dashboard.service
└─19828 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 401 1ms - 9.0B"}
May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"}
May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"}
May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"}
May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Dashboard Service Statusjournalctl -xe -u wazuh-dashboard.service --no-pager
May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"}
May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"}
May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"}
May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"}
May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"} Error Logsegrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l
0 Indexer LogsIndexerBootstrap 🟡System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Agent Statussystemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 08:47:07 UTC; 23h ago
Docs: https://documentation.wazuh.com
Main PID: 12359 (java)
CGroup: /system.slice/wazuh-indexer.service
└─12359 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833) Service Statusjournalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:10:01 UTC. --
May 15 08:45:23 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:45:49 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:47:07 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833)
Error Logsegrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0 IndexerMasterB 🟡System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Agent Statussystemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 08:47:33 UTC; 23h ago
Docs: https://documentation.wazuh.com
Main PID: 12303 (java)
CGroup: /system.slice/wazuh-indexer.service
└─12303 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833) Service Statusjournalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:13:22 UTC. --
May 15 08:45:26 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:45:49 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:47:33 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833)
Error Logsegrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0 IndexerMasterC 🟡System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Agent Statussystemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 08:48:04 UTC; 23h ago
Docs: https://documentation.wazuh.com
Main PID: 12810 (java)
CGroup: /system.slice/wazuh-indexer.service
└─12810 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833) Service Statusjournalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:16:01 UTC. --
May 15 08:45:35 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:45:58 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:48:04 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833)
Error Logsegrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0 WazuhDashboard 🟡System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Agent Statussystemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-15 08:54:17 UTC; 23h ago
Docs: https://documentation.wazuh.com
Main PID: 14580 (java)
CGroup: /system.slice/wazuh-indexer.service
└─14580 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833) Service Statusjournalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:28 UTC, end at Thu 2024-05-16 08:20:19 UTC. --
May 15 08:50:38 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:51:01 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called
May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release
May 15 08:54:17 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833)
Error Logsegrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0 Manager LogsWazuhMasterEnv1 🟢System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Manager Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="server" Agent Statussystemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2024-05-15 08:58:46 UTC; 23h ago
Process: 15268 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 15437 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted...
May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector...
May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord...
May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd...
May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd...
May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root)
May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed.
May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. Module Status/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running... Service Statusjournalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:22:12 UTC. --
May 15 08:56:27 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:56:29 wazuh-manager-master-0 env[11357]: Starting Wazuh v4.8.0...
May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-apid...
May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-csyslogd...
May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-dbd...
May 15 08:56:31 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:31 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-integratord...
May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-agentlessd...
May 15 08:56:32 wazuh-manager-master-0 env[11357]: Started wazuh-authd...
May 15 08:56:33 wazuh-manager-master-0 env[11357]: Started wazuh-db...
May 15 08:56:34 wazuh-manager-master-0 env[11357]: Started wazuh-execd...
May 15 08:56:36 wazuh-manager-master-0 env[11357]: Started wazuh-analysisd...
May 15 08:56:37 wazuh-manager-master-0 env[11357]: Started wazuh-syscheckd...
May 15 08:56:38 wazuh-manager-master-0 env[11357]: Started wazuh-remoted...
May 15 08:56:39 wazuh-manager-master-0 env[11357]: Started wazuh-logcollector...
May 15 08:56:40 wazuh-manager-master-0 env[11357]: Started wazuh-monitord...
May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:56:41 wazuh-manager-master-0 env[11357]: Started wazuh-modulesd...
May 15 08:56:43 wazuh-manager-master-0 env[11357]: Started wazuh-clusterd...
May 15 08:56:43 wazuh-manager-master-0 crontab[11939]: (root) LIST (root)
May 15 08:56:45 wazuh-manager-master-0 env[11357]: Completed.
May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
May 15 08:58:24 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-clusterd...
May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-modulesd...
May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-monitord...
May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-logcollector...
May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-remoted...
May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-syscheckd...
May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-analysisd...
May 15 08:58:26 wazuh-manager-master-0 env[15268]: wazuh-maild not running...
May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-execd...
May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-db...
May 15 08:58:27 wazuh-manager-master-0 env[15268]: Killing wazuh-authd...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-agentlessd not running...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-integratord not running...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-dbd not running...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-csyslogd not running...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: Killing wazuh-apid...
May 15 08:58:28 wazuh-manager-master-0 env[15268]: Wazuh v4.8.0 Stopped
May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:58:31 wazuh-manager-master-0 env[15437]: Starting Wazuh v4.8.0...
May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-apid...
May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-csyslogd...
May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-dbd...
May 15 08:58:34 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-integratord...
May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-agentlessd...
May 15 08:58:35 wazuh-manager-master-0 env[15437]: Started wazuh-authd...
May 15 08:58:36 wazuh-manager-master-0 env[15437]: Started wazuh-db...
May 15 08:58:37 wazuh-manager-master-0 env[15437]: Started wazuh-execd...
May 15 08:58:38 wazuh-manager-master-0 env[15437]: Started wazuh-analysisd...
May 15 08:58:39 wazuh-manager-master-0 env[15437]: Started wazuh-syscheckd...
May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted...
May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector...
May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord...
May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd...
May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd...
May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root)
May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed.
May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0
egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l
0 Filebeat Outputfilebeat test output
elasticsearch: https://10.0.2.249:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.249
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.123:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.123
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.62:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.62
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2 WazuhMasterEnv2 🟢System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Manager Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="server" Agent Statussystemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2024-05-15 08:59:14 UTC; 23h ago
Process: 15239 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 15387 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted...
May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector...
May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord...
May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd...
May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd...
May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root)
May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed.
May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager. Module Status/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running... Service Statusjournalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:24:14 UTC. --
May 15 08:56:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:56:30 wazuh-manager-master-0 env[11367]: Starting Wazuh v4.8.0...
May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-apid...
May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-csyslogd...
May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-dbd...
May 15 08:56:32 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-integratord...
May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-agentlessd...
May 15 08:56:34 wazuh-manager-master-0 env[11367]: Started wazuh-authd...
May 15 08:56:35 wazuh-manager-master-0 env[11367]: Started wazuh-db...
May 15 08:56:36 wazuh-manager-master-0 env[11367]: Started wazuh-execd...
May 15 08:56:37 wazuh-manager-master-0 env[11367]: Started wazuh-analysisd...
May 15 08:56:38 wazuh-manager-master-0 env[11367]: Started wazuh-syscheckd...
May 15 08:56:39 wazuh-manager-master-0 env[11367]: Started wazuh-remoted...
May 15 08:56:40 wazuh-manager-master-0 env[11367]: Started wazuh-logcollector...
May 15 08:56:41 wazuh-manager-master-0 env[11367]: Started wazuh-monitord...
May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:56:42 wazuh-manager-master-0 env[11367]: Started wazuh-modulesd...
May 15 08:56:43 wazuh-manager-master-0 env[11367]: Started wazuh-clusterd...
May 15 08:56:44 wazuh-manager-master-0 crontab[11945]: (root) LIST (root)
May 15 08:56:45 wazuh-manager-master-0 env[11367]: Completed.
May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
May 15 08:58:52 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-clusterd...
May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-modulesd...
May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-monitord...
May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-logcollector...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-remoted...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-syscheckd...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-analysisd...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: wazuh-maild not running...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-execd...
May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-db...
May 15 08:58:54 wazuh-manager-master-0 env[15239]: Killing wazuh-authd...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-agentlessd not running...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-integratord not running...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-dbd not running...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-csyslogd not running...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: Killing wazuh-apid...
May 15 08:58:55 wazuh-manager-master-0 env[15239]: Wazuh v4.8.0 Stopped
May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:58:58 wazuh-manager-master-0 env[15387]: Starting Wazuh v4.8.0...
May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-apid...
May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-csyslogd...
May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-dbd...
May 15 08:59:01 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-integratord...
May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-agentlessd...
May 15 08:59:02 wazuh-manager-master-0 env[15387]: Started wazuh-authd...
May 15 08:59:03 wazuh-manager-master-0 env[15387]: Started wazuh-db...
May 15 08:59:04 wazuh-manager-master-0 env[15387]: Started wazuh-execd...
May 15 08:59:05 wazuh-manager-master-0 env[15387]: Started wazuh-analysisd...
May 15 08:59:06 wazuh-manager-master-0 env[15387]: Started wazuh-syscheckd...
May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted...
May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector...
May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord...
May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module.
May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd...
May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd...
May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root)
May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed.
May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0
egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l
0 Filebeat Outputfilebeat test output
elasticsearch: https://10.0.2.249:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.249
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.123:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.123
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.62:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.62
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2 WazuhWorker 🟢System informationcat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo) Manager Version/var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.0"
WAZUH_REVISION="40810"
WAZUH_TYPE="server" Agent Statussystemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2024-05-15 09:03:28 UTC; 23h ago
Process: 14921 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 15063 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted...
May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector...
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord...
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module.
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd...
May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd...
May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root)
May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed.
May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager. Module Status/var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd not running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running... Service Statusjournalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:27:47 UTC. --
May 15 09:01:14 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:router: INFO: Loaded router module.
May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 09:01:17 wazuh-manager-worker-0 env[11130]: Starting Wazuh v4.8.0...
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-apid...
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-csyslogd...
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-dbd...
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:19 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-integratord...
May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-agentlessd...
May 15 09:01:20 wazuh-manager-worker-0 env[11130]: Started wazuh-db...
May 15 09:01:21 wazuh-manager-worker-0 env[11130]: Started wazuh-execd...
May 15 09:01:22 wazuh-manager-worker-0 env[11130]: Started wazuh-analysisd...
May 15 09:01:23 wazuh-manager-worker-0 env[11130]: Started wazuh-syscheckd...
May 15 09:01:25 wazuh-manager-worker-0 env[11130]: Started wazuh-remoted...
May 15 09:01:26 wazuh-manager-worker-0 env[11130]: Started wazuh-logcollector...
May 15 09:01:27 wazuh-manager-worker-0 env[11130]: Started wazuh-monitord...
May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:router: INFO: Loaded router module.
May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 09:01:28 wazuh-manager-worker-0 env[11130]: Started wazuh-modulesd...
May 15 09:01:29 wazuh-manager-worker-0 env[11130]: Started wazuh-clusterd...
May 15 09:01:31 wazuh-manager-worker-0 crontab[11686]: (root) LIST (root)
May 15 09:01:31 wazuh-manager-worker-0 env[11130]: Completed.
May 15 09:01:31 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
May 15 09:03:08 wazuh-manager-worker-0 systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-clusterd...
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-modulesd...
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-monitord...
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-logcollector...
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-remoted...
May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-syscheckd...
May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-analysisd...
May 15 09:03:09 wazuh-manager-worker-0 env[14921]: wazuh-maild not running...
May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-execd...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-db...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-authd not running...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-agentlessd not running...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-integratord not running...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-dbd not running...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-csyslogd not running...
May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-apid...
May 15 09:03:11 wazuh-manager-worker-0 env[14921]: Wazuh v4.8.0 Stopped
May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:router: INFO: Loaded router module.
May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 09:03:13 wazuh-manager-worker-0 env[15063]: Starting Wazuh v4.8.0...
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-apid...
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-csyslogd...
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-dbd...
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-integratord...
May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-agentlessd...
May 15 09:03:18 wazuh-manager-worker-0 env[15063]: Started wazuh-db...
May 15 09:03:19 wazuh-manager-worker-0 env[15063]: Started wazuh-execd...
May 15 09:03:20 wazuh-manager-worker-0 env[15063]: Started wazuh-analysisd...
May 15 09:03:21 wazuh-manager-worker-0 env[15063]: Started wazuh-syscheckd...
May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted...
May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector...
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord...
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module.
May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd...
May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd...
May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root)
May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed.
May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done. Error Logsegrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log | wc -l
0
egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log | wc -l
0 Filebeat Outputfilebeat test output
elasticsearch: https://10.0.2.249:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.249
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.123:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.123
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://10.0.2.62:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.0.2.62
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2 |
Check Wazuh Users and Processes 🟢AgentAmazon 🟢ps -aux | grep wazuh
root 11195 0.0 0.4 40768 3848 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd
wazuh 11207 0.0 0.8 328220 8488 ? Sl May15 0:16 /var/ossec/bin/wazuh-agentd
root 11222 0.0 1.4 298576 13972 ? SNl May15 0:30 /var/ossec/bin/wazuh-syscheckd
root 11238 0.0 0.5 483212 5580 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector
root 11256 0.0 1.8 751764 17992 ? Sl May15 0:07 /var/ossec/bin/wazuh-modulesd
root 18065 0.0 0.0 121272 916 pts/0 S+ 08:45 0:00 grep --color=auto wazuh Centos 🟢ps -aux | grep wazuh
root 9753 0.0 0.3 45828 2456 ? Sl May15 0:02 /var/ossec/bin/wazuh-execd
wazuh 9765 0.0 0.7 276772 6020 ? Sl May15 0:16 /var/ossec/bin/wazuh-agentd
root 9780 0.0 1.2 375552 10004 ? SNl May15 0:36 /var/ossec/bin/wazuh-syscheckd
root 9795 0.0 0.5 488372 4724 ? Sl May15 0:10 /var/ossec/bin/wazuh-logcollector
root 9812 0.0 3.1 761852 25028 ? Sl May15 0:07 /var/ossec/bin/wazuh-modulesd
root 17236 0.0 0.1 221928 1124 pts/0 S+ 08:46 0:00 grep --color=auto wazuh Debian 🟢ps -aux | grep wazuh
root 9771 0.0 0.2 26596 2544 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd
wazuh 9782 0.0 0.6 248488 6280 ? Sl May15 0:20 /var/ossec/bin/wazuh-agentd
root 9796 0.0 0.8 214192 8760 ? SNl May15 0:29 /var/ossec/bin/wazuh-syscheckd
root 9811 0.0 1.3 469144 13316 ? Sl May15 0:12 /var/ossec/bin/wazuh-logcollector
root 9830 0.0 1.5 731556 15532 ? Sl May15 0:06 /var/ossec/bin/wazuh-modulesd
root 33476 0.0 0.0 5264 712 pts/0 S+ 08:46 0:00 grep wazuh RHEL9 🟢ps -aux | grep wazuh
root 62250 0.0 0.1 26384 6612 ? Sl May15 0:02 /var/ossec/bin/wazuh-execd
wazuh 62262 0.0 0.3 248152 12192 ? Sl May15 0:29 /var/ossec/bin/wazuh-agentd
root 62277 0.0 0.4 427452 16636 ? SNl May15 1:15 /var/ossec/bin/wazuh-syscheckd
root 62291 0.0 0.2 468896 7688 ? Sl May15 0:14 /var/ossec/bin/wazuh-logcollector
root 62314 0.0 1.1 1026016 44284 ? Sl May15 0:22 /var/ossec/bin/wazuh-modulesd
root 158408 0.0 0.0 6408 2204 pts/0 S+ 08:47 0:00 grep --color=auto wazuh Ubuntu 🟢ps -aux | grep wazuh
root 9671 0.0 0.2 26436 2580 ? Sl May15 0:04 /var/ossec/bin/wazuh-execd
wazuh 9682 0.0 0.4 313880 4436 ? Sl May15 0:21 /var/ossec/bin/wazuh-agentd
root 9696 0.0 0.4 279908 4096 ? SNl May15 0:34 /var/ossec/bin/wazuh-syscheckd
root 9711 0.0 0.2 468908 2692 ? Sl May15 0:13 /var/ossec/bin/wazuh-logcollector
root 9730 0.0 1.3 731348 13292 ? Sl May15 0:09 /var/ossec/bin/wazuh-modulesd
root 55978 0.0 0.2 7008 2260 pts/1 S+ 08:47 0:00 grep --color=auto wazuh Windows 🟢tasklist /svc | Select-String "wazuh"
wazuh-agent.exe 3060 WazuhSvc DashboardWazuhDashboard 🟢ps -aux | grep wazuh-dashboard
wazuh-d+ 19828 0.3 2.2 1039072 182636 ? Ssl May15 5:02 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
root 23750 0.0 0.0 121272 964 pts/0 S+ 08:49 0:00 grep --color=auto wazuh-dashboard IndexerIndexerBootstrap 🟢ps -aux | grep wazuh
wazuh-i+ 12359 1.3 57.1 7113252 4596332 ? Ssl May15 20:03 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root 17617 0.0 0.0 121272 932 pts/0 S+ 08:50 0:00 grep --color=auto wazuh IndexerMasterB 🟢ps -aux | grep wazuh
wazuh-i+ 12303 1.6 57.2 7114364 4602672 ? Ssl May15 23:07 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root 16668 0.0 0.0 121272 928 pts/0 S+ 08:51 0:00 grep --color=auto wazuh IndexerMasterC 🟢ps -aux | grep wazuh
wazuh-i+ 12810 1.3 56.9 7100820 4580160 ? Ssl May15 19:54 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root 17073 0.0 0.0 121272 1008 pts/0 S+ 08:52 0:00 grep --color=auto wazuh WazuhDashboard 🟢ps -aux | grep wazuh-indexer
wazuh-i+ 14580 1.0 38.5 5593400 3101244 ? Ssl May15 15:48 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root 23792 0.0 0.0 121272 960 pts/1 S+ 08:52 0:00 grep --color=auto wazuh-indexer ManagerWazuhMasterEnv1 🟢ps -aux | grep wazuh
root 9302 0.0 0.0 121272 964 pts/0 S+ 08:53 0:00 grep --color=auto wazuh
wazuh 25420 0.1 3.0 1012880 119480 ? Sl May15 1:37 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 25421 0.0 1.9 297124 78224 ? S May15 0:12 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 25424 0.1 2.0 382980 82288 ? S May15 2:36 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 25427 0.0 1.4 511872 58644 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 25453 0.0 0.1 41372 4844 ? Sl May15 0:12 /var/ossec/bin/wazuh-integratord
root 25474 0.2 0.2 262816 8556 ? Sl May15 3:34 /var/ossec/bin/wazuh-authd
wazuh 25491 0.1 0.7 945660 31528 ? Sl May15 2:21 /var/ossec/bin/wazuh-db
root 25517 0.0 0.1 41440 4180 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd
wazuh 25531 1.7 3.9 1308580 157904 ? Sl May15 24:47 /var/ossec/bin/wazuh-analysisd
root 25545 0.0 0.3 295032 14188 ? SNl May15 0:35 /var/ossec/bin/wazuh-syscheckd
wazuh 25566 0.3 0.4 1242060 17188 ? Sl May15 4:16 /var/ossec/bin/wazuh-remoted
root 25601 0.0 0.1 483832 5728 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector
wazuh 25622 0.0 0.1 41412 7356 ? Sl May15 0:55 /var/ossec/bin/wazuh-monitord
root 25672 0.1 3.0 697976 120048 ? Sl May15 1:43 /var/ossec/bin/wazuh-modulesd
wazuh 26106 0.1 1.7 435568 68852 ? Sl May15 2:24 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 26110 0.0 1.3 278008 54916 ? S May15 0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 26111 0.0 1.3 276428 52600 ? S May15 0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py WazuhMasterEnv2 🟢ps -aux | grep wazuh
root 5977 0.0 0.0 121272 976 pts/0 S+ 08:53 0:00 grep --color=auto wazuh
wazuh 24867 0.0 3.0 1013364 119128 ? Sl May15 1:02 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 24868 0.0 1.9 296632 77956 ? S May15 0:07 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 24871 0.1 2.0 383140 82204 ? S May15 1:52 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 24874 0.0 1.4 512892 58572 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 24899 0.0 0.1 41376 4204 ? Sl May15 0:11 /var/ossec/bin/wazuh-integratord
root 24921 0.2 0.2 197280 8036 ? Sl May15 3:08 /var/ossec/bin/wazuh-authd
wazuh 24938 0.1 0.6 945664 24932 ? Sl May15 2:01 /var/ossec/bin/wazuh-db
root 24964 0.0 0.1 106976 4152 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd
wazuh 24979 1.4 3.4 1297024 134784 ? Sl May15 20:45 /var/ossec/bin/wazuh-analysisd
root 24992 0.0 0.3 295020 14192 ? SNl May15 0:35 /var/ossec/bin/wazuh-syscheckd
wazuh 25013 0.1 0.3 1241824 15332 ? Sl May15 2:29 /var/ossec/bin/wazuh-remoted
root 25048 0.0 0.1 483840 5768 ? Sl May15 0:12 /var/ossec/bin/wazuh-logcollector
wazuh 25068 0.0 0.1 41412 7604 ? Sl May15 0:52 /var/ossec/bin/wazuh-monitord
root 25119 0.0 2.0 626296 80636 ? Sl May15 0:38 /var/ossec/bin/wazuh-modulesd
wazuh 25553 0.0 1.4 424332 58940 ? Sl May15 0:33 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 25557 0.0 1.3 276420 52960 ? S May15 0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 25558 0.0 1.3 276420 52672 ? S May15 0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py WazuhWorker 🟢ps -aux | grep wazuh
wazuh 15209 0.0 2.5 860676 101012 ? Sl May15 0:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 15210 0.0 1.4 282480 58332 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 15213 0.0 1.4 364408 58840 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 15216 0.0 1.4 511872 58644 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh 15242 0.0 0.1 41332 4180 ? Sl May15 0:04 /var/ossec/bin/wazuh-integratord
wazuh 15261 0.1 0.4 945596 18960 ? Sl May15 1:52 /var/ossec/bin/wazuh-db
root 15287 0.0 0.1 41368 4088 ? Sl May15 0:03 /var/ossec/bin/wazuh-execd
wazuh 15302 0.0 0.8 1296972 32116 ? Sl May15 0:12 /var/ossec/bin/wazuh-analysisd
root 15314 0.0 0.3 229336 13740 ? SNl May15 0:33 /var/ossec/bin/wazuh-syscheckd
wazuh 15336 0.1 0.2 774680 11080 ? Sl May15 2:29 /var/ossec/bin/wazuh-remoted
root 15371 0.0 0.1 483772 5572 ? Sl May15 0:11 /var/ossec/bin/wazuh-logcollector
wazuh 15391 0.0 0.1 41344 7764 ? Sl May15 0:04 /var/ossec/bin/wazuh-monitord
root 15439 0.0 1.7 584296 67840 ? Sl May15 0:25 /var/ossec/bin/wazuh-modulesd
wazuh 15906 0.1 1.6 577928 64736 ? Sl May15 2:32 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 15970 0.0 1.3 277112 54620 ? S May15 0:54 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh 16948 0.0 1.3 429308 53364 ? S May15 0:00 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
root 26423 0.0 0.0 121272 964 pts/0 S+ 08:54 0:00 grep --color=auto wazuh |
Check the Status of the Indexer Cluster 🟢curl -k -u ADMIN_USER:PASS https://indexer_IP:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
xx.x.x.xx 36 88 0 0.00 0.00 0.00 dimr cluster_manager,data,ingest,remote_cluster_client - node-3
xx.x.x.xxx 52 91 0 0.04 0.05 0.01 dimr cluster_manager,data,ingest,remote_cluster_client - node-7
xx.x.x.xxx 5 89 0 0.04 0.01 0.00 dimr cluster_manager,data,ingest,remote_cluster_client - node-1
xx.x.x.xxx 45 89 0 0.00 0.00 0.00 dimr cluster_manager,data,ingest,remote_cluster_client * node-2 |
Check Browser's Developer Console for Errors While Browsing the App 🟡Login/Logout Screen 🟡login:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.
wz-home:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.
bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! core.entry.js:15 Detected an unhandled Promise rejection.
TypeError: Cannot read properties of undefined (reading 'split')
securityDashboards.plugin.js:15 Error: Unauthorized
at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
at async interceptResponse (core.entry.js:15:172919)
at async core.entry.js:15:175399
core.entry.js:15 Detected an unhandled Promise rejection.
Error: Unauthorized
core.entry.js:15 Uncaught (in promise) Error: Unauthorized
at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
at async interceptResponse (core.entry.js:15:172919)
at async core.entry.js:15:175399
reportsDashboards.plugin.js:24 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split')
at checkURLParams (reportsDashboards.plugin.js:24:109539)
at HTMLDocument.<anonymous> (reportsDashboards.plugin.js:24:109421)
at u (osd-ui-shared-deps.js:411:26168)
at l (osd-ui-shared-deps.js:411:26470) /api/ism/apiCaller:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
/api/v1/restapiinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
/api/v1/configuration/account:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
/api/v1/auth/dashboardsinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
GET https://demo.wazuh.info/api/v1/restapiinfo 401 (Unauthorized)
GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)
GET https://demo.wazuh.info/api/v1/auth/dashboardsinfo 401 (Unauthorized)
GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)
POST https://demo.wazuh.info/api/ism/apiCaller 401 (Unauthorized)
POST https://demo.wazuh.info/api/request 401 (Unauthorized) Overview 🟡wz-home#/overview/?_…&tabView=panels:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.
bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected! Endpoints Summary 🟢
Configuration Assessment 🟢
Malware Detection 🟢
File Integrity Monitoring 🟢
Threat Hunting 🟢
Vulnerability Detection 🟢
MITRE ATT&CK 🟢
VirusTotal 🟢
PCI DSS 🟡
GDPR 🟡
HIPAA 🟡
NIST 800-53 🟡
TSC 🟡
Docker 🟢
Amazon Web Services 🟡
Google Cloud 🟢
Github 🟢
Office 365 🟡
osd-ui-shared-deps.js:364 Uncaught TypeError: Cannot read properties of null (reading 'top_left')
at scaleBounds (tileMap.plugin.js:7:13685)
at CoordinateMapsVisualization.updateGeohashAgg (tileMap.plugin.js:7:15150)
at CoordinateMapsVisualization._updateData (tileMap.plugin.js:7:17884)
at CoordinateMapsVisualization.render (mapsLegacy.plugin.js:1:60834)
at async CoordinateMapsVisualization.render (tileMap.plugin.js:7:15901)
Side Navbar 🟡
Alerting 🟡
|
Check that there are Alerts for each of the Modules Configured 🟡Modules in ENV-1Check Alerts from the Activated Modules 🟡
Modules in ENV-2Check Alerts from the Activated Modules 🟡
|
Generate an Alert and Check it appears in Wazuh Dashboard 🟢Attempt an Invalid SSH Login into Any Agent 🟢$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
[email protected]: Permission denied (publickey,password). |
LGTM |
End-to-End (E2E) Testing Guideline
Release testing
objective andVery high
priority. Communicate these to the team and QA via the c-release Slack channel.For the conclusions and the issue testing and updates, use the following legend:
Status legend
Issue delivery and completion
review_assignee
field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by May 16, 2024 date (issue must be inPending final review
status) and notify the QA team via Slack using the c-release channel.Deployment requirements
Test description
Test demo.wazuh.info environment:
To access the demo environment, please contact @devel-devops.
Known issues
More
menu wazuh-dashboard-plugins#4074IndexerConnector
warnings generated #21829Conclusions
Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:
Virus Total
SettingFeedback
We value your feedback. Please provide insights on your testing experience.
Reviewers validation
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.
The text was updated successfully, but these errors were encountered: