Release 4.8.0 - Beta 2 - Installation assistant #22122
Assignees
Labels
Comments
EnvironmentAmazon Linux 2[root@ip-172-31-47-43 ec2-user]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"
[root@ip-172-31-47-43 ec2-user]#
Ubuntu 22root@ip-172-31-40-14:/home/ubuntu# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root@ip-172-31-40-14:/home/ubuntu#
RHEL 9[root@ip-172-31-45-210 ec2-user]# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
[root@ip-172-31-45-210 ec2-user]#
|
Install logs 🟢Amazon Linux 2 🟢Log on the console:[root@ip-172-31-47-43 ec2-user]# bash wazuh-install.sh -a
26/02/2024 15:00:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 15:00:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/02/2024 15:00:13 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/02/2024 15:00:13 INFO: Wazuh web interface port will be 443.
26/02/2024 15:00:15 INFO: Wazuh development repository added.
26/02/2024 15:00:15 INFO: --- Configuration files ---
26/02/2024 15:00:15 INFO: Generating configuration files.
26/02/2024 15:00:16 INFO: Generating the root certificate.
26/02/2024 15:00:16 INFO: Generating Admin certificates.
26/02/2024 15:00:16 INFO: Generating Wazuh indexer certificates.
26/02/2024 15:00:16 INFO: Generating Filebeat certificates.
26/02/2024 15:00:16 INFO: Generating Wazuh dashboard certificates.
26/02/2024 15:00:17 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 15:00:17 INFO: --- Wazuh indexer ---
26/02/2024 15:00:17 INFO: Starting Wazuh indexer installation.
26/02/2024 15:02:07 INFO: Wazuh indexer installation finished.
26/02/2024 15:02:07 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 15:02:07 INFO: Starting service wazuh-indexer.
26/02/2024 15:02:31 INFO: wazuh-indexer service started.
26/02/2024 15:02:31 INFO: Initializing Wazuh indexer cluster security settings.
26/02/2024 15:02:43 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 15:02:43 INFO: Wazuh indexer cluster initialized.
26/02/2024 15:02:43 INFO: --- Wazuh server ---
26/02/2024 15:02:43 INFO: Starting the Wazuh manager installation.
26/02/2024 15:03:43 INFO: Wazuh manager installation finished.
26/02/2024 15:03:43 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 15:03:43 INFO: Starting service wazuh-manager.
26/02/2024 15:04:03 INFO: wazuh-manager service started.
26/02/2024 15:04:03 INFO: Starting Filebeat installation.
26/02/2024 15:04:59 INFO: Filebeat installation finished.
26/02/2024 15:05:01 INFO: Filebeat post-install configuration finished.
26/02/2024 15:05:01 INFO: Starting service filebeat.
26/02/2024 15:05:02 INFO: filebeat service started.
26/02/2024 15:05:02 INFO: --- Wazuh dashboard ---
26/02/2024 15:05:02 INFO: Starting Wazuh dashboard installation.
26/02/2024 15:07:06 INFO: Wazuh dashboard installation finished.
26/02/2024 15:07:06 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 15:07:06 INFO: Starting service wazuh-dashboard.
26/02/2024 15:07:06 INFO: wazuh-dashboard service started.
26/02/2024 15:07:11 INFO: Updating the internal users.
26/02/2024 15:07:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
26/02/2024 15:08:53 INFO: Initializing Wazuh dashboard web application.
26/02/2024 15:08:53 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 15:09:09 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 15:09:24 INFO: Wazuh dashboard web application initialized.
26/02/2024 15:09:24 INFO: --- Summary ---
26/02/2024 15:09:24 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 59uIGna7W005i1.TP3ZdxlmtrrpIQgxs
26/02/2024 15:09:24 INFO: Installation finished.
Log in wazuh-install.log[root@ip-172-31-47-43 ec2-user]# cat /var/log/wazuh-install.log
26/02/2024 15:00:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 15:00:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/02/2024 15:00:13 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/02/2024 15:00:13 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
26/02/2024 15:00:15 INFO: Wazuh development repository added.
26/02/2024 15:00:15 INFO: --- Configuration files ---
26/02/2024 15:00:15 INFO: Generating configuration files.
26/02/2024 15:00:16 INFO: Generating the root certificate.
26/02/2024 15:00:16 INFO: Generating Admin certificates.
26/02/2024 15:00:16 INFO: Generating Wazuh indexer certificates.
26/02/2024 15:00:16 INFO: Generating Filebeat certificates.
26/02/2024 15:00:16 INFO: Generating Wazuh dashboard certificates.
26/02/2024 15:00:17 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 15:00:17 INFO: --- Wazuh indexer ---
26/02/2024 15:00:17 INFO: Starting Wazuh indexer installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed:
wazuh-indexer.x86_64 0:4.8.0-1
Complete!
26/02/2024 15:02:07 INFO: Wazuh indexer installation finished.
26/02/2024 15:02:07 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 15:02:07 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
26/02/2024 15:02:31 INFO: wazuh-indexer service started.
26/02/2024 15:02:31 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
26/02/2024 15:02:43 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 15:02:43 INFO: Wazuh indexer cluster initialized.
26/02/2024 15:02:43 INFO: --- Wazuh server ---
26/02/2024 15:02:43 INFO: Starting the Wazuh manager installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.8.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wazuh-manager x86_64 4.8.0-1 wazuh 267 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 267 M
Installed size: 855 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-manager-4.8.0-1.x86_64 1/1
Verifying : wazuh-manager-4.8.0-1.x86_64 1/1
Installed:
wazuh-manager.x86_64 0:4.8.0-1
Complete!
26/02/2024 15:03:43 INFO: Wazuh manager installation finished.
26/02/2024 15:03:43 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 15:03:43 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
26/02/2024 15:04:03 INFO: wazuh-manager service started.
26/02/2024 15:04:03 INFO: Starting Filebeat installation.
26/02/2024 15:04:59 INFO: Filebeat installation finished.
wazuh/
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
26/02/2024 15:05:01 INFO: Filebeat post-install configuration finished.
26/02/2024 15:05:01 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
26/02/2024 15:05:02 INFO: filebeat service started.
26/02/2024 15:05:02 INFO: --- Wazuh dashboard ---
26/02/2024 15:05:02 INFO: Starting Wazuh dashboard installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.8.0-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 273 M
Installed size: 902 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1
Installed:
wazuh-dashboard.x86_64 0:4.8.0-1
Complete!
26/02/2024 15:07:06 INFO: Wazuh dashboard installation finished.
26/02/2024 15:07:06 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 15:07:06 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
26/02/2024 15:07:06 INFO: wazuh-dashboard service started.
26/02/2024 15:07:11 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
26/02/2024 15:07:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
26/02/2024 15:08:53 INFO: Initializing Wazuh dashboard web application.
26/02/2024 15:08:53 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 15:09:09 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 15:09:24 INFO: Wazuh dashboard web application initialized.
26/02/2024 15:09:24 INFO: Installation finished.
[root@ip-172-31-47-43 ec2-user]#
Ubuntu 22 🟢Log on the console:root@ip-172-31-40-14:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && bash wazuh-install.sh -a
26/02/2024 17:51:51 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 17:51:51 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/02/2024 17:52:15 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/02/2024 17:52:15 INFO: Wazuh web interface port will be 443.
26/02/2024 17:52:22 INFO: --- Dependencies ----
26/02/2024 17:52:22 INFO: Installing apt-transport-https.
26/02/2024 17:52:36 INFO: Wazuh development repository added.
26/02/2024 17:52:36 INFO: --- Configuration files ---
26/02/2024 17:52:36 INFO: Generating configuration files.
26/02/2024 17:52:36 INFO: Generating the root certificate.
26/02/2024 17:52:36 INFO: Generating Admin certificates.
26/02/2024 17:52:37 INFO: Generating Wazuh indexer certificates.
26/02/2024 17:52:37 INFO: Generating Filebeat certificates.
26/02/2024 17:52:38 INFO: Generating Wazuh dashboard certificates.
26/02/2024 17:52:39 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 17:52:39 INFO: --- Wazuh indexer ---
26/02/2024 17:52:39 INFO: Starting Wazuh indexer installation.
26/02/2024 17:54:30 INFO: Wazuh indexer installation finished.
26/02/2024 17:54:30 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 17:54:30 INFO: Starting service wazuh-indexer.
26/02/2024 17:54:56 INFO: wazuh-indexer service started.
26/02/2024 17:54:56 INFO: Initializing Wazuh indexer cluster security settings.
26/02/2024 17:55:06 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 17:55:06 INFO: Wazuh indexer cluster initialized.
26/02/2024 17:55:06 INFO: --- Wazuh server ---
26/02/2024 17:55:06 INFO: Starting the Wazuh manager installation.
26/02/2024 17:56:55 INFO: Wazuh manager installation finished.
26/02/2024 17:56:55 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 17:56:55 INFO: Starting service wazuh-manager.
26/02/2024 17:57:20 INFO: wazuh-manager service started.
26/02/2024 17:57:20 INFO: Starting Filebeat installation.
26/02/2024 17:57:46 INFO: Filebeat installation finished.
26/02/2024 17:57:49 INFO: Filebeat post-install configuration finished.
26/02/2024 17:57:49 INFO: Starting service filebeat.
26/02/2024 17:57:51 INFO: filebeat service started.
26/02/2024 17:57:51 INFO: --- Wazuh dashboard ---
26/02/2024 17:57:51 INFO: Starting Wazuh dashboard installation.
26/02/2024 18:00:47 INFO: Wazuh dashboard installation finished.
26/02/2024 18:00:47 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 18:00:47 INFO: Starting service wazuh-dashboard.
26/02/2024 18:00:48 INFO: wazuh-dashboard service started.
26/02/2024 18:00:50 INFO: Updating the internal users.
26/02/2024 18:01:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
26/02/2024 18:02:29 INFO: Initializing Wazuh dashboard web application.
26/02/2024 18:02:29 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 18:02:46 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 18:03:01 INFO: Wazuh dashboard web application initialized.
26/02/2024 18:03:01 INFO: --- Summary ---
26/02/2024 18:03:01 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: aYTJvM7cig2woTdj6guS32QNTfuBQwG.
26/02/2024 18:03:01 INFO: Installation finished.
root@ip-172-31-40-14:/home/ubuntu#
Log in wazuh-install.logroot@ip-172-31-40-14:/home/ubuntu# cat /var/log/wazuh-install.log
26/02/2024 17:51:51 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 17:51:51 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1192 kB]
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1412 kB]
Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [277 kB]
Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [16.1 kB]
Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1490 kB]
Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [245 kB]
Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [520 B]
Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1049 kB]
Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [237 kB]
Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB]
Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [42.1 kB]
Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.1 kB]
Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B]
Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [41.7 kB]
Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [10.5 kB]
Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [24.3 kB]
Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B]
Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [217 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [11.4 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1452 kB]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [239 kB]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [520 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [842 kB]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [161 kB]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.1 kB]
Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7476 B]
Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B]
Fetched 29.8 MB in 5s (5710 kB/s)
Reading package lists...
26/02/2024 17:52:15 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/02/2024 17:52:15 INFO: Wazuh web interface port will be 443.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
26/02/2024 17:52:22 INFO: --- Dependencies ----
26/02/2024 17:52:22 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.11 [1510 B] Fetched 1510 B in 0s (90.1 kB/s) Selecting previously unselected pack(Reading database ... 64295 files and directories curren Preparing to unpack .../apt-transport-https_2.4.11_all. NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [37.1 kB]
Fetched 54.4 kB in 1s (51.0 kB/s)
Reading package lists...
26/02/2024 17:52:36 INFO: Wazuh development repository added.
26/02/2024 17:52:36 INFO: --- Configuration files ---
26/02/2024 17:52:36 INFO: Generating configuration files.
26/02/2024 17:52:36 INFO: Generating the root certificate.
26/02/2024 17:52:36 INFO: Generating Admin certificates.
26/02/2024 17:52:37 INFO: Generating Wazuh indexer certificates.
26/02/2024 17:52:37 INFO: Generating Filebeat certificates.
26/02/2024 17:52:38 INFO: Generating Wazuh dashboard certificates.
26/02/2024 17:52:39 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 17:52:39 INFO: --- Wazuh indexer ---
26/02/2024 17:52:39 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 749 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.8.0-1 [749 MB] Fetched 749 MB in 14s (52.0 MB/s) Selecting previously unselected package wazuh-indexe(Reading database ... 64299 files and directories curren Preparing to unpack .../wazuh-indexer_4.8.0-1_amd64.deb Created opensearch keystore in /etc/wazuh-indexer/opens NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
26/02/2024 17:54:30 INFO: Wazuh indexer installation finished.
26/02/2024 17:54:30 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 17:54:30 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
26/02/2024 17:54:56 INFO: wazuh-indexer service started.
26/02/2024 17:54:56 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
26/02/2024 17:55:06 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 17:55:06 INFO: Wazuh indexer cluster initialized.
26/02/2024 17:55:06 INFO: --- Wazuh server ---
26/02/2024 17:55:06 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 284 MB of archives. After this operation, 888 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.8.0-1 [284 MB] Fetched 284 MB in 6s (48.9 MB/s) Selecting previously unsele(Reading database ... 65472 files and directories curren Preparing to unpack .../wazuh-manager_4.8.0-1_amd64.deb NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
26/02/2024 17:56:55 INFO: Wazuh manager installation finished.
26/02/2024 17:56:55 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 17:56:55 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
26/02/2024 17:57:20 INFO: wazuh-manager service started.
26/02/2024 17:57:20 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 1s (15.7 MB/s) Selec(Reading database ... 87504 files and directories curren NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
26/02/2024 17:57:46 INFO: Filebeat installation finished.
wazuh/
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
26/02/2024 17:57:49 INFO: Filebeat post-install configuration finished.
26/02/2024 17:57:49 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
26/02/2024 17:57:51 INFO: filebeat service started.
26/02/2024 17:57:51 INFO: --- Wazuh dashboard ---
26/02/2024 17:57:51 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 186 MB of archives. After this operation, 987 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.8.0-1 [186 MB] Fetched 186 MB in 5s (37.0 MB/s) Selecting previously unselected package wazuh-dash(Reading database ... 87823 files and directories curren Preparing to unpack .../wazuh-dashboard_4.8.0-1_amd64.d NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
26/02/2024 18:00:47 INFO: Wazuh dashboard installation finished.
26/02/2024 18:00:47 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 18:00:47 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
26/02/2024 18:00:48 INFO: wazuh-dashboard service started.
26/02/2024 18:00:50 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
26/02/2024 18:01:00 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
26/02/2024 18:02:29 INFO: Initializing Wazuh dashboard web application.
26/02/2024 18:02:29 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 18:02:46 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 18:03:01 INFO: Wazuh dashboard web application initialized.
26/02/2024 18:03:01 INFO: Installation finished.
RHEL 9 🟡The RHEL9 system (4GB of RAM) failed on a first test because it did not have the enough free RAM memory. Using the Log in the console:[root@ip-172-31-45-182 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && bash wazuh-install.sh -a
26/02/2024 14:36:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 14:36:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/02/2024 14:36:19 INFO: --- Dependencies ---
26/02/2024 14:36:19 INFO: Installing lsof.
26/02/2024 14:36:37 WARNING: Hardware and system checks ignored.
26/02/2024 14:36:37 INFO: Wazuh web interface port will be 443.
26/02/2024 14:36:40 INFO: Wazuh development repository added.
26/02/2024 14:36:40 INFO: --- Configuration files ---
26/02/2024 14:36:40 INFO: Generating configuration files.
26/02/2024 14:36:40 INFO: Generating the root certificate.
26/02/2024 14:36:41 INFO: Generating Admin certificates.
26/02/2024 14:36:41 INFO: Generating Wazuh indexer certificates.
26/02/2024 14:36:41 INFO: Generating Filebeat certificates.
26/02/2024 14:36:42 INFO: Generating Wazuh dashboard certificates.
26/02/2024 14:36:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 14:36:42 INFO: --- Wazuh indexer ---
26/02/2024 14:36:42 INFO: Starting Wazuh indexer installation.
26/02/2024 14:39:12 INFO: Wazuh indexer installation finished.
26/02/2024 14:39:12 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 14:39:12 INFO: Starting service wazuh-indexer.
26/02/2024 14:39:35 INFO: wazuh-indexer service started.
26/02/2024 14:39:35 INFO: Initializing Wazuh indexer cluster security settings.
26/02/2024 14:39:46 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 14:39:46 INFO: Wazuh indexer cluster initialized.
26/02/2024 14:39:46 INFO: --- Wazuh server ---
26/02/2024 14:39:46 INFO: Starting the Wazuh manager installation.
26/02/2024 14:41:10 INFO: Wazuh manager installation finished.
26/02/2024 14:41:10 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 14:41:10 INFO: Starting service wazuh-manager.
26/02/2024 14:41:29 INFO: wazuh-manager service started.
26/02/2024 14:41:29 INFO: Starting Filebeat installation.
26/02/2024 14:42:09 INFO: Filebeat installation finished.
26/02/2024 14:42:10 INFO: Filebeat post-install configuration finished.
26/02/2024 14:42:10 INFO: Starting service filebeat.
26/02/2024 14:42:11 INFO: filebeat service started.
26/02/2024 14:42:11 INFO: --- Wazuh dashboard ---
26/02/2024 14:42:11 INFO: Starting Wazuh dashboard installation.
26/02/2024 14:46:45 INFO: Wazuh dashboard installation finished.
26/02/2024 14:46:45 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 14:46:45 INFO: Starting service wazuh-dashboard.
26/02/2024 14:46:46 INFO: wazuh-dashboard service started.
26/02/2024 14:46:50 INFO: Updating the internal users.
26/02/2024 14:46:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
26/02/2024 14:48:19 INFO: Initializing Wazuh dashboard web application.
26/02/2024 14:48:20 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 14:48:37 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 14:48:52 INFO: Wazuh dashboard web application initialized.
26/02/2024 14:48:52 INFO: --- Summary ---
26/02/2024 14:48:52 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: cb9n+E2L5w1FUxGkN45RwMYdmhs9keH.Log in wazuh-install.log[root@ip-172-31-45-182 ec2-user]# cat /var/log/wazuh-install.log
26/02/2024 14:36:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/02/2024 14:36:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/02/2024 14:36:19 INFO: --- Dependencies ---
26/02/2024 14:36:19 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 22 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 25 MB/s | 8.0 MB 00:00 Last metadata expiration check: 0:00:02 ago on Mon 26 Feb 2024 02:36:28 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 582 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.4 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 1.9 MB/s | 332 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 22 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 25 MB/s | 8.0 MB 00:00 Last metadata expiration check: 0:00:02 ago on Mon 26 Feb 2024 02:36:28 PM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-2.el9 baseos 93 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 332 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-2.el9.x86_64.rpm 582 kB/s | 93 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 1.4 MB/s | 239 kB 00:00 -------------------------------------------------------------------------------- Total 1.9 MB/s | 332 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-2.el9.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
38 files removed
26/02/2024 14:36:37 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/02/2024 14:36:37 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
26/02/2024 14:36:40 INFO: Wazuh development repository added.
26/02/2024 14:36:40 INFO: --- Configuration files ---
26/02/2024 14:36:40 INFO: Generating configuration files.
26/02/2024 14:36:40 INFO: Generating the root certificate.
26/02/2024 14:36:41 INFO: Generating Admin certificates.
26/02/2024 14:36:41 INFO: Generating Wazuh indexer certificates.
26/02/2024 14:36:41 INFO: Generating Filebeat certificates.
26/02/2024 14:36:42 INFO: Generating Wazuh dashboard certificates.
26/02/2024 14:36:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/02/2024 14:36:42 INFO: --- Wazuh indexer ---
26/02/2024 14:36:42 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStre 70 MB/s | 29 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS 61 MB/s | 17 MB 00:00
Red Hat Enterprise Linux 9 Client Configuration 20 kB/s | 2.2 kB 00:00
EL-9 - Wazuh 14 MB/s | 24 MB 00:01
Last metadata expiration check: 0:00:01 ago on Mon 26 Feb 2024 02:36:58 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.8.0-1 wazuh 743 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm 24 MB/s | 743 MB 00:31
--------------------------------------------------------------------------------
Total 24 MB/s | 743 MB 00:31
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Installing : wazuh-indexer-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.8.0-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-indexer-4.8.0-1.x86_64
Complete!
26/02/2024 14:39:12 INFO: Wazuh indexer installation finished.
26/02/2024 14:39:12 INFO: Wazuh indexer post-install configuration finished.
26/02/2024 14:39:12 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
26/02/2024 14:39:35 INFO: wazuh-indexer service started.
26/02/2024 14:39:35 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
26/02/2024 14:39:46 INFO: Wazuh indexer cluster security configuration initialized.
26/02/2024 14:39:46 INFO: Wazuh indexer cluster initialized.
26/02/2024 14:39:46 INFO: --- Wazuh server ---
26/02/2024 14:39:46 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:02:49 ago on Mon 26 Feb 2024 02:36:58 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-manager x86_64 4.8.0-1 wazuh 267 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 267 M
Installed size: 855 M
Downloading Packages:
wazuh-manager-4.8.0-1.x86_64.rpm 45 MB/s | 267 MB 00:05
--------------------------------------------------------------------------------
Total 45 MB/s | 267 MB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Installing : wazuh-manager-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-manager-4.8.0-1.x86_64 1/1
Verifying : wazuh-manager-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-manager-4.8.0-1.x86_64
Complete!
26/02/2024 14:41:10 INFO: Wazuh manager installation finished.
26/02/2024 14:41:10 INFO: Wazuh manager vulnerability detection configuration finished.
26/02/2024 14:41:10 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
26/02/2024 14:41:29 INFO: wazuh-manager service started.
26/02/2024 14:41:29 INFO: Starting Filebeat installation.
Installed:
filebeat-7.10.2-1.x86_64
26/02/2024 14:42:09 INFO: Filebeat installation finished.
wazuh/
wazuh/alerts/
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/archives/
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/module.yml
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
26/02/2024 14:42:10 INFO: Filebeat post-install configuration finished.
26/02/2024 14:42:10 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
26/02/2024 14:42:11 INFO: filebeat service started.
26/02/2024 14:42:11 INFO: --- Wazuh dashboard ---
26/02/2024 14:42:11 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:05:14 ago on Mon 26 Feb 2024 02:36:58 PM UTC.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
wazuh-dashboard x86_64 4.8.0-1 wazuh 273 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 273 M
Installed size: 902 M
Downloading Packages:
wazuh-dashboard-4.8.0-1.x86_64.rpm 32 MB/s | 273 MB 00:08
--------------------------------------------------------------------------------
Total 32 MB/s | 273 MB 00:08
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Installing : wazuh-dashboard-4.8.0-1.x86_64 1/1
Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64 1/1
Verifying : wazuh-dashboard-4.8.0-1.x86_64 1/1
Installed products updated.
Installed:
wazuh-dashboard-4.8.0-1.x86_64
Complete!
26/02/2024 14:46:45 INFO: Wazuh dashboard installation finished.
26/02/2024 14:46:45 INFO: Wazuh dashboard post-install configuration finished.
26/02/2024 14:46:45 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
26/02/2024 14:46:46 INFO: wazuh-dashboard service started.
26/02/2024 14:46:50 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
26/02/2024 14:46:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
26/02/2024 14:48:19 INFO: Initializing Wazuh dashboard web application.
26/02/2024 14:48:20 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 14:48:37 INFO: Wazuh dashboard web application not yet initialized. Waiting...
26/02/2024 14:48:52 INFO: Wazuh dashboard web application initialized.
26/02/2024 14:48:52 INFO: --- Dependencies ---
26/02/2024 14:48:52 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-2.el9 @baseos 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-2.el9.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-2.el9.x86_64 2/2 Verifying : libtirpc-1.3.3-2.el9.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-2.el9.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
26/02/2024 14:48:54 INFO: Installation finished.
|
Installed packages 🟢Amazon Linux 2 🟢[root@ip-172-31-47-43 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.8.0-1.x86_64 Mon 26 Feb 2024 03:06:40 PM UTC
filebeat-7.10.2-1.x86_64 Mon 26 Feb 2024 03:04:15 PM UTC
wazuh-manager-4.8.0-1.x86_64 Mon 26 Feb 2024 03:03:23 PM UTC
wazuh-indexer-4.8.0-1.x86_64 Mon 26 Feb 2024 03:01:47 PM UTC
gpg-pubkey-29111145-591cd381 Mon 26 Feb 2024 03:00:15 PM UTC
Ubuntu 22 🟢root@ip-172-31-40-14:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-02-26 17:52:24 install apt-transport-https:all <none> 2.4.11
2024-02-26 17:52:55 install wazuh-indexer:amd64 <none> 4.8.0-1
2024-02-26 17:55:14 install wazuh-manager:amd64 <none> 4.8.0-1
2024-02-26 17:57:25 install filebeat:amd64 <none> 7.10.2
2024-02-26 17:57:59 install wazuh-dashboard:amd64 <none> 4.8.0-1
RHEL 9 🟢[root@ip-172-31-45-182 ec2-user]# rpm -qa --last | head -n 20
rh-amazon-rhui-client-4.0.14-1.el9.noarch Mon 26 Feb 2024 04:12:39 PM UTC
wazuh-dashboard-4.8.0-1.x86_64 Mon 26 Feb 2024 02:46:06 PM UTC
filebeat-7.10.2-1.x86_64 Mon 26 Feb 2024 02:41:34 PM UTC
wazuh-manager-4.8.0-1.x86_64 Mon 26 Feb 2024 02:40:36 PM UTC
wazuh-indexer-4.8.0-1.x86_64 Mon 26 Feb 2024 02:39:04 PM UTC
gpg-pubkey-29111145-591cd381 Mon 26 Feb 2024 02:36:40 PM UTC
gpg-pubkey-8483c65d-5ccc5b19 Mon 26 Feb 2024 02:36:34 PM UTC
|
Wazuh indexer logs 🔴Opened issue: wazuh/wazuh-indexer#167 [root@ip-172-31-47-43 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: failed (Result: signal) since Mon 2024-02-26 15:14:54 UTC; 3h 7min ago
Docs: https://documentation.wazuh.com
Process: 16640 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=killed, signal=KILL)
Main PID: 16640 (code=killed, signal=KILL)
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: ...
Feb 26 15:02:31 ip-172-31-47-43.ec2.internal systemd[1]: ...
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: ...
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: ...
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: ...
Hint: Some lines were ellipsized, use -l to show in full.
[root@ip-172-31-47-43 ec2-user]#
× wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: failed (Result: oom-kill) since Mon 2024-02-26 16:12:37 UTC; 2h 9min ago
Duration: 1h 33min 1.910s
Docs: https://documentation.wazuh.com
Process: 14842 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --qui>
Main PID: 14842 (code=killed, signal=KILL)
CPU: 12min 15.082s
Feb 26 14:39:16 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager will >
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: A terminally deprecated method i>
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager has b>
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: Please consider reporting this t>
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager will >
Feb 26 14:39:35 ip-172-31-45-182.ec2.internal systemd[1]: Started Wazuh-indexer.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: A process of this unit has been k>
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed,>
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'oom-kill'.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 12min 15.082s CPU time.
~After consulting the [2024-02-26T15:04:17,941][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:18,044][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:59176}
[2024-02-26T15:04:19,529][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:19,552][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:48908}
[2024-02-26T15:04:23,434][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:23,442][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:48914}
[2024-02-26T15:04:29,785][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:29,799][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:42496}
[2024-02-26T15:04:41,017][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:41,034][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:44352}
[2024-02-26T15:05:10,542][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:05:10,554][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:59334}
[2024-02-26T15:06:07,737][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:06:07,745][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:33012}
[2024-02-26T15:06:58,531][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:06:58,541][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52146}
[2024-02-26T15:07:33,575][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:07:33,578][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:46760}
[2024-02-26T15:07:47,388][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:07:49,320][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:07:52,963][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:00,982][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:15,698][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:16,783][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52240
[2024-02-26T15:08:19,335][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52092
[2024-02-26T15:08:23,823][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52096
[2024-02-26T15:08:32,614][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:39312
[root@ip-172-31-47-43 ec2-user]# Amazon Linux 2 🔴Agent status[root@ip-172-31-47-43 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-02-26 18:29:27 UTC; 33min ago
Docs: https://documentation.wazuh.com
Main PID: 24485 (java)
CGroup: /system.slice/wazuh-indexer.service
└─24485 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.network...
Feb 26 18:28:57 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: A termina...
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::s...
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: Please co...
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::s...
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: A termina...
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::s...
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: Please co...
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::s...
Feb 26 18:29:27 ip-172-31-47-43.ec2.internal systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.
[root@ip-172-31-47-43 ec2-user]#
Service status[root@ip-172-31-47-43 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Mon 2024-02-26 12:16:48 UTC, end at Mon 2024-02-26 19:03:40 UTC. --
Feb 26 12:57:47 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 12:57:50 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 12:57:50 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 12:57:50 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 12:57:50 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 12:57:52 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 12:57:52 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 12:57:52 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 12:57:52 ip-172-31-47-43.ec2.internal systemd-entrypoint[7609]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 12:58:12 ip-172-31-47-43.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 13:10:29 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service: main process exited, code=killed, status=9/KILL
Feb 26 13:10:29 ip-172-31-47-43.ec2.internal systemd[1]: Unit wazuh-indexer.service entered failed state.
Feb 26 13:10:29 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service failed.
Feb 26 14:07:16 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 14:07:20 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:07:20 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:07:20 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 14:07:20 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:07:22 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:07:22 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:07:22 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 14:07:22 ip-172-31-47-43.ec2.internal systemd-entrypoint[11242]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:07:47 ip-172-31-47-43.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 14:49:50 ip-172-31-47-43.ec2.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Feb 26 14:49:50 ip-172-31-47-43.ec2.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Feb 26 14:54:24 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 14:54:27 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:54:27 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:54:27 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 14:54:27 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:54:29 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:54:29 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:54:29 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 14:54:29 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: uncaught exception in thread [main]
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: java.lang.IllegalStateException: failed to load plugin opensearch-dashboards due to jar hell
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: Likely root cause: java.nio.file.NoSuchFileException: /usr/share/wazuh-indexer/lib/lucene-analysis-common-9.7.0.jar
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:148)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.nio.file.Files.readAttributes(Files.java:1851)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1394)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:716)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:250)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:179)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.jar.JarFile.<init>(JarFile.java:346)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.jar.JarFile.<init>(JarFile.java:317)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at java.base/java.util.jar.JarFile.<init>(JarFile.java:256)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.JarHell.checkJarHell(JarHell.java:203)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.plugins.PluginsService.checkBundleJarHell(PluginsService.java:679)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:531)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.plugins.PluginsService.<init>(PluginsService.java:195)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.node.Node.<init>(Node.java:474)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.node.Node.<init>(Node.java:401)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:180)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.cli.Command.main(Command.java:101)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103)
Feb 26 14:54:31 ip-172-31-47-43.ec2.internal systemd-entrypoint[13692]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Feb 26 14:54:32 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service: main process exited, code=exited, status=1/FAILURE
Feb 26 14:54:32 ip-172-31-47-43.ec2.internal systemd[1]: Failed to start Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has failed.
--
-- The result is failed.
Feb 26 14:54:32 ip-172-31-47-43.ec2.internal systemd[1]: Unit wazuh-indexer.service entered failed state.
Feb 26 14:54:32 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service failed.
Feb 26 15:02:07 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 15:02:10 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 15:02:13 ip-172-31-47-43.ec2.internal systemd-entrypoint[16640]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 15:02:31 ip-172-31-47-43.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service: main process exited, code=killed, status=9/KILL
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: Unit wazuh-indexer.service entered failed state.
Feb 26 15:14:54 ip-172-31-47-43.ec2.internal systemd[1]: wazuh-indexer.service failed.
Feb 26 18:28:57 ip-172-31-47-43.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 18:29:01 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 18:29:04 ip-172-31-47-43.ec2.internal systemd-entrypoint[24485]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:29:27 ip-172-31-47-43.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
[root@ip-172-31-47-43 ec2-user]#
ErrorsNormal errors of uninitialized indexes. [root@ip-172-31-47-43 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-02-26T15:02:13,041][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1931m, -Xmx1931m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-879946681491616264, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=1012924416, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T15:02:25,582][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T15:02:25,638][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T15:02:25,646][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T15:02:27,231][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T15:02:29,613][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T15:02:31,756][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T15:02:32,294][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T15:02:32,838][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,838][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,838][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,839][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,839][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,839][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,839][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,840][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,840][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:02:32,840][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T15:04:17,941][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:18,044][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:59176}
[2024-02-26T15:04:19,529][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:19,552][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:48908}
[2024-02-26T15:04:23,434][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:23,442][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:48914}
[2024-02-26T15:04:29,785][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:29,799][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:42496}
[2024-02-26T15:04:41,017][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:04:41,034][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:44352}
[2024-02-26T15:05:10,542][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:05:10,554][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:59334}
[2024-02-26T15:06:07,737][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:06:07,745][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:33012}
[2024-02-26T15:06:58,531][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:06:58,541][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52146}
[2024-02-26T15:07:33,575][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T15:07:33,578][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:46760}
[2024-02-26T15:07:47,388][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:07:49,320][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:07:52,963][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:00,982][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:15,698][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50466
[2024-02-26T15:08:16,783][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52240
[2024-02-26T15:08:19,335][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52092
[2024-02-26T15:08:23,823][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52096
[2024-02-26T15:08:32,614][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:39312
[2024-02-26T18:29:04,317][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1931m, -Xmx1931m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-12905792505371769158, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=1012924416, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T18:29:20,652][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T18:29:20,730][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T18:29:20,740][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T18:29:22,732][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T18:29:25,400][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T18:29:27,933][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T18:29:28,294][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/uS0IPO9sS_m483WGVN5KHw] already exists
[2024-02-26T18:29:28,313][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2024-02-26T18:29:29,078][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,079][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,079][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,079][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,080][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,080][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,080][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,093][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@424155c0] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:29,600][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:29,660][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:29,665][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:29,669][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:31,414][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:31,419][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:31,423][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:31,430][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:33,915][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:33,922][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:33,934][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:33,939][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:36,415][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:36,420][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:36,425][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:36,430][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:38,916][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:38,921][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:38,925][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:38,929][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:39,229][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:41,416][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:41,419][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:41,424][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:41,428][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
Ubuntu 22 🟡Agent statusroot@ip-172-31-40-14:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-02-26 18:29:41 UTC; 33min ago
Docs: https://documentation.wazuh.com
Main PID: 4610 (java)
Tasks: 68 (limit: 9425)
Memory: 2.2G
CPU: 1min 33.751s
CGroup: /system.slice/wazuh-indexer.service
└─4610 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -D>
Feb 26 18:28:58 ip-172-31-40-14 systemd[1]: Starting Wazuh-indexer...
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: A terminally deprecated method in java.lang.Sys>
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager has been called by o>
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: Please consider reporting this to the maintaine>
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager will be removed in a>
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: A terminally deprecated method in java.lang.Sys>
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager has been called by o>
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: Please consider reporting this to the maintaine>
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager will be removed in a>
Feb 26 18:29:41 ip-172-31-40-14 systemd[1]: Started Wazuh-indexer.
lines 1-21/21 (END)
Service statusroot@ip-172-31-40-14:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager
Feb 26 17:54:31 ip-172-31-40-14 systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 2485.
Feb 26 17:54:34 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 17:54:34 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 17:54:34 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 17:54:34 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 17:54:36 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 17:54:36 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 17:54:36 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 17:54:36 ip-172-31-40-14 systemd-entrypoint[4358]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 17:54:56 ip-172-31-40-14 systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 2485.
-- Boot 0b9577ec790042788b7e2fa195c6c88e --
Feb 26 18:19:18 ip-172-31-40-14 systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 145.
Feb 26 18:19:30 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:19:30 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:19:30 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 18:19:30 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:19:37 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:19:37 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:19:37 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 18:19:37 ip-172-31-40-14 systemd-entrypoint[455]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:20:25 ip-172-31-40-14 systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 145.
Feb 26 18:28:57 ip-172-31-40-14 systemd[1]: Stopping Wazuh-indexer...
░░ Subject: A stop job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 1422.
Feb 26 18:28:58 ip-172-31-40-14 systemd[1]: wazuh-indexer.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-indexer.service has successfully entered the 'dead' state.
Feb 26 18:28:58 ip-172-31-40-14 systemd[1]: Stopped Wazuh-indexer.
░░ Subject: A stop job for unit wazuh-indexer.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-indexer.service has finished.
░░
░░ The job identifier is 1422 and the job result is done.
Feb 26 18:28:58 ip-172-31-40-14 systemd[1]: wazuh-indexer.service: Consumed 1min 19.782s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:28:58 ip-172-31-40-14 systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 1422.
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 18:29:02 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 18:29:06 ip-172-31-40-14 systemd-entrypoint[4610]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:29:41 ip-172-31-40-14 systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 1422.
ErrorsNormal errors of uninitialized indexes. root@ip-172-31-40-14:/home/ubuntu# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-02-26T17:54:36,790][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1937m, -Xmx1937m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-10521888770738068276, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=1016070144, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T17:54:49,931][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T17:54:49,984][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T17:54:49,986][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T17:54:51,536][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T17:54:52,229][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,249][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,250][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,250][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,251][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,251][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,252][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,252][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,253][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,253][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,253][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,254][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,254][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,254][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,255][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,268][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,276][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,277][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,278][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,284][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,284][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,284][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,285][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,285][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,286][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,286][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,286][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,287][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,287][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,288][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,288][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,288][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,289][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,289][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,289][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:52,290][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T17:54:53,945][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T17:54:56,021][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T17:54:56,140][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,140][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,140][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,141][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,141][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,159][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,160][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,160][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,160][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,160][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T17:54:56,617][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:01:57,956][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60066
[2024-02-26T18:01:58,850][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60082
[2024-02-26T18:02:00,905][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60090
[2024-02-26T18:02:00,910][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60082
[2024-02-26T18:02:05,341][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60082
[2024-02-26T18:02:06,789][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:36564
[2024-02-26T18:02:13,090][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60082
[2024-02-26T18:02:15,869][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:46802
[2024-02-26T18:19:37,725][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1937m, -Xmx1937m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-16263705808092255345, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=1016070144, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T18:20:14,242][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T18:20:14,342][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T18:20:14,343][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T18:20:17,353][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T18:20:21,508][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,521][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,526][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,527][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,536][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,539][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,539][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,540][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,545][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,545][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,545][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,546][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,551][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,552][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,553][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,554][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,568][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,574][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,580][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,580][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,581][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,581][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,583][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,583][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,583][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,585][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,586][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,586][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,591][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,596][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,596][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,597][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,597][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,597][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,598][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,598][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:20:21,627][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T18:20:25,579][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T18:20:26,336][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/czvePCgNSkGMXxogmBvlfg] already exists
[2024-02-26T18:20:26,376][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2024-02-26T18:20:26,787][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,788][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,796][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,797][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,799][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,799][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:26,800][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@75806e60] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:20:27,771][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:27,845][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:27,850][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:27,868][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:29,611][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:29,615][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:29,619][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:29,623][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:32,114][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:32,120][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:32,132][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:32,138][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:34,616][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:34,620][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:34,625][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:34,628][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:37,116][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:37,128][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:37,133][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:37,137][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:39,616][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:39,623][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:39,629][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:20:39,634][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:06,665][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1937m, -Xmx1937m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-13540621612074998962, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=1016070144, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T18:29:29,901][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T18:29:30,017][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T18:29:30,028][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T18:29:33,316][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T18:29:35,948][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,951][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,952][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,952][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,953][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,953][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,953][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,954][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,954][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,955][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,969][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,969][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,970][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,970][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,970][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,971][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,982][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,984][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,985][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,986][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,986][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,987][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,995][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,997][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:35,998][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,004][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,005][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,005][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,005][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,006][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,006][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,006][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,015][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,016][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,016][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:36,016][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-02-26T18:29:37,208][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T18:29:41,151][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T18:29:41,687][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/czvePCgNSkGMXxogmBvlfg] already exists
[2024-02-26T18:29:41,726][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2024-02-26T18:29:42,234][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,234][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,235][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,235][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,235][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,235][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,235][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,236][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,236][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:42,236][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@21274d0a] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:29:44,068][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:44,183][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:44,204][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:44,235][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:44,578][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:45,126][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:45,131][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:45,136][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:45,140][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:47,625][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:47,630][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:47,638][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:47,647][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:50,125][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:50,131][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:50,141][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:50,148][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:52,624][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:52,628][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:52,631][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:52,635][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:55,127][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:55,133][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:55,141][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:29:55,145][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
root@ip-172-31-40-14:/home/ubuntu#
RHEL 9 🔴Agent status[root@ip-172-31-45-182 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-02-26 18:52:19 UTC; 10min ago
Docs: https://documentation.wazuh.com
Main PID: 25600 (java)
Tasks: 70 (limit: 48194)
Memory: 4.1G
CPU: 1min 26.706s
CGroup: /system.slice/wazuh-indexer.service
└─25600 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 ->
Feb 26 18:51:56 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: A terminally deprecated method i>
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager has b>
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: Please consider reporting this t>
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager will >
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: A terminally deprecated method i>
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager has b>
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: Please consider reporting this t>
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager will >
Feb 26 18:52:19 ip-172-31-45-182.ec2.internal systemd[1]: Started Wazuh-indexer.
lines 1-21/21 (END)
Service status[root@ip-172-31-45-182 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Feb 26 14:39:12 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 2218.
Feb 26 14:39:16 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:39:16 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:39:16 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 14:39:16 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 14:39:18 ip-172-31-45-182.ec2.internal systemd-entrypoint[14842]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 14:39:35 ip-172-31-45-182.ec2.internal systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 2218.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: A process of this unit has been killed by the OOM killer.
░░ Subject: A process of wazuh-indexer.service unit has been killed by the OOM killer.
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A process of unit @UNIT has been killed by the Linux kernel out-of-memory (OOM)
░░ killer logic. This usually indicates that the system is low on memory and that
░░ memory needed to be freed. A process associated with wazuh-indexer.service has been determined
░░ as the best process to terminate and has been forcibly terminated by the
░░ kernel.
░░
░░ Note that the memory pressure might or might not have been caused by wazuh-indexer.service.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed, status=9/KILL
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'killed' and its exit status is 9.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'oom-kill'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'oom-kill'.
Feb 26 16:12:37 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 12min 15.082s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:28:57 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 5913.
Feb 26 18:29:05 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed, status=9/KILL
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'killed' and its exit status is 9.
Feb 26 18:29:05 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'signal'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'signal'.
Feb 26 18:29:05 ip-172-31-45-182.ec2.internal systemd[1]: Failed to start Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 5913 and the job result is failed.
Feb 26 18:29:05 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 6.290s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:29:48 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 6004.
Feb 26 18:29:54 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed, status=9/KILL
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'killed' and its exit status is 9.
Feb 26 18:29:54 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'signal'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'signal'.
Feb 26 18:29:54 ip-172-31-45-182.ec2.internal systemd[1]: Failed to start Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 6004 and the job result is failed.
Feb 26 18:29:54 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 5.684s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:31:26 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 6361.
Feb 26 18:31:33 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed, status=9/KILL
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'killed' and its exit status is 9.
Feb 26 18:31:33 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'signal'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'signal'.
Feb 26 18:31:33 ip-172-31-45-182.ec2.internal systemd[1]: Failed to start Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 6361 and the job result is failed.
Feb 26 18:31:33 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 5.668s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:34:29 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 6538.
Feb 26 18:34:36 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Main process exited, code=killed, status=9/KILL
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'killed' and its exit status is 9.
Feb 26 18:34:36 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Failed with result 'signal'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'signal'.
Feb 26 18:34:36 ip-172-31-45-182.ec2.internal systemd[1]: Failed to start Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 6538 and the job result is failed.
Feb 26 18:34:36 ip-172-31-45-182.ec2.internal systemd[1]: wazuh-indexer.service: Consumed 5.020s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
Feb 26 18:51:56 ip-172-31-45-182.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 7061.
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 26 18:51:59 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 26 18:52:01 ip-172-31-45-182.ec2.internal systemd-entrypoint[25600]: WARNING: System::setSecurityManager will be removed in a future release
Feb 26 18:52:19 ip-172-31-45-182.ec2.internal systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 7061.
[root@ip-172-31-45-182 ec2-user]# ErrorsNormal errors of uninitialized indexes. [root@ip-172-31-45-182 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-02-26T18:52:01,830][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3804m, -Xmx3804m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-2776478495654455344, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=1994391552, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-26T18:52:14,325][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-26T18:52:14,375][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-02-26T18:52:14,380][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-26T18:52:15,860][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-02-26T18:52:18,011][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-26T18:52:19,914][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-02-26T18:52:20,393][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-02-26T18:52:21,013][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,014][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,014][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,025][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,025][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,025][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,026][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,026][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,026][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:21,032][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-02-26T18:52:39,484][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:52:39,504][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:35082}
[2024-02-26T18:53:13,493][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:53:13,505][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:35692}
[2024-02-26T18:53:53,248][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:53:53,260][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51830}
[2024-02-26T18:54:27,606][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:54:27,609][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:57902}
[2024-02-26T18:55:22,309][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:55:22,319][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:57076}
[2024-02-26T18:56:22,220][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:56:22,234][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:45558}
[2024-02-26T18:57:18,181][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
[2024-02-26T18:57:18,198][WARN ][o.o.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:51110}
[2024-02-26T18:58:00,871][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:02,585][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:05,111][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:12,764][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:21,924][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:28,357][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:56548
[2024-02-26T18:58:31,250][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:37034
[2024-02-26T18:58:36,407][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:37042
[2024-02-26T18:58:43,934][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:53428
[2024-02-26T18:58:45,667][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:50868 |
|
The test goes to On hold due to #22141. I can not proceed with the test because the VMs crash due to the leak. |
|
This issue will be closed because we cannot continue until #22141 is resolved. It will be tested again in 4.8.0 - Beta 3 |
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Installation assistant information
Description
Test installation assistant with the
-aoption in the following OSs:Checks
Checks legend:
Status legend:
⚫ - Pending/In progress
⚪ - Skipped
🔴 - Rejected
🟡 - Known issue
🟢 - Approved
Conclusion
Some issues were found and they were reported.
Auditor's validation
In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.
The text was updated successfully, but these errors were encountered: