Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 4.9.0 - RC 2 - Vulnerability Detection performance test #25507

Closed
rafabailon opened this issue Sep 2, 2024 · 8 comments
Closed

Release 4.9.0 - RC 2 - Vulnerability Detection performance test #25507

rafabailon opened this issue Sep 2, 2024 · 8 comments

Comments

@rafabailon
Copy link
Member

rafabailon commented Sep 2, 2024

Tests information

Main release stage issue #25475
Main Vulnerability Detection tests issue #25503
Version 4.9.0
Release stage RC 2
Tag https://github.com/wazuh/wazuh/tree/v4.9.0-rc2
Previous Vulnerability performance tests issue #25403

Description

The objective is to conduct performance tests to analyze the vulnerability detection module across varying environment loads: high, medium, and low. This comparative analysis will provide a comprehensive understanding of the current status of the vulnerability detection module and will help identify any unexpected behavior.

Methodology

Utilizing the CLUSTER-Workload_benchmarks_metrics pipeline to execute specified test cases automatically. Results will be manually analyzed and shared with the development team for validation adjustments.

Test Cases

Case Description Workers Indexers Agents EPS Frequency Number of Vulnerable Packages Time
Medium Activity Simulate a medium-sized environment with moderate activity 2 2 50 10 60 100 3h
High Activity Simulate a large-scale environment with significant activity 2 2 200 50 60 100 3h
Very High Activity Simulate a large-scale environment with significant activity 25 3 50000 1 60 100 1h

Considerations

  • KIBANA_API_REQUESTS should be enabled
  • EXTRA_LOAD_API_REQUESTS should be enabled
  • Due to the current operation of the simulator and how it does the EPS distribution with the frequency, we can expect the actual EPS to be about half, so it is necessary to set twice as much.

Builds

Conclusion 🔴

Known Issues 🟡

New issue 🔴

@rafabailon
Copy link
Member Author

rafabailon commented Sep 2, 2024

Moved to On hold until the builds are finished:

Relaunch of medium case due to failure in the graphs and very high activity case due it has failed:

@wazuhci wazuhci moved this from In progress to On hold in Release 4.9.0 Sep 2, 2024
@santipadilla santipadilla self-assigned this Sep 2, 2024
@wazuhci wazuhci moved this from On hold to In progress in Release 4.9.0 Sep 3, 2024
@santipadilla
Copy link
Member

santipadilla commented Sep 3, 2024

Medium Activity

Artifacts: artifacts.zip

Comparision: Compared with #24504

Build: https://ci.wazuh.info/job/CLUSTER-Workload_benchmarks_metrics/666/


Logs 🟡

Summary

Master 🟡
2024/09/02 11:47:37 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 11:47:37 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-X-X-X-X.ec2.internal', retrying until the connection is successful.
2024/09/02 12:01:18 wazuh-remoted: ERROR: (1320): Agent '000' not found.
Worker 1 🟡
  • Expected errors:
2024/09/02 13:41:56 wazuh-analysisd: WARNING: Syscollector decoder queue is full.
2024/09/02 11:47:37 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 11:47:37 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-X-X-X-X.ec2.internal', retrying until the connection is successful.
Worker 2 🟡
  • Expected errors:
2024/09/02 13:50:52 wazuh-analysisd: WARNING: Syscollector decoder queue is full.
2024/09/02 11:47:38 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 11:47:38 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-X-X-X-X.ec2.internal', retrying until the connection is successful.
Indexer 1 🟡
  • Expected opensearch warnings:
[2024-09-02T11:43:32,398][WARN ][o.o.s.c.Salt             ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes

[2024-09-02T11:43:32,433][WARN ][o.o.s.a.r.AuditMessageRouter] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] No default storage available, audit log may not work properly. Please check configuration.

[2024-09-02T11:43:33,312][WARN ][o.o.s.p.SQLPlugin        ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information

[2024-09-02T11:43:34,440][WARN ][o.o.g.DanglingIndicesState] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually

[2024-09-02T11:43:37,075][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Config override setting update called with empty string. Ignoring.

[2024-09-02T11:43:37,778][WARN ][o.o.o.i.ObservabilityIndex] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] message: index [.opensearch-observability/Ngx0a502T3G0YdK1PlkpTA] already exists
[2024-09-02T11:43:33,870][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Fail to read queue capacity via reflection
[2024-09-02T11:43:38,890][WARN ][o.o.p.c.u.JsonConverter  ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-02T11:43:32,432][ERROR][o.o.s.a.s.SinkProvider   ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-02T11:43:33,875][ERROR][o.o.p.c.j.GCMetrics      ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] MX bean missing: G1 Concurrent GC
[2024-09-02T11:43:51,110][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-02T11:43:37,872][WARN ][o.o.s.SecurityAnalyticsPlugin] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Failed to initialize LogType config index and builtin log types
Indexer 2 🟡
  • Expected opensearch warnings:
[2024-09-02T11:43:32,398][WARN ][o.o.s.c.Salt             ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes

[2024-09-02T11:43:32,433][WARN ][o.o.s.a.r.AuditMessageRouter] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] No default storage available, audit log may not work properly. Please check configuration.

[2024-09-02T11:43:33,312][WARN ][o.o.s.p.SQLPlugin        ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information

[2024-09-02T11:43:34,440][WARN ][o.o.g.DanglingIndicesState] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually

[2024-09-02T11:43:37,075][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Config override setting update called with empty string. Ignoring.

[2024-09-02T11:43:37,778][WARN ][o.o.o.i.ObservabilityIndex] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] message: index [.opensearch-observability/Ngx0a502T3G0YdK1PlkpTA] already exists
[2024-09-02T11:43:33,870][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Fail to read queue capacity via reflection
[2024-09-02T11:43:38,890][WARN ][o.o.p.c.u.JsonConverter  ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-02T11:43:32,432][ERROR][o.o.s.a.s.SinkProvider   ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-02T11:43:33,875][ERROR][o.o.p.c.j.GCMetrics      ] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] MX bean missing: G1 Concurrent GC
[2024-09-02T11:43:38,106][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-02T11:43:37,872][WARN ][o.o.s.SecurityAnalyticsPlugin] [CLUSTER-Workload_benchmarks_metrics_B666_indexer_1] Failed to initialize LogType config index and builtin log types
Dashboard 🟢
  • No logs

Metrics and Statistics 🟡

Master 🟡
  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

  • Stats: wazuhdbd

wazuh-wazuhdb_api_stats_Agent queries breakdown
wazuh-wazuhdb_api_stats_Agent tables breakdown
wazuh-wazuhdb_api_stats_Database queries counts
wazuh-wazuhdb_api_stats_Global agent queries
wazuh-wazuhdb_api_stats_Global group queries
wazuh-wazuhdb_api_stats_Global queries breakdown
wazuh-wazuhdb_api_stats_Queries time metrics
wazuh-wazuhdb_api_stats_Task queries breakdown

  • Stats: remoted

wazuh-remote_api_stats_Bytes received
wazuh-remote_api_stats_Events sent and count
wazuh-remote_api_stats_Queue status
wazuh-remote_api_stats_TCP sessions

  • Stats: logcollectord

active-responses_log_Bytes sent
active-responses_log_Events dropped
active-responses_log_Events generated
audit_log_Bytes sent
audit_log_Events dropped
audit_log_Events generated
df_Bytes sent
df_Events dropped
df_Events generated
journald_Bytes sent
journald_Events dropped
journald_Events generated
last_Bytes sent
last_Events dropped
last_Events generated
netstat_Bytes sent
netstat_Events dropped
netstat_Events generated

Dashboard 🟢
  • No anomalies detected

  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

@rafabailon
Copy link
Member Author

rafabailon commented Sep 3, 2024

High Activity

Build: CLUSTER-Workload_benchmarks_metrics/667/
Report: artifacts.zip
Comparision: Compared with #24504

Logs 🟡

Master 🟡
2024/09/02 15:40:54 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 15:40:54 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-10-253.ec2.internal', retrying until the connection is successful.
2024/09/02 15:54:50 wazuh-remoted: ERROR: (1320): Agent '000' not found.
Worker 1 🟡
  • Expected Errors
2024/09/02 15:55:41 wazuh-analysisd: WARNING: Syscollector decoder queue is full.
2024/09/02 16:26:24 wazuh-remoted: WARNING: Message queue is full (131072). Events may be lost.
2024/09/02 15:40:53 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 15:40:53 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-1-233.ec2.internal', retrying until the connection is successful.
Worker 2 🟡
  • Expected Errors
2024/09/02 15:55:44 wazuh-analysisd: WARNING: Syscollector decoder queue is full.
2024/09/02 15:56:00 wazuh-remoted: WARNING: Message queue is full (131072). Events may be lost.
2024/09/02 15:40:53 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/09/02 15:40:53 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-2-238.ec2.internal', retrying until the connection is successful.
2024/09/02 15:55:40 wazuh-remoted: WARNING: Package dropped. Could not append data into buffer.
2024/09/02 15:55:40 wazuh-remoted: WARNING: (1246): Unable to send file 'merged.mg' to agent ID '092'.
Indexer 0 🟡
  • Expected Warnings
[2024-09-02T15:36:57,477][WARN ][o.o.s.c.Salt             ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-02T15:36:57,516][WARN ][o.o.s.a.r.AuditMessageRouter] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] No default storage available, audit log may not work properly. Please check configuration
[2024-09-02T15:36:58,351][WARN ][o.o.s.p.SQLPlugin        ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information.
[2024-09-02T15:36:59,426][WARN ][o.o.g.DanglingIndicesState] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-09-02T15:37:01,488][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Config override setting update called with empty string. Ignoring.
[2024-09-02T15:36:59,474][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Fail to read queue capacity via reflection
[2024-09-02T15:37:04,494][WARN ][o.o.p.c.u.JsonConverter  ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-02T15:36:57,515][ERROR][o.o.s.a.s.SinkProvider   ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Default endpoint could not be created, auditlog will not work properly.
[2024-09-02T15:36:59,471][ERROR][o.o.p.c.j.GCMetrics      ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] MX bean missing: G1 Concurrent GC
[2024-09-02T15:37:02,420][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_0] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
Indexer 1 🟡
  • Expected Warnings
[2024-09-02T15:36:57,647][WARN ][o.o.s.c.Salt             ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-02T15:36:57,681][WARN ][o.o.s.a.r.AuditMessageRouter] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] No default storage available, audit log may not work properly. Please check configuration.
[2024-09-02T15:36:58,547][WARN ][o.o.s.p.SQLPlugin        ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-09-02T15:37:01,475][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Config override setting update called with empty string. Ignoring.
[2024-09-02T15:37:02,084][WARN ][o.o.o.i.ObservabilityIndex] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] message: index [.opensearch-observability/kes8L5raQf623sRwI7YZNg] already exists
[2024-09-02T15:39:59,964][WARN ][o.o.s.c.ConfigurationRepository] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Unable to reload configuration, initalization thread has not yet completed.
[2024-09-02T15:36:59,280][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Fail to read queue capacity via reflection
[2024-09-02T15:37:04,291][WARN ][o.o.p.c.u.JsonConverter  ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-02T15:36:57,680][ERROR][o.o.s.a.s.SinkProvider   ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-02T15:36:59,293][ERROR][o.o.p.c.j.GCMetrics      ] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] MX bean missing: G1 Concurrent GC
[2024-09-02T15:37:02,513][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [CLUSTER-Workload_benchmarks_metrics_B667_indexer_1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
Dashboard 🟢

No logs

Metrics and Statistics 🟡

Master 🟡

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - logcollectord

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - remoted

image

image

image

image

  • Stats - wazuhdbd

image

image

image

image

image

image

image

image

Worker 1 🟢
  • Metrics

    • No Abnormalities Detected
  • Statistics

    • remoted - Queue status: Increase in Queue usage (compared to 4.8.1 - RC 2) (similar to 4.9.0 - RC 1)
  • Binaries

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - logcollectord

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - remoted

image

image

image

image

  • Stats - wazuhdbd

image

image

image

image

image

image

image

image


Note: I have compared the graphs with 4.8.1 - RC 2 and 4.9.0 - RC 1. The graphs have differences with 4.8.1 - RC 2 but are similar to 4.9.0 - RC 1. I have noted the most significant differences.


Continued at #25507 (comment)

@santipadilla
Copy link
Member

santipadilla commented Sep 3, 2024

Medium activity

Metrics and statistics 🟡

Worker 1 🟡
  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

  • Stats: wazuhdbd

wazuh-wazuhdb_api_stats_Agent queries breakdown
wazuh-wazuhdb_api_stats_Agent tables breakdown
wazuh-wazuhdb_api_stats_Database queries counts
wazuh-wazuhdb_api_stats_Global agent queries
wazuh-wazuhdb_api_stats_Global group queries
wazuh-wazuhdb_api_stats_Global queries breakdown
wazuh-wazuhdb_api_stats_Queries time metrics
wazuh-wazuhdb_api_stats_Task queries breakdown

  • Stats: remoted

wazuh-remote_api_stats_Bytes received
wazuh-remote_api_stats_Events sent and count
wazuh-remote_api_stats_Queue status
wazuh-remote_api_stats_TCP sessions

  • Stats: logcollectord

active-responses_log_Bytes sent
active-responses_log_Events dropped
active-responses_log_Events generated
audit_log_Bytes sent
audit_log_Events dropped
audit_log_Events generated
df_Bytes sent
df_Events dropped
df_Events generated
journald_Bytes sent
journald_Events dropped
journald_Events generated
last_Bytes sent
last_Events dropped
last_Events generated
netstat_Bytes sent
netstat_Events dropped
netstat_Events generated

Worker 2 🟡
  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

  • Stats: wazuhdbd

wazuh-wazuhdb_api_stats_Agent queries breakdown
wazuh-wazuhdb_api_stats_Agent tables breakdown
wazuh-wazuhdb_api_stats_Database queries counts
wazuh-wazuhdb_api_stats_Global agent queries
wazuh-wazuhdb_api_stats_Global group queries
wazuh-wazuhdb_api_stats_Global queries breakdown
wazuh-wazuhdb_api_stats_Queries time metrics
wazuh-wazuhdb_api_stats_Task queries breakdown

  • Stats: remoted

wazuh-remote_api_stats_Bytes received
wazuh-remote_api_stats_Events sent and count
wazuh-remote_api_stats_Queue status
wazuh-remote_api_stats_TCP sessions

  • Stats: logcollectord

active-responses_log_Bytes sent
active-responses_log_Events dropped
active-responses_log_Events generated
audit_log_Bytes sent
audit_log_Events dropped
audit_log_Events generated
df_Bytes sent
df_Events dropped
df_Events generated
journald_Bytes sent
journald_Events dropped
journald_Events generated
last_Bytes sent
last_Events dropped
last_Events generated
netstat_Bytes sent
netstat_Events dropped
netstat_Events generated

Indexer 1 🟢
  • No anomalities detected

  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

  • Stats

wazuh-alerts_api_stats_Different alerts
wazuh-alerts_api_stats_Total alerts
wazuh-vulnerabilities_api_stats_Total Vulnerabilities

Indexer 2 🟢
  • No anomalities detected

  • Binaries

CPU
Disk_Read
Disk_Read_Speed
Disk_Write_Speed
Disk_Written
FD
PSS
Read_Ops
RSS
SWAP
USS
VMS
Write_Ops

  • Stats

wazuh-alerts_api_stats_Different alerts
wazuh-alerts_api_stats_Total alerts
wazuh-vulnerabilities_api_stats_Total Vulnerabilities

Vulnerability State 🟢

wazuh-vulnerabilities_api_stats_Total Vulnerabilities

Alerts 🟢

wazuh-alerts_api_stats_Total alerts

@rafabailon
Copy link
Member Author

rafabailon commented Sep 3, 2024

High Activity

Metrics and Statistics 🟡

Worker 2 🟡
  • Metrics

    • No Abnormalities Detected
  • Statistics

    • remoted - Queue status: Increase in Queue usage
  • Binaries

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - logcollectord

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats - remoted

image

image

image

image

  • Stats - wazuhdbd

image

image

image

image

image

image

image

image

Indexer 0 🟢
  • Metrics

    • No Abnormalities Detected
  • Statistics

    • No Abnormalities Detected
  • Binaries

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats

image

image

image

Indexer 1 🟢
  • Metrics

    • No Abnormalities Detected
  • Statistics

    • No Abnormalities Detected
  • Binaries

image

image

image

image

image

image

image

image

image

image

image

image

image

  • Stats

image

image

image

Dashboard 🟢
  • Metrics

    • No Abnormalities Detected
  • Binaries

image

image

image

image

image

image

image

image

image

image

image

image

image

Vulnerabilities State 🟢

image

Alerts 🟢

image


Note: I have compared the graphs with 4.8.1 - RC 2 and 4.9.0 - RC 1. The graphs have differences with 4.8.1 - RC 2 but are similar to 4.9.0 - RC 1. I have noted the most significant differences.


Start at #25507 (comment)

@santipadilla
Copy link
Member

ETA increase due to relaunch of very high and medium activity cases.

@santipadilla
Copy link
Member

santipadilla commented Sep 4, 2024

Update

@wazuhci wazuhci moved this from In progress to Pending review in Release 4.9.0 Sep 4, 2024
@Rebits Rebits moved this from Pending review to In review in Release 4.9.0 Sep 4, 2024
@Rebits
Copy link
Member

Rebits commented Sep 4, 2024

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Status: Done
Development

No branches or pull requests

4 participants