-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.9.1 - RC 1 - Installation assistant #25850
Comments
EnvironmentAmazon Linux 2023[root@ip-172-31-42-84 ec2-user]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240916"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15" Ubuntu 22root@ip-172-31-42-212:/home/ubuntu# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy RHEL 9[root@ip-172-31-34-143 ec2-user]# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2" Amazon Linux 2023 - Offline[root@ip-172-31-41-102 ec2-user]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.5.20240916"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15" Proof of no internet connection[root@ip-172-31-41-102 ec2-user]# ping google.com
PING google.com (142.251.167.100) 56(84) bytes of data.
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3091ms |
Install LogsAmazon Linux 2023 🟢Logs on the console:[root@ip-172-31-42-84 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
23/09/2024 08:17:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:17:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 08:17:56 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:17:56 INFO: Wazuh web interface port will be 443.
23/09/2024 08:17:57 INFO: Wazuh development repository added.
23/09/2024 08:17:57 INFO: --- Configuration files ---
23/09/2024 08:17:57 INFO: Generating configuration files.
23/09/2024 08:17:58 INFO: Generating the root certificate.
23/09/2024 08:17:58 INFO: Generating Admin certificates.
23/09/2024 08:17:58 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:17:59 INFO: Generating Filebeat certificates.
23/09/2024 08:17:59 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:18:00 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:18:01 INFO: --- Wazuh indexer ---
23/09/2024 08:18:01 INFO: Starting Wazuh indexer installation.
23/09/2024 08:19:01 INFO: Wazuh indexer installation finished.
23/09/2024 08:19:01 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:19:01 INFO: Starting service wazuh-indexer.
23/09/2024 08:19:29 INFO: wazuh-indexer service started.
23/09/2024 08:19:29 INFO: Initializing Wazuh indexer cluster security settings.
23/09/2024 08:19:38 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:19:38 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:19:38 INFO: --- Wazuh server ---
23/09/2024 08:19:38 INFO: Starting the Wazuh manager installation.
23/09/2024 08:21:08 INFO: Wazuh manager installation finished.
23/09/2024 08:21:08 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:21:08 INFO: Starting service wazuh-manager.
23/09/2024 08:21:29 INFO: wazuh-manager service started.
23/09/2024 08:21:29 INFO: Starting Filebeat installation.
23/09/2024 08:21:50 INFO: Filebeat installation finished.
23/09/2024 08:21:51 INFO: Filebeat post-install configuration finished.
23/09/2024 08:21:51 INFO: Starting service filebeat.
23/09/2024 08:21:53 INFO: filebeat service started.
23/09/2024 08:21:53 INFO: --- Wazuh dashboard ---
23/09/2024 08:21:53 INFO: Starting Wazuh dashboard installation.
23/09/2024 08:24:36 INFO: Wazuh dashboard installation finished.
23/09/2024 08:24:36 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:24:36 INFO: Starting service wazuh-dashboard.
23/09/2024 08:24:37 INFO: wazuh-dashboard service started.
23/09/2024 08:24:38 INFO: Updating the internal users.
23/09/2024 08:24:47 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
23/09/2024 08:25:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
23/09/2024 08:26:05 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:26:05 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:26:21 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:26:36 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:26:36 INFO: --- Summary ---
23/09/2024 08:26:36 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: SGZe.XVV4WHf13f.db98tpwmM21ob6jF
23/09/2024 08:26:37 INFO: Installation finished. Logs in wazuh-install.log:[root@ip-172-31-42-84 ec2-user]# cat /var/log/wazuh-install.log
23/09/2024 08:17:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:17:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 08:17:56 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:17:56 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
23/09/2024 08:17:57 INFO: Wazuh development repository added.
23/09/2024 08:17:57 INFO: --- Configuration files ---
23/09/2024 08:17:57 INFO: Generating configuration files.
23/09/2024 08:17:58 INFO: Generating the root certificate.
23/09/2024 08:17:58 INFO: Generating Admin certificates.
23/09/2024 08:17:58 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:17:59 INFO: Generating Filebeat certificates.
23/09/2024 08:17:59 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:18:00 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:18:01 INFO: --- Wazuh indexer ---
23/09/2024 08:18:01 INFO: Starting Wazuh indexer installation.
EL-2023.5.20240916 - Wazuh 17 MB/s | 30 MB 00:01 Last metadata expiration check: 0:00:12 ago on Mon Sep 23 08:18:02 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.1-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.1-1.x86_64.rpm 76 MB/s | 813 MB 00:10 -------------------------------------------------------------------------------- Total 76 MB/s | 813 MB 00:10 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 Installing : wazuh-indexer-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.1-1.x86_64 1/1 Installed: wazuh-indexer-4.9.1-1.x86_64 Complete!
23/09/2024 08:19:01 INFO: Wazuh indexer installation finished.
23/09/2024 08:19:01 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:19:01 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
23/09/2024 08:19:29 INFO: wazuh-indexer service started.
23/09/2024 08:19:29 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
23/09/2024 08:19:38 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:19:38 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:19:38 INFO: --- Wazuh server ---
23/09/2024 08:19:38 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:01:36 ago on Mon Sep 23 08:18:02 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.1-1 wazuh 309 M Transaction Summary ================================================================================ Install 1 Package Total download size: 309 M Installed size: 863 M Downloading Packages: wazuh-manager-4.9.1-1.x86_64.rpm 42 MB/s | 309 MB 00:07 -------------------------------------------------------------------------------- Total 42 MB/s | 309 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Installing : wazuh-manager-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Verifying : wazuh-manager-4.9.1-1.x86_64 1/1 Installed: wazuh-manager-4.9.1-1.x86_64 Complete!
23/09/2024 08:21:08 INFO: Wazuh manager installation finished.
23/09/2024 08:21:08 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:21:08 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
23/09/2024 08:21:29 INFO: wazuh-manager service started.
23/09/2024 08:21:29 INFO: Starting Filebeat installation.
Last metadata expiration check: 0:03:28 ago on Mon Sep 23 08:18:02 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 15 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 15 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat-7.10.2-1.x86_64 Complete!
23/09/2024 08:21:50 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:21:51 INFO: Filebeat post-install configuration finished.
23/09/2024 08:21:51 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
23/09/2024 08:21:53 INFO: filebeat service started.
23/09/2024 08:21:53 INFO: --- Wazuh dashboard ---
23/09/2024 08:21:53 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:03:53 ago on Mon Sep 23 08:18:02 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.1-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.1-1.x86_64.rpm 53 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 53 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.1-1.x86_64 1/1 Installed: wazuh-dashboard-4.9.1-1.x86_64 Complete!
23/09/2024 08:24:36 INFO: Wazuh dashboard installation finished.
23/09/2024 08:24:36 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:24:36 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
23/09/2024 08:24:37 INFO: wazuh-dashboard service started.
23/09/2024 08:24:38 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
23/09/2024 08:24:47 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:25:13 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
23/09/2024 08:26:05 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:26:05 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:26:21 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:26:36 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:26:37 INFO: Installation finished. Ubuntu 22 🟢Logs on the console:root@ip-172-31-42-212:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
23/09/2024 08:18:03 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:18:03 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 08:18:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:18:32 INFO: Wazuh web interface port will be 443.
23/09/2024 08:18:43 INFO: --- Dependencies ----
23/09/2024 08:18:43 INFO: Installing apt-transport-https.
23/09/2024 08:18:54 INFO: Installing debhelper.
23/09/2024 08:19:40 INFO: Wazuh development repository added.
23/09/2024 08:19:40 INFO: --- Configuration files ---
23/09/2024 08:19:40 INFO: Generating configuration files.
23/09/2024 08:19:41 INFO: Generating the root certificate.
23/09/2024 08:19:42 INFO: Generating Admin certificates.
23/09/2024 08:19:42 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:19:42 INFO: Generating Filebeat certificates.
23/09/2024 08:19:43 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:19:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:19:44 INFO: --- Wazuh indexer ---
23/09/2024 08:19:44 INFO: Starting Wazuh indexer installation.
23/09/2024 08:20:32 INFO: Wazuh indexer installation finished.
23/09/2024 08:20:32 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:20:32 INFO: Starting service wazuh-indexer.
23/09/2024 08:20:58 INFO: wazuh-indexer service started.
23/09/2024 08:20:58 INFO: Initializing Wazuh indexer cluster security settings.
23/09/2024 08:21:08 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:21:08 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:21:08 INFO: --- Wazuh server ---
23/09/2024 08:21:08 INFO: Starting the Wazuh manager installation.
23/09/2024 08:22:56 INFO: Wazuh manager installation finished.
23/09/2024 08:22:56 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:22:56 INFO: Starting service wazuh-manager.
23/09/2024 08:23:20 INFO: wazuh-manager service started.
23/09/2024 08:23:20 INFO: Starting Filebeat installation.
23/09/2024 08:23:42 INFO: Filebeat installation finished.
23/09/2024 08:23:44 INFO: Filebeat post-install configuration finished.
23/09/2024 08:23:44 INFO: Starting service filebeat.
23/09/2024 08:23:45 INFO: filebeat service started.
23/09/2024 08:23:45 INFO: --- Wazuh dashboard ---
23/09/2024 08:23:45 INFO: Starting Wazuh dashboard installation.
23/09/2024 08:26:53 INFO: Wazuh dashboard installation finished.
23/09/2024 08:26:53 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:26:53 INFO: Starting service wazuh-dashboard.
23/09/2024 08:26:54 INFO: wazuh-dashboard service started.
23/09/2024 08:26:57 INFO: Updating the internal users.
23/09/2024 08:27:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
23/09/2024 08:27:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
23/09/2024 08:28:21 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:28:21 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:37 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:52 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:28:52 INFO: --- Summary ---
23/09/2024 08:28:52 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: 01i6DmjFVgZR4jaWgj94OTDL3BsKYF?e
23/09/2024 08:28:52 INFO: Installation finished. Logs in wazuh-install.log:root@ip-172-31-42-212:/home/ubuntu# cat /var/log/wazuh-install.log
23/09/2024 08:18:03 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:18:03 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1839 kB]
Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [2061 kB]
Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [356 kB]
Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [17.8 kB]
Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2499 kB]
Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [430 kB]
Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [616 B]
Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1125 kB]
Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [261 kB]
Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [26.1 kB]
Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB]
Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB]
Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [444 B]
Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.8 kB]
Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.1 kB]
Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.8 kB]
Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [672 B]
Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [298 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13.3 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2431 kB]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [418 kB]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [584 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [905 kB]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [177 kB]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19.3 kB]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB]
Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B]
Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [228 B]
Fetched 33.9 MB in 6s (5254 kB/s)
Reading package lists...
23/09/2024 08:18:32 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:18:32 INFO: Wazuh web interface port will be 443.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
23/09/2024 08:18:43 INFO: --- Dependencies ----
23/09/2024 08:18:43 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 219 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.13 [1510 B] Fetched 1510 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
23/09/2024 08:18:54 INFO: Installing debhelper.
Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 215 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-122.132 [1322 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.10 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [41.1 kB]
Fetched 58.4 kB in 1s (56.2 kB/s)
Reading package lists...
23/09/2024 08:19:40 INFO: Wazuh development repository added.
23/09/2024 08:19:40 INFO: --- Configuration files ---
23/09/2024 08:19:40 INFO: Generating configuration files.
23/09/2024 08:19:41 INFO: Generating the root certificate.
23/09/2024 08:19:42 INFO: Generating Admin certificates.
23/09/2024 08:19:42 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:19:42 INFO: Generating Filebeat certificates.
23/09/2024 08:19:43 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:19:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:19:44 INFO: --- Wazuh indexer ---
23/09/2024 08:19:44 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 215 not upgraded. Need to get 850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.9.1-1 [850 MB] Fetched 850 MB in 16s (53.7 MB ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
23/09/2024 08:20:32 INFO: Wazuh indexer installation finished.
23/09/2024 08:20:32 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:20:32 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
23/09/2024 08:20:58 INFO: wazuh-indexer service started.
23/09/2024 08:20:58 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
23/09/2024 08:21:08 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:21:08 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:21:08 INFO: --- Wazuh server ---
23/09/2024 08:21:08 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 215 not upgraded. Need to get 329 MB of archives. After this operation, 897 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.9.1-1 [329 MB] Fetc NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
23/09/2024 08:22:56 INFO: Wazuh manager installation finished.
23/09/2024 08:22:56 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:22:56 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
23/09/2024 08:23:20 INFO: wazuh-manager service started.
23/09/2024 08:23:20 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 215 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 1s (18.1 MB/s) Selec NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
23/09/2024 08:23:42 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:23:44 INFO: Filebeat post-install configuration finished.
23/09/2024 08:23:44 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
23/09/2024 08:23:45 INFO: filebeat service started.
23/09/2024 08:23:45 INFO: --- Wazuh dashboard ---
23/09/2024 08:23:45 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 215 not upgraded. Need to get 166 MB of archives. After this operation, 935 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.9.1-1 [166 MB] Fetched 166 MB in 5s (35.1 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
23/09/2024 08:26:53 INFO: Wazuh dashboard installation finished.
23/09/2024 08:26:53 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:26:53 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
23/09/2024 08:26:54 INFO: wazuh-dashboard service started.
23/09/2024 08:26:57 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
23/09/2024 08:27:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:27:31 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
23/09/2024 08:28:21 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:28:21 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:37 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:52 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:28:52 INFO: Installation finished. RHEL 9 🟢Logs on the console:[root@ip-172-31-34-143 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
23/09/2024 08:18:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:18:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 08:18:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:18:09 INFO: Wazuh web interface port will be 443.
23/09/2024 08:18:09 INFO: --- Dependencies ---
23/09/2024 08:18:09 INFO: Installing lsof.
23/09/2024 08:18:38 INFO: Wazuh development repository added.
23/09/2024 08:18:38 INFO: --- Configuration files ---
23/09/2024 08:18:38 INFO: Generating configuration files.
23/09/2024 08:18:38 INFO: Generating the root certificate.
23/09/2024 08:18:39 INFO: Generating Admin certificates.
23/09/2024 08:18:39 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:18:40 INFO: Generating Filebeat certificates.
23/09/2024 08:18:40 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:18:41 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:18:41 INFO: --- Wazuh indexer ---
23/09/2024 08:18:41 INFO: Starting Wazuh indexer installation.
23/09/2024 08:19:43 INFO: Wazuh indexer installation finished.
23/09/2024 08:19:43 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:19:43 INFO: Starting service wazuh-indexer.
23/09/2024 08:20:08 INFO: wazuh-indexer service started.
23/09/2024 08:20:08 INFO: Initializing Wazuh indexer cluster security settings.
23/09/2024 08:20:17 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:20:17 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:20:17 INFO: --- Wazuh server ---
23/09/2024 08:20:17 INFO: Starting the Wazuh manager installation.
23/09/2024 08:21:47 INFO: Wazuh manager installation finished.
23/09/2024 08:21:48 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:21:48 INFO: Starting service wazuh-manager.
23/09/2024 08:22:08 INFO: wazuh-manager service started.
23/09/2024 08:22:08 INFO: Starting Filebeat installation.
23/09/2024 08:22:45 INFO: Filebeat installation finished.
23/09/2024 08:22:46 INFO: Filebeat post-install configuration finished.
23/09/2024 08:22:46 INFO: Starting service filebeat.
23/09/2024 08:22:47 INFO: filebeat service started.
23/09/2024 08:22:47 INFO: --- Wazuh dashboard ---
23/09/2024 08:22:47 INFO: Starting Wazuh dashboard installation.
23/09/2024 08:27:08 INFO: Wazuh dashboard installation finished.
23/09/2024 08:27:08 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:27:08 INFO: Starting service wazuh-dashboard.
23/09/2024 08:27:10 INFO: wazuh-dashboard service started.
23/09/2024 08:27:10 INFO: Updating the internal users.
23/09/2024 08:27:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
23/09/2024 08:27:47 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
23/09/2024 08:28:40 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:28:40 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:56 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:29:11 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:29:11 INFO: --- Summary ---
23/09/2024 08:29:11 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: ln3B+GAR2.l++p33lsOH9pryGDpaF4u7
23/09/2024 08:29:11 INFO: --- Dependencies ---
23/09/2024 08:29:11 INFO: Removing lsof.
23/09/2024 08:29:13 INFO: Installation finished. Logs in wazuh-install.log:[root@ip-172-31-34-143 ec2-user]# cat /var/log/wazuh-install.log
23/09/2024 08:18:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 08:18:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
25 files removed
23/09/2024 08:18:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 08:18:09 INFO: Wazuh web interface port will be 443.
23/09/2024 08:18:09 INFO: --- Dependencies ---
23/09/2024 08:18:09 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 85 MB/s | 41 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 18 MB/s | 31 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 13 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 3.9 MB/s | 241 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.5 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 3.6 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 85 MB/s | 41 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 18 MB/s | 31 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 13 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 3.9 MB/s | 241 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.5 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 3.6 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
23/09/2024 08:18:38 INFO: Wazuh development repository added.
23/09/2024 08:18:38 INFO: --- Configuration files ---
23/09/2024 08:18:38 INFO: Generating configuration files.
23/09/2024 08:18:38 INFO: Generating the root certificate.
23/09/2024 08:18:39 INFO: Generating Admin certificates.
23/09/2024 08:18:39 INFO: Generating Wazuh indexer certificates.
23/09/2024 08:18:40 INFO: Generating Filebeat certificates.
23/09/2024 08:18:40 INFO: Generating Wazuh dashboard certificates.
23/09/2024 08:18:41 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 08:18:41 INFO: --- Wazuh indexer ---
23/09/2024 08:18:41 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 17 MB/s | 30 MB 00:01 Last metadata expiration check: 0:00:09 ago on Mon 23 Sep 2024 08:18:43 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.1-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.1-1.x86_64.rpm 89 MB/s | 813 MB 00:09 -------------------------------------------------------------------------------- Total 89 MB/s | 813 MB 00:09 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 Installing : wazuh-indexer-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.9.1-1.x86_64 Complete!
23/09/2024 08:19:43 INFO: Wazuh indexer installation finished.
23/09/2024 08:19:43 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 08:19:43 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
23/09/2024 08:20:08 INFO: wazuh-indexer service started.
23/09/2024 08:20:08 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
23/09/2024 08:20:17 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 08:20:17 INFO: Wazuh indexer cluster initialized.
23/09/2024 08:20:17 INFO: --- Wazuh server ---
23/09/2024 08:20:17 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:45 ago on Mon 23 Sep 2024 08:19:33 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.1-1 wazuh 309 M Transaction Summary ================================================================================ Install 1 Package Total download size: 309 M Installed size: 863 M Downloading Packages: wazuh-manager-4.9.1-1.x86_64.rpm 96 MB/s | 309 MB 00:03 -------------------------------------------------------------------------------- Total 95 MB/s | 309 MB 00:03 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Installing : wazuh-manager-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Verifying : wazuh-manager-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.9.1-1.x86_64 Complete!
23/09/2024 08:21:47 INFO: Wazuh manager installation finished.
23/09/2024 08:21:48 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 08:21:48 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
23/09/2024 08:22:08 INFO: wazuh-manager service started.
23/09/2024 08:22:08 INFO: Starting Filebeat installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:36 ago on Mon 23 Sep 2024 08:19:33 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 10 MB/s | 21 MB 00:01 -------------------------------------------------------------------------------- Total 10 MB/s | 21 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete!
23/09/2024 08:22:45 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:22:46 INFO: Filebeat post-install configuration finished.
23/09/2024 08:22:46 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
23/09/2024 08:22:47 INFO: filebeat service started.
23/09/2024 08:22:47 INFO: --- Wazuh dashboard ---
23/09/2024 08:22:47 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:16 ago on Mon 23 Sep 2024 08:19:33 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.1-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.1-1.x86_64.rpm 55 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 55 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.9.1-1.x86_64 Complete!
23/09/2024 08:27:08 INFO: Wazuh dashboard installation finished.
23/09/2024 08:27:08 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 08:27:08 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
23/09/2024 08:27:10 INFO: wazuh-dashboard service started.
23/09/2024 08:27:10 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
23/09/2024 08:27:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
23/09/2024 08:27:47 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
23/09/2024 08:28:40 INFO: Initializing Wazuh dashboard web application.
23/09/2024 08:28:40 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:28:56 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 08:29:11 INFO: Wazuh dashboard web application initialized.
23/09/2024 08:29:11 INFO: --- Dependencies ---
23/09/2024 08:29:11 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @rhel-9-baseos-rhui-rpms 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
23/09/2024 08:29:13 INFO: Installation finished. Amazon Linux 2023 - Offline 🟢Downloading packages and configuration files in other instance:➜ 4.9.1-rc1 sudo ./wazuh-install.sh -dw rpm
[sudo] password for carlos:
23/09/2024 10:17:27 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 10:17:27 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 10:17:35 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 10:17:35 INFO: --- Download Packages ---
23/09/2024 10:17:35 INFO: Starting Wazuh packages download.
23/09/2024 10:17:35 INFO: Downloading Wazuh rpm packages for x86_64.
23/09/2024 10:17:54 INFO: The manager package was downloaded.
23/09/2024 10:17:56 INFO: The filebeat package was downloaded.
23/09/2024 10:18:32 INFO: The indexer package was downloaded.
23/09/2024 10:18:45 INFO: The dashboard package was downloaded.
23/09/2024 10:18:45 INFO: The packages are in wazuh-offline/wazuh-packages
23/09/2024 10:18:45 INFO: Downloading configuration files and assets.
23/09/2024 10:18:46 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
23/09/2024 10:18:47 INFO: The resource https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded.
23/09/2024 10:18:47 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.9.1-rc1/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
23/09/2024 10:18:48 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
23/09/2024 10:18:48 INFO: The configuration files and assets are in wazuh-offline.tar.gz
23/09/2024 10:19:22 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
➜ 4.9.1-rc1 curl -sO https://packages-dev.wazuh.com/4.9/config.yml
➜ 4.9.1-rc1 subl config.yml
➜ 4.9.1-rc1 sudo ./wazuh-install.sh -g
[sudo] password for carlos:
23/09/2024 10:53:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 10:53:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 10:53:26 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 10:53:26 INFO: --- Configuration files ---
23/09/2024 10:53:26 INFO: Generating configuration files.
23/09/2024 10:53:27 INFO: Generating the root certificate.
23/09/2024 10:53:27 INFO: Generating Admin certificates.
23/09/2024 10:53:27 INFO: Generating Wazuh indexer certificates.
23/09/2024 10:53:27 INFO: Generating Filebeat certificates.
23/09/2024 10:53:27 INFO: Generating Wazuh dashboard certificates.
23/09/2024 10:53:28 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. Logs on the console:[root@ip-172-31-41-102 ec2-user]# ls
wazuh-install-files.tar wazuh-install.sh wazuh-offline.tar.gz
[root@ip-172-31-41-102 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
23/09/2024 09:03:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 09:03:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 09:03:43 INFO: Checking installed dependencies for Offline installation.
23/09/2024 09:03:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 09:03:46 INFO: Checking prerequisites for Offline installation.
23/09/2024 09:03:46 INFO: Checking wazuh-offline.tar.gz file.
23/09/2024 09:04:00 INFO: --- Wazuh indexer ---
23/09/2024 09:04:00 INFO: Starting Wazuh indexer installation.
23/09/2024 09:04:25 INFO: Wazuh indexer installation finished.
23/09/2024 09:04:25 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 09:04:25 INFO: Starting service wazuh-indexer.
23/09/2024 09:04:50 INFO: wazuh-indexer service started.
23/09/2024 09:04:50 INFO: Initializing Wazuh indexer cluster security settings.
23/09/2024 09:04:50 INFO: Wazuh indexer cluster initialized.
23/09/2024 09:04:51 INFO: Installation finished.
[root@ip-172-31-41-102 ec2-user]# bash wazuh-install.sh --offline-installation --start-cluster
23/09/2024 09:05:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 09:05:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 09:05:08 INFO: Checking installed dependencies for Offline installation.
23/09/2024 09:05:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 09:05:11 INFO: Checking wazuh-offline.tar.gz file.
23/09/2024 09:05:18 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 09:05:34 INFO: Updating the internal users.
23/09/2024 09:05:39 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
23/09/2024 09:05:57 INFO: Wazuh indexer cluster started.
[root@ip-172-31-41-102 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
indexer_username: 'admin'
indexer_password: 'mOA8g1m.l58y4L59RUr3yVSokay*RzI7'
[root@ip-172-31-41-102 ec2-user]# curl -k -u admin:mOA8g1m.l58y4L59RUr3yVSokay*RzI7 https://127.0.0.1:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "4HFKp1dISYed2GotU5OX4Q",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "44213e57352e29e68206cc34e9ab3a377bebd983",
"build_date" : "2024-09-20T13:18:25.050429Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-41-102 ec2-user]# curl -k -u admin:mOA8g1m.l58y4L59RUr3yVSokay*RzI7 https://127.0.0.1:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
127.0.0.1 52 70 14 0.07 0.37 0.22 dimr data,ingest,master,remote_cluster_client * node-1
[root@ip-172-31-41-102 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
23/09/2024 09:10:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 09:10:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 09:10:06 INFO: Checking installed dependencies for Offline installation.
23/09/2024 09:10:09 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 09:10:09 INFO: Checking wazuh-offline.tar.gz file.
23/09/2024 09:10:10 INFO: --- Wazuh server ---
23/09/2024 09:10:10 INFO: Starting the Wazuh manager installation.
23/09/2024 09:11:24 INFO: Wazuh manager installation finished.
23/09/2024 09:11:24 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 09:11:24 INFO: Starting service wazuh-manager.
23/09/2024 09:11:44 INFO: wazuh-manager service started.
23/09/2024 09:11:44 INFO: Starting Filebeat installation.
23/09/2024 09:11:51 INFO: Filebeat installation finished.
23/09/2024 09:11:52 INFO: Filebeat post-install configuration finished.
23/09/2024 09:11:53 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
23/09/2024 09:12:21 INFO: Starting service filebeat.
23/09/2024 09:12:22 INFO: filebeat service started.
23/09/2024 09:12:22 INFO: Installation finished.
[root@ip-172-31-41-102 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
23/09/2024 09:13:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 09:13:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 09:13:01 INFO: Checking installed dependencies for Offline installation.
23/09/2024 09:13:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 09:13:24 INFO: Wazuh web interface port will be 443.
23/09/2024 09:13:24 INFO: Checking prerequisites for Offline installation.
23/09/2024 09:13:25 INFO: Checking wazuh-offline.tar.gz file.
23/09/2024 09:13:26 INFO: --- Wazuh dashboard ----
23/09/2024 09:13:26 INFO: Starting Wazuh dashboard installation.
23/09/2024 09:15:40 INFO: Wazuh dashboard installation finished.
23/09/2024 09:15:40 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 09:15:40 INFO: Starting service wazuh-dashboard.
23/09/2024 09:15:41 INFO: wazuh-dashboard service started.
23/09/2024 09:16:05 INFO: Initializing Wazuh dashboard web application.
23/09/2024 09:16:06 INFO: Wazuh dashboard web application initialized.
23/09/2024 09:16:06 INFO: --- Summary ---
23/09/2024 09:16:06 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
User: admin
Password: mOA8g1m.l58y4L59RUr3yVSokay*RzI7
23/09/2024 09:16:06 INFO: Installation finished. Logs in wazuh-install.log[root@ip-172-31-41-102 ec2-user]# cat /var/log/wazuh-install.log
23/09/2024 09:13:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 09:13:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 09:13:01 INFO: Checking installed dependencies for Offline installation.
23/09/2024 09:13:24 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 09:13:24 INFO: Wazuh web interface port will be 443.
23/09/2024 09:13:24 INFO: Checking prerequisites for Offline installation.
23/09/2024 09:13:25 INFO: Checking wazuh-offline.tar.gz file.
23/09/2024 09:13:26 INFO: --- Wazuh dashboard ----
23/09/2024 09:13:26 INFO: Starting Wazuh dashboard installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.9.1-1 ########################################
23/09/2024 09:15:40 INFO: Wazuh dashboard installation finished.
23/09/2024 09:15:40 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 09:15:40 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
23/09/2024 09:15:41 INFO: wazuh-dashboard service started.
23/09/2024 09:16:05 INFO: Initializing Wazuh dashboard web application.
23/09/2024 09:16:06 INFO: Wazuh dashboard web application initialized.
23/09/2024 09:16:06 INFO: Installation finished. |
Installed packages 🟢Amazon Linux 2023 🟢[root@ip-172-31-42-84 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64 Mon Sep 23 08:24:29 2024
filebeat-7.10.2-1.x86_64 Mon Sep 23 08:21:33 2024
wazuh-manager-4.9.1-1.x86_64 Mon Sep 23 08:20:33 2024
wazuh-indexer-4.9.1-1.x86_64 Mon Sep 23 08:18:51 2024
gpg-pubkey-29111145-591cd381 Mon Sep 23 08:17:57 2024 Ubuntu 22 🟢root@ip-172-31-42-212:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-09-23 08:20:02 install wazuh-indexer:amd64 <none> 4.9.1-1
2024-09-23 08:21:18 install wazuh-manager:amd64 <none> 4.9.1-1
2024-09-23 08:23:23 install filebeat:amd64 <none> 7.10.2
2024-09-23 08:23:54 install wazuh-dashboard:amd64 <none> 4.9.1-1 RHEL 9 🟢[root@ip-172-31-34-143 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64 Mon 23 Sep 2024 08:25:11 AM UTC
filebeat-7.10.2-1.x86_64 Mon 23 Sep 2024 08:22:14 AM UTC
wazuh-manager-4.9.1-1.x86_64 Mon 23 Sep 2024 08:21:07 AM UTC
wazuh-indexer-4.9.1-1.x86_64 Mon 23 Sep 2024 08:19:31 AM UTC
gpg-pubkey-29111145-591cd381 Mon 23 Sep 2024 08:18:37 AM UTC Amazon Linux 2023 - Offline 🟢[root@ip-172-31-41-102 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64 Mon Sep 23 09:15:35 2024
filebeat-7.10.2-1.x86_64 Mon Sep 23 09:11:45 2024
wazuh-manager-4.9.1-1.x86_64 Mon Sep 23 09:10:52 2024
wazuh-indexer-4.9.1-1.x86_64 Mon Sep 23 09:04:16 2024
gpg-pubkey-29111145-591cd381 Mon Sep 23 09:04:00 2024 |
Wazuh Indexer logs 🟡Amazon Linux 2023 🟡Agent status[root@ip-172-31-42-84 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:19:29 UTC; 1h 25min ago
Docs: https://documentation.wazuh.com
Main PID: 4962 (java)
Tasks: 74 (limit: 9373)
Memory: 1.3G
CPU: 2min 50.792s
CGroup: /system.slice/wazuh-indexer.service
└─4962 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60>
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager has >
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: Please consider reporting this >
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager will>
Sep 23 08:19:07 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: Sep 23, 2024 8:19:07 AM sun.util.locale.>
Sep 23 08:19:07 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: COMPAT locale provider will be >
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: A terminally deprecated method >
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager has >
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: Please consider reporting this >
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager will>
Sep 23 08:19:29 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. Service status[root@ip-172-31-42-84 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Sep 23 08:19:02 ip-172-31-42-84.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 3992.
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 23 08:19:06 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:19:07 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: Sep 23, 2024 8:19:07 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Sep 23 08:19:07 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: COMPAT locale provider will be removed in a future release
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Sep 23 08:19:08 ip-172-31-42-84.ec2.internal systemd-entrypoint[4962]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:19:29 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 3992. Errors🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment) [root@ip-172-31-42-84 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-09-23T08:19:08,898][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-09-23T08:19:19,846][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC
[2024-09-23T08:19:22,352][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-23T08:19:22,404][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-23T08:19:22,406][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-09-23T08:19:24,146][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-09-23T08:19:24,820][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,824][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,825][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,836][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,836][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,836][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,837][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,837][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,878][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,878][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:24,878][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:19:26,707][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-09-23T08:19:29,320][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-09-23T08:19:29,646][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T08:19:29,884][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:19:30,390][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,396][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,398][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,400][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:30,401][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:19:34,863][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:19:38,002][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-09-23T08:19:39,846][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:19:44,837][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:19:49,847][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:19:54,840][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:25:41,440][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:54378
[2024-09-23T08:25:45,166][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:25:46,148][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60706
[2024-09-23T08:25:49,114][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60706
[2024-09-23T08:25:50,176][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:25:52,964][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:60706
[2024-09-23T08:25:55,177][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) Ubuntu 22 🟡Agent statusroot@ip-172-31-42-212:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-09-23 08:20:58 UTC; 1h 36min ago
Docs: https://documentation.wazuh.com
Main PID: 5547 (java)
Tasks: 67 (limit: 9425)
Memory: 1.3G
CPU: 2min 19.677s
CGroup: /system.slice/wazuh-indexer.service
└─5547 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60>
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager has been called >
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: Please consider reporting this to the maint>
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager will be removed >
Sep 23 08:20:38 ip-172-31-42-212 systemd-entrypoint[5547]: Sep 23, 2024 8:20:38 AM sun.util.locale.provider.Loc>
Sep 23 08:20:38 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: COMPAT locale provider will be removed in a>
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: A terminally deprecated method in java.lang>
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager has been called >
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: Please consider reporting this to the maint>
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager will be removed >
Sep 23 08:20:58 ip-172-31-42-212 systemd[1]: Started wazuh-indexer. Service statusroot@ip-172-31-42-212:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager
Sep 23 08:20:33 ip-172-31-42-212 systemd[1]: Starting wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 2750.
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 23 08:20:36 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:20:38 ip-172-31-42-212 systemd-entrypoint[5547]: Sep 23, 2024 8:20:38 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Sep 23 08:20:38 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: COMPAT locale provider will be removed in a future release
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Sep 23 08:20:39 ip-172-31-42-212 systemd-entrypoint[5547]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:20:58 ip-172-31-42-212 systemd[1]: Started wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 2750. Errors🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment) root@ip-172-31-42-212:/home/ubuntu# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-09-23T08:20:39,159][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true]
[2024-09-23T08:20:51,591][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-23T08:20:51,639][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-23T08:20:51,641][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-09-23T08:20:53,351][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-09-23T08:20:55,847][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-09-23T08:20:58,509][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-09-23T08:20:58,961][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T08:20:59,598][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,599][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,599][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,600][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,600][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,600][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,600][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,601][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,601][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:59,601][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:21:08,863][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-09-23T08:27:57,593][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:38588
[2024-09-23T08:28:03,779][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:56578
[2024-09-23T08:28:06,100][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:56578
[2024-09-23T08:28:10,168][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:56578 RHEL 9 🟡Agent status[root@ip-172-31-34-143 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:20:08 UTC; 1h 47min ago
Docs: https://documentation.wazuh.com
Main PID: 14950 (java)
Tasks: 73 (limit: 48194)
Memory: 1.3G
CPU: 2min 49.930s
CGroup: /system.slice/wazuh-indexer.service
└─14950 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=6>
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager ha>
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: Please consider reporting thi>
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager wi>
Sep 23 08:19:48 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: Sep 23, 2024 8:19:47 AM sun.util.local>
Sep 23 08:19:48 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: COMPAT locale provider will b>
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: A terminally deprecated metho>
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager ha>
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: Please consider reporting thi>
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager wi>
Sep 23 08:20:08 ip-172-31-34-143.ec2.internal systemd[1]: Started wazuh-indexer. Service status[root@ip-172-31-34-143 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Sep 23 08:19:44 ip-172-31-34-143.ec2.internal systemd[1]: Starting wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 3244.
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 23 08:19:46 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:19:48 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: Sep 23, 2024 8:19:47 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Sep 23 08:19:48 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: COMPAT locale provider will be removed in a future release
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Sep 23 08:19:49 ip-172-31-34-143.ec2.internal systemd-entrypoint[14950]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 08:20:08 ip-172-31-34-143.ec2.internal systemd[1]: Started wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 3244. Errors🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment) [root@ip-172-31-34-143 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-09-23T08:19:49,118][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-09-23T08:19:59,478][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC
[2024-09-23T08:20:01,466][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-23T08:20:01,509][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-23T08:20:01,511][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-09-23T08:20:03,128][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-09-23T08:20:04,467][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,477][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,478][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,479][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,486][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,512][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,512][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,516][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,517][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,517][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:04,517][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T08:20:05,590][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-09-23T08:20:08,089][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-09-23T08:20:08,473][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T08:20:09,159][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,171][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,171][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,174][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,174][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,175][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,175][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,175][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,175][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,187][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T08:20:09,558][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:14,479][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:17,604][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-09-23T08:20:19,464][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:24,466][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:29,466][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:34,473][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:39,468][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:44,469][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:20:49,469][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T08:28:15,343][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:52708 Amazon Linux 2023 - Offline 🟡Agent status[root@ip-172-31-41-102 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 09:04:50 UTC; 1h 12min ago
Docs: https://documentation.wazuh.com
Main PID: 4532 (java)
Tasks: 71 (limit: 9373)
Memory: 1.3G
CPU: 2min 36.235s
CGroup: /system.slice/wazuh-indexer.service
└─4532 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60>
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager has>
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: Please consider reporting this>
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager wil>
Sep 23 09:04:30 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: Sep 23, 2024 9:04:30 AM sun.util.locale>
Sep 23 09:04:30 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: COMPAT locale provider will be>
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: A terminally deprecated method>
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager has>
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: Please consider reporting this>
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager wil>
Sep 23 09:04:50 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer. Service status[root@ip-172-31-41-102 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Sep 23 09:04:26 ip-172-31-41-102.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 4069.
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Sep 23 09:04:29 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 09:04:30 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: Sep 23, 2024 9:04:30 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Sep 23 09:04:30 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: COMPAT locale provider will be removed in a future release
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: A terminally deprecated method in java.lang.System has been called
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Sep 23 09:04:31 ip-172-31-41-102.ec2.internal systemd-entrypoint[4532]: WARNING: System::setSecurityManager will be removed in a future release
Sep 23 09:04:50 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 4069. Errors🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment) [root@ip-172-31-41-102 ec2-user]# cat /var/log/wazuh-indexer/wazuh-indexer-cluster.log | grep -i -E "error|warn"
[2024-09-23T09:04:31,306][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-09-23T09:04:41,568][ERROR][o.o.p.c.j.GCMetrics ] [node-1] MX bean missing: G1 Concurrent GC
[2024-09-23T09:04:43,745][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-09-23T09:04:43,795][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-09-23T09:04:43,797][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-09-23T09:04:45,385][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-09-23T09:04:46,558][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,562][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,563][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,563][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,564][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,605][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,605][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,605][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,606][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,606][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,606][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,607][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:46,607][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-09-23T09:04:47,681][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-09-23T09:04:50,207][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-09-23T09:04:50,675][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T09:04:51,285][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,285][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,285][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,285][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:04:51,672][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:04:56,545][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:01,555][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:04,292][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,292][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,292][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:04,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:06,546][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:11,548][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:12,088][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T09:05:16,567][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:17,304][WARN ][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] No data for internalusers while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:17,305][WARN ][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] No data for actiongroups while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:17,614][WARN ][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] No data for tenants while retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-09-23T09:05:18,622][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-09-23T09:05:18,724][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T09:05:21,551][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:23,773][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T09:05:26,561][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:28,826][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-09-23T09:05:31,552][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:36,553][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:41,555][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:46,556][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-09-23T09:05:51,658][WARN ][o.o.p.c.u.JsonConverter ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"]) |
Wazuh Manager logs 🟡Amazon Linux 2023 🟡Agent status[root@ip-172-31-42-84 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:25:43 UTC; 2h 8min ago
Tasks: 153 (limit: 9373)
Memory: 1.9G
CPU: 7min 49.347s
CGroup: /system.slice/wazuh-manager.service
├─ 9833 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─ 9834 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─ 9837 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─ 9840 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─ 9884 /var/ossec/bin/wazuh-authd
├─ 9900 /var/ossec/bin/wazuh-db
├─ 9926 /var/ossec/bin/wazuh-execd
├─ 9942 /var/ossec/bin/wazuh-analysisd
├─ 9955 /var/ossec/bin/wazuh-syscheckd
├─10003 /var/ossec/bin/wazuh-remoted
├─10038 /var/ossec/bin/wazuh-logcollector
├─10059 /var/ossec/bin/wazuh-monitord
└─10080 /var/ossec/bin/wazuh-modulesd
Sep 23 08:25:35 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-analysisd...
Sep 23 08:25:37 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-syscheckd...
Sep 23 08:25:38 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-remoted...
Sep 23 08:25:39 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-logcollector... Service status[root@ip-172-31-42-84 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Sep 23 08:21:09 ip-172-31-42-84.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4291.
Sep 23 08:21:12 ip-172-31-42-84.ec2.internal env[6636]: 2024/09/23 08:21:12 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:21:12 ip-172-31-42-84.ec2.internal env[6636]: 2024/09/23 08:21:12 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:21:13 ip-172-31-42-84.ec2.internal env[6603]: Starting Wazuh v4.9.1...
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-apid...
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-csyslogd...
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-dbd...
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6685]: 2024/09/23 08:21:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-integratord...
Sep 23 08:21:17 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-agentlessd...
Sep 23 08:21:18 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-authd...
Sep 23 08:21:19 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-db...
Sep 23 08:21:20 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-execd...
Sep 23 08:21:21 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-analysisd...
Sep 23 08:21:22 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-syscheckd...
Sep 23 08:21:24 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-remoted...
Sep 23 08:21:25 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-logcollector...
Sep 23 08:21:26 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-monitord...
Sep 23 08:21:26 ip-172-31-42-84.ec2.internal env[6908]: 2024/09/23 08:21:26 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:21:26 ip-172-31-42-84.ec2.internal env[6908]: 2024/09/23 08:21:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:21:27 ip-172-31-42-84.ec2.internal env[6603]: Started wazuh-modulesd...
Sep 23 08:21:29 ip-172-31-42-84.ec2.internal env[6603]: Completed.
Sep 23 08:21:29 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 4291.
Sep 23 08:25:14 ip-172-31-42-84.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4820.
Sep 23 08:25:14 ip-172-31-42-84.ec2.internal env[9520]: wazuh-clusterd not running...
Sep 23 08:25:14 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-modulesd...
Sep 23 08:25:20 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-monitord...
Sep 23 08:25:20 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-logcollector...
Sep 23 08:25:20 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-remoted...
Sep 23 08:25:20 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-syscheckd...
Sep 23 08:25:21 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-analysisd...
Sep 23 08:25:21 ip-172-31-42-84.ec2.internal env[9520]: wazuh-maild not running...
Sep 23 08:25:21 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-execd...
Sep 23 08:25:21 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-db...
Sep 23 08:25:22 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-authd...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: wazuh-agentlessd not running...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: wazuh-integratord not running...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: wazuh-dbd not running...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: wazuh-csyslogd not running...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: Killing wazuh-apid...
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal env[9520]: Wazuh v4.9.1 Stopped
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 4820 and the job result is done.
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal systemd[1]: wazuh-manager.service: Consumed 2min 38.086s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Sep 23 08:25:23 ip-172-31-42-84.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4820.
Sep 23 08:25:26 ip-172-31-42-84.ec2.internal env[9804]: 2024/09/23 08:25:26 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:25:26 ip-172-31-42-84.ec2.internal env[9804]: 2024/09/23 08:25:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:25:27 ip-172-31-42-84.ec2.internal env[9771]: Starting Wazuh v4.9.1...
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-apid...
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-csyslogd...
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-dbd...
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9862]: 2024/09/23 08:25:31 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-integratord...
Sep 23 08:25:31 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-agentlessd...
Sep 23 08:25:32 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-authd...
Sep 23 08:25:33 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-db...
Sep 23 08:25:34 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-execd...
Sep 23 08:25:35 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-analysisd...
Sep 23 08:25:37 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-syscheckd...
Sep 23 08:25:38 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-remoted...
Sep 23 08:25:39 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-logcollector...
Sep 23 08:25:40 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-monitord...
Sep 23 08:25:40 ip-172-31-42-84.ec2.internal env[10076]: 2024/09/23 08:25:40 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:25:40 ip-172-31-42-84.ec2.internal env[10076]: 2024/09/23 08:25:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:25:41 ip-172-31-42-84.ec2.internal env[9771]: Started wazuh-modulesd...
Sep 23 08:25:43 ip-172-31-42-84.ec2.internal env[9771]: Completed.
Sep 23 08:25:43 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 4820. Errors🟡 [root@ip-172-31-42-84 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/09/23 08:21:26 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-42-84.ec2.internal', retrying until the connection is successful.
2024/09/23 08:25:41 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-42-84.ec2.internal', retrying until the connection is successful. Ubuntu 22 🟡Agent statusroot@ip-172-31-42-212:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-09-23 08:27:59 UTC; 2h 8min ago
Tasks: 153 (limit: 9425)
Memory: 1.8G
CPU: 7min 33.648s
CGroup: /system.slice/wazuh-manager.service
├─58006 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─58007 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─58010 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─58013 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─58055 /var/ossec/bin/wazuh-authd
├─58071 /var/ossec/bin/wazuh-db
├─58096 /var/ossec/bin/wazuh-execd
├─58110 /var/ossec/bin/wazuh-analysisd
├─58123 /var/ossec/bin/wazuh-syscheckd
├─58170 /var/ossec/bin/wazuh-remoted
├─58204 /var/ossec/bin/wazuh-logcollector
├─58223 /var/ossec/bin/wazuh-monitord
└─58246 /var/ossec/bin/wazuh-modulesd
Sep 23 08:27:52 ip-172-31-42-212 env[57944]: Started wazuh-analysisd...
Sep 23 08:27:53 ip-172-31-42-212 env[57944]: Started wazuh-syscheckd...
Sep 23 08:27:54 ip-172-31-42-212 env[57944]: Started wazuh-remoted...
Sep 23 08:27:55 ip-172-31-42-212 env[57944]: Started wazuh-logcollector... Service statusroot@ip-172-31-42-212:/home/ubuntu# journalctl -xe -u wazuh-manager.service --no-pager
Sep 23 08:22:57 ip-172-31-42-212 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3012.
Sep 23 08:23:02 ip-172-31-42-212 env[54621]: 2024/09/23 08:23:02 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:23:02 ip-172-31-42-212 env[54621]: 2024/09/23 08:23:02 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:23:03 ip-172-31-42-212 env[54588]: Starting Wazuh v4.9.1...
Sep 23 08:23:08 ip-172-31-42-212 env[54588]: Started wazuh-apid...
Sep 23 08:23:08 ip-172-31-42-212 env[54588]: Started wazuh-csyslogd...
Sep 23 08:23:08 ip-172-31-42-212 env[54588]: Started wazuh-dbd...
Sep 23 08:23:08 ip-172-31-42-212 env[54669]: 2024/09/23 08:23:08 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:23:08 ip-172-31-42-212 env[54588]: Started wazuh-integratord...
Sep 23 08:23:08 ip-172-31-42-212 env[54588]: Started wazuh-agentlessd...
Sep 23 08:23:09 ip-172-31-42-212 env[54588]: Started wazuh-authd...
Sep 23 08:23:10 ip-172-31-42-212 env[54588]: Started wazuh-db...
Sep 23 08:23:11 ip-172-31-42-212 env[54588]: Started wazuh-execd...
Sep 23 08:23:12 ip-172-31-42-212 env[54588]: Started wazuh-analysisd...
Sep 23 08:23:14 ip-172-31-42-212 env[54588]: Started wazuh-syscheckd...
Sep 23 08:23:15 ip-172-31-42-212 env[54588]: Started wazuh-remoted...
Sep 23 08:23:16 ip-172-31-42-212 env[54588]: Started wazuh-logcollector...
Sep 23 08:23:17 ip-172-31-42-212 env[54588]: Started wazuh-monitord...
Sep 23 08:23:17 ip-172-31-42-212 env[54886]: 2024/09/23 08:23:17 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:23:17 ip-172-31-42-212 env[54886]: 2024/09/23 08:23:17 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:23:18 ip-172-31-42-212 env[54588]: Started wazuh-modulesd...
Sep 23 08:23:20 ip-172-31-42-212 env[54588]: Completed.
Sep 23 08:23:20 ip-172-31-42-212 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 3012.
Sep 23 08:27:32 ip-172-31-42-212 systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4234.
Sep 23 08:27:32 ip-172-31-42-212 env[57705]: wazuh-clusterd not running...
Sep 23 08:27:32 ip-172-31-42-212 env[57705]: Killing wazuh-modulesd...
Sep 23 08:27:37 ip-172-31-42-212 env[57705]: Killing wazuh-monitord...
Sep 23 08:27:37 ip-172-31-42-212 env[57705]: Killing wazuh-logcollector...
Sep 23 08:27:37 ip-172-31-42-212 env[57705]: Killing wazuh-remoted...
Sep 23 08:27:37 ip-172-31-42-212 env[57705]: Killing wazuh-syscheckd...
Sep 23 08:27:38 ip-172-31-42-212 env[57705]: Killing wazuh-analysisd...
Sep 23 08:27:38 ip-172-31-42-212 env[57705]: wazuh-maild not running...
Sep 23 08:27:38 ip-172-31-42-212 env[57705]: Killing wazuh-execd...
Sep 23 08:27:38 ip-172-31-42-212 env[57705]: Killing wazuh-db...
Sep 23 08:27:39 ip-172-31-42-212 env[57705]: Killing wazuh-authd...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: wazuh-agentlessd not running...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: wazuh-integratord not running...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: wazuh-dbd not running...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: wazuh-csyslogd not running...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: Killing wazuh-apid...
Sep 23 08:27:40 ip-172-31-42-212 env[57705]: Wazuh v4.9.1 Stopped
Sep 23 08:27:40 ip-172-31-42-212 systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Sep 23 08:27:40 ip-172-31-42-212 systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 4234 and the job result is done.
Sep 23 08:27:40 ip-172-31-42-212 systemd[1]: wazuh-manager.service: Consumed 2min 34.706s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Sep 23 08:27:40 ip-172-31-42-212 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4234.
Sep 23 08:27:43 ip-172-31-42-212 env[57977]: 2024/09/23 08:27:43 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:27:43 ip-172-31-42-212 env[57977]: 2024/09/23 08:27:43 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:27:44 ip-172-31-42-212 env[57944]: Starting Wazuh v4.9.1...
Sep 23 08:27:47 ip-172-31-42-212 env[57944]: Started wazuh-apid...
Sep 23 08:27:47 ip-172-31-42-212 env[57944]: Started wazuh-csyslogd...
Sep 23 08:27:48 ip-172-31-42-212 env[57944]: Started wazuh-dbd...
Sep 23 08:27:48 ip-172-31-42-212 env[58033]: 2024/09/23 08:27:48 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:27:48 ip-172-31-42-212 env[57944]: Started wazuh-integratord...
Sep 23 08:27:48 ip-172-31-42-212 env[57944]: Started wazuh-agentlessd...
Sep 23 08:27:49 ip-172-31-42-212 env[57944]: Started wazuh-authd...
Sep 23 08:27:50 ip-172-31-42-212 env[57944]: Started wazuh-db...
Sep 23 08:27:51 ip-172-31-42-212 env[57944]: Started wazuh-execd...
Sep 23 08:27:52 ip-172-31-42-212 env[57944]: Started wazuh-analysisd...
Sep 23 08:27:53 ip-172-31-42-212 env[57944]: Started wazuh-syscheckd...
Sep 23 08:27:54 ip-172-31-42-212 env[57944]: Started wazuh-remoted...
Sep 23 08:27:55 ip-172-31-42-212 env[57944]: Started wazuh-logcollector...
Sep 23 08:27:56 ip-172-31-42-212 env[57944]: Started wazuh-monitord...
Sep 23 08:27:56 ip-172-31-42-212 env[58243]: 2024/09/23 08:27:56 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:27:56 ip-172-31-42-212 env[58243]: 2024/09/23 08:27:56 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:27:57 ip-172-31-42-212 env[57944]: Started wazuh-modulesd...
Sep 23 08:27:59 ip-172-31-42-212 env[57944]: Completed.
Sep 23 08:27:59 ip-172-31-42-212 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 4234. Errors🟡 root@ip-172-31-42-212:/home/ubuntu# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/09/23 08:23:17 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-42-212', retrying until the connection is successful.
2024/09/23 08:27:57 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-42-212', retrying until the connection is successful. RHEL 9 🟡Agent status[root@ip-172-31-34-143 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:28:17 UTC; 2h 17min ago
Tasks: 153 (limit: 48194)
Memory: 2.6G
CPU: 7min 9.218s
CGroup: /system.slice/wazuh-manager.service
├─19559 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─19560 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─19563 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─19566 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─19609 /var/ossec/bin/wazuh-authd
├─19627 /var/ossec/bin/wazuh-db
├─19652 /var/ossec/bin/wazuh-execd
├─19667 /var/ossec/bin/wazuh-analysisd
├─19680 /var/ossec/bin/wazuh-syscheckd
├─19729 /var/ossec/bin/wazuh-remoted
├─19764 /var/ossec/bin/wazuh-logcollector
├─19784 /var/ossec/bin/wazuh-monitord
└─19805 /var/ossec/bin/wazuh-modulesd
Sep 23 08:28:09 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-analysisd...
Sep 23 08:28:11 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-syscheckd...
Sep 23 08:28:12 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-remoted...
Sep 23 08:28:13 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-logcollector... Service status[root@ip-172-31-34-143 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Sep 23 08:21:48 ip-172-31-34-143.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3420.
Sep 23 08:21:51 ip-172-31-34-143.ec2.internal env[16513]: 2024/09/23 08:21:51 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:21:51 ip-172-31-34-143.ec2.internal env[16513]: 2024/09/23 08:21:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:21:53 ip-172-31-34-143.ec2.internal env[16480]: Starting Wazuh v4.9.1...
Sep 23 08:21:56 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-apid...
Sep 23 08:21:56 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-csyslogd...
Sep 23 08:21:56 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-dbd...
Sep 23 08:21:57 ip-172-31-34-143.ec2.internal env[16562]: 2024/09/23 08:21:56 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:21:57 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-integratord...
Sep 23 08:21:57 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-agentlessd...
Sep 23 08:21:58 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-authd...
Sep 23 08:21:59 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-db...
Sep 23 08:22:00 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-execd...
Sep 23 08:22:01 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-analysisd...
Sep 23 08:22:02 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-syscheckd...
Sep 23 08:22:03 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-remoted...
Sep 23 08:22:04 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-logcollector...
Sep 23 08:22:05 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-monitord...
Sep 23 08:22:05 ip-172-31-34-143.ec2.internal env[16785]: 2024/09/23 08:22:05 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:22:05 ip-172-31-34-143.ec2.internal env[16785]: 2024/09/23 08:22:05 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:22:06 ip-172-31-34-143.ec2.internal env[16480]: Started wazuh-modulesd...
Sep 23 08:22:08 ip-172-31-34-143.ec2.internal env[16480]: Completed.
Sep 23 08:22:08 ip-172-31-34-143.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 3420.
Sep 23 08:27:48 ip-172-31-34-143.ec2.internal systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3863.
Sep 23 08:27:48 ip-172-31-34-143.ec2.internal env[19254]: wazuh-clusterd not running...
Sep 23 08:27:48 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-modulesd...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-monitord...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-logcollector...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-remoted...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-syscheckd...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-analysisd...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: wazuh-maild not running...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-execd...
Sep 23 08:27:54 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-db...
Sep 23 08:27:55 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-authd...
Sep 23 08:27:56 ip-172-31-34-143.ec2.internal env[19254]: wazuh-agentlessd not running...
Sep 23 08:27:56 ip-172-31-34-143.ec2.internal env[19254]: wazuh-integratord not running...
Sep 23 08:27:56 ip-172-31-34-143.ec2.internal env[19254]: wazuh-dbd not running...
Sep 23 08:27:56 ip-172-31-34-143.ec2.internal env[19254]: wazuh-csyslogd not running...
Sep 23 08:27:56 ip-172-31-34-143.ec2.internal env[19254]: Killing wazuh-apid...
Sep 23 08:27:57 ip-172-31-34-143.ec2.internal env[19254]: Wazuh v4.9.1 Stopped
Sep 23 08:27:57 ip-172-31-34-143.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Sep 23 08:27:57 ip-172-31-34-143.ec2.internal systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 3863 and the job result is done.
Sep 23 08:27:57 ip-172-31-34-143.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 54.285s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Sep 23 08:27:57 ip-172-31-34-143.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3863.
Sep 23 08:28:00 ip-172-31-34-143.ec2.internal env[19530]: 2024/09/23 08:28:00 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:28:00 ip-172-31-34-143.ec2.internal env[19530]: 2024/09/23 08:28:00 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:28:01 ip-172-31-34-143.ec2.internal env[19497]: Starting Wazuh v4.9.1...
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-apid...
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-csyslogd...
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-dbd...
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19588]: 2024/09/23 08:28:05 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-integratord...
Sep 23 08:28:05 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-agentlessd...
Sep 23 08:28:06 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-authd...
Sep 23 08:28:07 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-db...
Sep 23 08:28:08 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-execd...
Sep 23 08:28:09 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-analysisd...
Sep 23 08:28:11 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-syscheckd...
Sep 23 08:28:12 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-remoted...
Sep 23 08:28:13 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-logcollector...
Sep 23 08:28:14 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-monitord...
Sep 23 08:28:14 ip-172-31-34-143.ec2.internal env[19802]: 2024/09/23 08:28:14 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 08:28:14 ip-172-31-34-143.ec2.internal env[19802]: 2024/09/23 08:28:14 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 08:28:15 ip-172-31-34-143.ec2.internal env[19497]: Started wazuh-modulesd...
Sep 23 08:28:17 ip-172-31-34-143.ec2.internal env[19497]: Completed.
Sep 23 08:28:17 ip-172-31-34-143.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 3863. Errors🟡 [root@ip-172-31-34-143 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/09/23 08:22:06 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-34-143.ec2.internal', retrying until the connection is successful.
2024/09/23 08:28:15 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-34-143.ec2.internal', retrying until the connection is successful. Amazon Linux 2023 - Offline 🟡Agent status[root@ip-172-31-41-102 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 09:12:18 UTC; 1h 34min ago
Tasks: 153 (limit: 9373)
Memory: 2.7G
CPU: 2min 45.420s
CGroup: /system.slice/wazuh-manager.service
├─8602 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─8603 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─8606 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─8609 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─8653 /var/ossec/bin/wazuh-authd
├─8669 /var/ossec/bin/wazuh-db
├─8696 /var/ossec/bin/wazuh-execd
├─8710 /var/ossec/bin/wazuh-analysisd
├─8723 /var/ossec/bin/wazuh-syscheckd
├─8772 /var/ossec/bin/wazuh-remoted
├─8807 /var/ossec/bin/wazuh-logcollector
├─8827 /var/ossec/bin/wazuh-monitord
└─8848 /var/ossec/bin/wazuh-modulesd
Sep 23 09:12:10 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-analysisd...
Sep 23 09:12:12 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-syscheckd...
Sep 23 09:12:13 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-remoted...
Sep 23 09:12:14 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-logcollector... Service status[root@ip-172-31-41-102 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Sep 23 09:11:25 ip-172-31-41-102.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4516.
Sep 23 09:11:28 ip-172-31-41-102.ec2.internal env[7453]: 2024/09/23 09:11:28 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 09:11:28 ip-172-31-41-102.ec2.internal env[7453]: 2024/09/23 09:11:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 09:11:29 ip-172-31-41-102.ec2.internal env[7420]: Starting Wazuh v4.9.1...
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-apid...
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-csyslogd...
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-dbd...
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7502]: 2024/09/23 09:11:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-integratord...
Sep 23 09:11:32 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-agentlessd...
Sep 23 09:11:33 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-authd...
Sep 23 09:11:34 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-db...
Sep 23 09:11:35 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-execd...
Sep 23 09:11:36 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-analysisd...
Sep 23 09:11:37 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-syscheckd...
Sep 23 09:11:38 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-remoted...
Sep 23 09:11:40 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-logcollector...
Sep 23 09:11:41 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-monitord...
Sep 23 09:11:41 ip-172-31-41-102.ec2.internal env[7725]: 2024/09/23 09:11:41 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 09:11:41 ip-172-31-41-102.ec2.internal env[7725]: 2024/09/23 09:11:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 09:11:42 ip-172-31-41-102.ec2.internal env[7420]: Started wazuh-modulesd...
Sep 23 09:11:44 ip-172-31-41-102.ec2.internal env[7420]: Completed.
Sep 23 09:11:44 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 4516.
Sep 23 09:11:55 ip-172-31-41-102.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4746.
Sep 23 09:11:55 ip-172-31-41-102.ec2.internal env[8393]: wazuh-clusterd not running...
Sep 23 09:11:55 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-modulesd...
Sep 23 09:11:55 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-monitord...
Sep 23 09:11:55 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-logcollector...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-remoted...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-syscheckd...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-analysisd...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: wazuh-maild not running...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-execd...
Sep 23 09:11:56 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-db...
Sep 23 09:11:57 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-authd...
Sep 23 09:11:58 ip-172-31-41-102.ec2.internal env[8393]: wazuh-agentlessd not running...
Sep 23 09:11:58 ip-172-31-41-102.ec2.internal env[8393]: wazuh-integratord not running...
Sep 23 09:11:58 ip-172-31-41-102.ec2.internal env[8393]: wazuh-dbd not running...
Sep 23 09:11:58 ip-172-31-41-102.ec2.internal env[8393]: wazuh-csyslogd not running...
Sep 23 09:11:58 ip-172-31-41-102.ec2.internal env[8393]: Killing wazuh-apid...
Sep 23 09:11:59 ip-172-31-41-102.ec2.internal env[8393]: Wazuh v4.9.1 Stopped
Sep 23 09:11:59 ip-172-31-41-102.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Sep 23 09:11:59 ip-172-31-41-102.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 4746 and the job result is done.
Sep 23 09:11:59 ip-172-31-41-102.ec2.internal systemd[1]: wazuh-manager.service: Consumed 40.371s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Sep 23 09:11:59 ip-172-31-41-102.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 4746.
Sep 23 09:12:01 ip-172-31-41-102.ec2.internal env[8573]: 2024/09/23 09:12:01 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 09:12:01 ip-172-31-41-102.ec2.internal env[8573]: 2024/09/23 09:12:01 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 09:12:03 ip-172-31-41-102.ec2.internal env[8537]: Starting Wazuh v4.9.1...
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-apid...
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-csyslogd...
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-dbd...
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8631]: 2024/09/23 09:12:06 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-integratord...
Sep 23 09:12:06 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-agentlessd...
Sep 23 09:12:07 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-authd...
Sep 23 09:12:08 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-db...
Sep 23 09:12:09 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-execd...
Sep 23 09:12:10 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-analysisd...
Sep 23 09:12:12 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-syscheckd...
Sep 23 09:12:13 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-remoted...
Sep 23 09:12:14 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-logcollector...
Sep 23 09:12:15 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-monitord...
Sep 23 09:12:15 ip-172-31-41-102.ec2.internal env[8845]: 2024/09/23 09:12:15 wazuh-modulesd:router: INFO: Loaded router module.
Sep 23 09:12:15 ip-172-31-41-102.ec2.internal env[8845]: 2024/09/23 09:12:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Sep 23 09:12:16 ip-172-31-41-102.ec2.internal env[8537]: Started wazuh-modulesd...
Sep 23 09:12:18 ip-172-31-41-102.ec2.internal env[8537]: Completed.
Sep 23 09:12:18 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 4746. Errors🟡 [root@ip-172-31-41-102 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/09/23 09:11:41 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-41-102.ec2.internal', retrying until the connection is successful.
2024/09/23 09:19:01 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Timeout was reached.
2024/09/23 10:23:27 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Timeout was reached. |
Wazuh Dashboard logs 🟢Amazon Linux 2023 🟢Agent status[root@ip-172-31-42-84 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:25:46 UTC; 3h 14min ago
Main PID: 10601 (node)
Tasks: 11 (limit: 9373)
Memory: 177.4M
CPU: 31.420s
CGroup: /system.slice/wazuh-dashboard.service
└─10601 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Sep 23 10:00:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 10:15:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 10:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 10:40:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"202>
Sep 23 10:40:09 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"202>
Sep 23 10:45:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 10:51:53 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"202>
Sep 23 11:00:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 11:15:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09->
Sep 23 11:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-> Service status[root@ip-172-31-42-84 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
Sep 23 08:24:37 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 4595.
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:58Z","tags":["info","plugins-service"],"pid":8897,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:58Z","tags":["info","plugins-service"],"pid":8897,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:58Z","tags":["info","plugins-service"],"pid":8897,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:58Z","tags":["info","plugins-service"],"pid":8897,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:58Z","tags":["info","plugins-service"],"pid":8897,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:24:58 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:24:59 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:24:59Z","tags":["info","plugins-system"],"pid":8897,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:24:59 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:24:59 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:25:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:01Z","tags":["info","savedobjects-service"],"pid":8897,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:25:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:02Z","tags":["info","savedobjects-service"],"pid":8897,"message":"Starting saved objects migrations"}
Sep 23 08:25:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:02Z","tags":["info","savedobjects-service"],"pid":8897,"message":"Creating index .kibana_1."}
Sep 23 08:25:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:03Z","tags":["info","savedobjects-service"],"pid":8897,"message":"Pointing alias .kibana to .kibana_1."}
Sep 23 08:25:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:03Z","tags":["info","savedobjects-service"],"pid":8897,"message":"Finished in 707ms."}
Sep 23 08:25:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:03Z","tags":["warning","cross-compatibility-service"],"pid":8897,"message":"Starting cross compatibility service"}
Sep 23 08:25:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:03Z","tags":["info","plugins-system"],"pid":8897,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:25:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:03Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":8897,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Sep 23 08:25:05 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:05Z","tags":["info","plugins","wazuh","initialize"],"pid":8897,"message":"dashboard index: .kibana"}
Sep 23 08:25:05 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:05Z","tags":["info","plugins","wazuh","initialize"],"pid":8897,"message":"App revision: 01"}
Sep 23 08:25:05 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:05Z","tags":["info","plugins","wazuh","initialize"],"pid":8897,"message":"Total RAM: 7834MB"}
Sep 23 08:25:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:06Z","tags":["error","opensearch","data"],"pid":8897,"message":"[ResponseError]: Response Error"}
Sep 23 08:25:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:06Z","tags":["error","opensearch","data"],"pid":8897,"message":"[ResponseError]: Response Error"}
Sep 23 08:25:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:06Z","tags":["info","plugins","wazuh","monitoring"],"pid":8897,"message":"Updated the wazuh-agent template"}
Sep 23 08:25:07 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:07Z","tags":["listening","info"],"pid":8897,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:25:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:08Z","tags":["info","http","server","OpenSearchDashboards"],"pid":8897,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:25:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:08Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":8897,"message":"Updated the wazuh-statistics template"}
Sep 23 08:25:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:08Z","tags":["info","plugins","wazuh","monitoring"],"pid":8897,"message":"wazuh-monitoring-2024.39w index created"}
Sep 23 08:25:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:08Z","tags":["info","plugins","wazuh","monitoring"],"pid":8897,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 4898.
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal opensearch-dashboards[8897]: {"type":"log","@timestamp":"2024-09-23T08:25:46Z","tags":["info","plugins-system"],"pid":8897,"message":"Stopping all plugins."}
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 4898 and the job result is done.
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 13.548s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Sep 23 08:25:46 ip-172-31-42-84.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 4898.
Sep 23 08:26:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:01Z","tags":["info","plugins-service"],"pid":10601,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:26:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:01Z","tags":["info","plugins-service"],"pid":10601,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:26:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:01Z","tags":["info","plugins-service"],"pid":10601,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:26:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:01Z","tags":["info","plugins-service"],"pid":10601,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:26:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:01Z","tags":["info","plugins-service"],"pid":10601,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:26:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:02Z","tags":["info","plugins-system"],"pid":10601,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:26:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:03Z","tags":["info","savedobjects-service"],"pid":10601,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:26:04 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:04Z","tags":["info","savedobjects-service"],"pid":10601,"message":"Starting saved objects migrations"}
Sep 23 08:26:04 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:04Z","tags":["warning","cross-compatibility-service"],"pid":10601,"message":"Starting cross compatibility service"}
Sep 23 08:26:04 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:04Z","tags":["info","plugins-system"],"pid":10601,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["info","plugins","wazuh","initialize"],"pid":10601,"message":"dashboard index: .kibana"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["info","plugins","wazuh","initialize"],"pid":10601,"message":"App revision: 01"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["info","plugins","wazuh","initialize"],"pid":10601,"message":"Total RAM: 7834MB"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Updated the wazuh-agent template"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":10601,"message":"Updated the wazuh-statistics template"}
Sep 23 08:26:06 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:06Z","tags":["listening","info"],"pid":10601,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:26:07 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:07Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10601,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:26:07 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:26:07Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:26:20 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:26:21 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"2024-09-23T08:26:20Z","tags":[],"pid":10601,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":1048,"contentLength":9},"message":"GET /status 200 1048ms - 9.0B"}
Sep 23 08:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["error","opensearch","data"],"pid":10601,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.39w/uNr4smY5RdidODuLsgCqpg] already exists"}
Sep 23 08:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":10601,"message":"wazuh-statistics-2024.39w index created"}
Sep 23 08:45:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T08:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:45:40 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"error","@timestamp":"2024-09-23T08:45:40Z","tags":["connection","client","error"],"pid":10601,"level":"error","error":{"message":"0028AEE4297F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0028AEE4297F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"0028AEE4297F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 08:45:40 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"error","@timestamp":"2024-09-23T08:45:40Z","tags":["connection","client","error"],"pid":10601,"level":"error","error":{"message":"0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 08:45:40 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"error","@timestamp":"2024-09-23T08:45:40Z","tags":["connection","client","error"],"pid":10601,"level":"error","error":{"message":"0028AEE4297F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 0028AEE4297F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0028AEE4297F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Sep 23 08:45:40 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"error","@timestamp":"2024-09-23T08:45:40Z","tags":["connection","client","error"],"pid":10601,"level":"error","error":{"message":"0028AEE4297F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","name":"Error","stack":"Error: 0028AEE4297F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","code":"ERR_SSL_UNKNOWN_PROTOCOL"},"message":"0028AEE4297F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n"}
Sep 23 08:45:40 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"error","@timestamp":"2024-09-23T08:45:40Z","tags":["connection","client","error"],"pid":10601,"level":"error","error":{"message":"0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0028AEE4297F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 09:00:03 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T09:00:03Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:15:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T09:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T09:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:45:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:00:02 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T10:00:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:15:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T10:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:40:08 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"2024-09-23T10:40:08Z","tags":[],"pid":10601,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"75.101.239.143:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]","accept-encoding":"gzip"},"remoteAddress":"162.216.150.125","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]"},"res":{"statusCode":302,"responseTime":16,"contentLength":9},"message":"GET / 302 16ms - 9.0B"}
Sep 23 10:40:09 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"2024-09-23T10:40:08Z","tags":[],"pid":10601,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"75.101.239.143:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]","accept-encoding":"gzip"},"remoteAddress":"162.216.150.125","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]"},"res":{"statusCode":200,"responseTime":46,"contentLength":9},"message":"GET /app/login 200 46ms - 9.0B"}
Sep 23 10:45:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:51:53 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"response","@timestamp":"2024-09-23T10:51:53Z","tags":[],"pid":10601,"method":"get","statusCode":401,"req":{"url":"/autodiscover/autodiscover.json?%40zdi%2FPowershell=","method":"get","headers":{"host":"75.101.239.143","user-agent":"Mozilla/5.0 zgrab/0.x","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"172.168.41.162","userAgent":"Mozilla/5.0 zgrab/0.x"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /autodiscover/autodiscover.json?%40zdi%2FPowershell= 401 5ms - 9.0B"}
Sep 23 11:00:01 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T11:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:15:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:30:00 ip-172-31-42-84.ec2.internal opensearch-dashboards[10601]: {"type":"log","@timestamp":"2024-09-23T11:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10601,"message":"Settings added to wazuh-monitoring-2024.39w index"} Ubuntu 22 🟢Agent statusroot@ip-172-31-42-212:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-09-23 08:28:02 UTC; 3h 12min ago
Main PID: 58877 (node)
Tasks: 11 (limit: 9425)
Memory: 192.1M
CPU: 32.921s
CGroup: /system.slice/wazuh-dashboard.service
└─58877 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:0>
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:0>
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:0>
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:3>
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:3>
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:0>
Sep 23 11:15:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T11:15:00Z>
Sep 23 11:28:30 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:2>
Sep 23 11:29:14 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:2>
Sep 23 11:30:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T11:30:00Z> Service statusroot@ip-172-31-42-212:/home/ubuntu# journalctl -xe -u wazuh-dashboard.service --no-pager
Sep 23 08:26:54 ip-172-31-42-212 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 3886.
Sep 23 08:27:13 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:13Z","tags":["info","plugins-service"],"pid":57116,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:27:13 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:13Z","tags":["info","plugins-service"],"pid":57116,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:27:13 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:13Z","tags":["info","plugins-service"],"pid":57116,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:27:13 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:13Z","tags":["info","plugins-service"],"pid":57116,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:27:13 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:13Z","tags":["info","plugins-service"],"pid":57116,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:27:14 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:14 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:14Z","tags":["info","plugins-system"],"pid":57116,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:15 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:16 ip-172-31-42-212 opensearch-dashboards[57116]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:16 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:16Z","tags":["info","savedobjects-service"],"pid":57116,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:27:17 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:17Z","tags":["info","savedobjects-service"],"pid":57116,"message":"Starting saved objects migrations"}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:17Z","tags":["info","savedobjects-service"],"pid":57116,"message":"Creating index .kibana_1."}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:18Z","tags":["info","savedobjects-service"],"pid":57116,"message":"Pointing alias .kibana to .kibana_1."}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:18Z","tags":["info","savedobjects-service"],"pid":57116,"message":"Finished in 676ms."}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:18Z","tags":["warning","cross-compatibility-service"],"pid":57116,"message":"Starting cross compatibility service"}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:18Z","tags":["info","plugins-system"],"pid":57116,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:27:18 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:18Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":57116,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["info","plugins","wazuh","initialize"],"pid":57116,"message":"dashboard index: .kibana"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["info","plugins","wazuh","initialize"],"pid":57116,"message":"App revision: 01"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["info","plugins","wazuh","initialize"],"pid":57116,"message":"Total RAM: 7870MB"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["error","opensearch","data"],"pid":57116,"message":"[ResponseError]: Response Error"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["error","opensearch","data"],"pid":57116,"message":"[ResponseError]: Response Error"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["info","plugins","wazuh","monitoring"],"pid":57116,"message":"Updated the wazuh-agent template"}
Sep 23 08:27:21 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:21Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":57116,"message":"Updated the wazuh-statistics template"}
Sep 23 08:27:22 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:22Z","tags":["listening","info"],"pid":57116,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:27:23 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:23Z","tags":["info","http","server","OpenSearchDashboards"],"pid":57116,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:27:23 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:23Z","tags":["info","plugins","wazuh","monitoring"],"pid":57116,"message":"wazuh-monitoring-2024.39w index created"}
Sep 23 08:27:23 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:27:23Z","tags":["info","plugins","wazuh","monitoring"],"pid":57116,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:28:02 ip-172-31-42-212 systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 4408.
Sep 23 08:28:02 ip-172-31-42-212 opensearch-dashboards[57116]: {"type":"log","@timestamp":"2024-09-23T08:28:02Z","tags":["info","plugins-system"],"pid":57116,"message":"Stopping all plugins."}
Sep 23 08:28:02 ip-172-31-42-212 systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Sep 23 08:28:02 ip-172-31-42-212 systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 4408 and the job result is done.
Sep 23 08:28:02 ip-172-31-42-212 systemd[1]: wazuh-dashboard.service: Consumed 13.890s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Sep 23 08:28:02 ip-172-31-42-212 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 4408.
Sep 23 08:28:17 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:17Z","tags":["info","plugins-service"],"pid":58877,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:28:17 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:17Z","tags":["info","plugins-service"],"pid":58877,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:28:17 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:17Z","tags":["info","plugins-service"],"pid":58877,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:28:17 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:17Z","tags":["info","plugins-service"],"pid":58877,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:28:17 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:17Z","tags":["info","plugins-service"],"pid":58877,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:28:18 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:18 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:18Z","tags":["info","plugins-system"],"pid":58877,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:28:18 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:18 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:19 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:19Z","tags":["info","savedobjects-service"],"pid":58877,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:28:20 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:20Z","tags":["info","savedobjects-service"],"pid":58877,"message":"Starting saved objects migrations"}
Sep 23 08:28:20 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:20Z","tags":["warning","cross-compatibility-service"],"pid":58877,"message":"Starting cross compatibility service"}
Sep 23 08:28:20 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:20Z","tags":["info","plugins-system"],"pid":58877,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:28:21 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:21Z","tags":["info","plugins","wazuh","initialize"],"pid":58877,"message":"dashboard index: .kibana"}
Sep 23 08:28:21 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:21Z","tags":["info","plugins","wazuh","initialize"],"pid":58877,"message":"App revision: 01"}
Sep 23 08:28:21 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:21Z","tags":["info","plugins","wazuh","initialize"],"pid":58877,"message":"Total RAM: 7870MB"}
Sep 23 08:28:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:22Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58877,"message":"Updated the wazuh-statistics template"}
Sep 23 08:28:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:22Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Updated the wazuh-agent template"}
Sep 23 08:28:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:22Z","tags":["listening","info"],"pid":58877,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:28:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:22Z","tags":["info","http","server","OpenSearchDashboards"],"pid":58877,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:28:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:28:22Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:28:36 ip-172-31-42-212 opensearch-dashboards[58877]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T08:28:36Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.81.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.81.0"},"res":{"statusCode":200,"responseTime":727,"contentLength":9},"message":"GET /status 200 727ms - 9.0B"}
Sep 23 08:30:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["error","opensearch","data"],"pid":58877,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.39w/-o0luiXHTaWVpdnEg7w5XA] already exists"}
Sep 23 08:30:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:30:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58877,"message":"wazuh-statistics-2024.39w index created"}
Sep 23 08:45:02 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T08:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:00:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T09:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:15:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T09:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:45:02 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T09:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:00:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T10:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:15:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T10:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:30:01 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T10:30:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:45:02 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T10:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:00:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:09:13 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:12Z","tags":[],"pid":58877,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"3.81.234.62:443"},"remoteAddress":"206.168.34.32"},"res":{"statusCode":302,"responseTime":15,"contentLength":9},"message":"GET / 302 15ms - 9.0B"}
Sep 23 11:09:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:22Z","tags":[],"pid":58877,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}
Sep 23 11:09:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:22Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"}
Sep 23 11:09:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:22Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"}
Sep 23 11:09:22 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:22Z","tags":["warning","process"],"pid":58877,"level":"error","error":{"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.","name":"Warning","stack":"Warning: An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event.\n at warnUnclosedSocket (node:_http_server:855:11)\n at TLSSocket.socketOnError (node:_http_server:869:5)\n at onParserExecuteCommon (node:_http_server:904:19)\n at onParserExecute (node:_http_server:825:3)"},"message":"An error event has already been emitted on the socket. Please use the destroy method on the socket while handling a 'clientError' event."}
Sep 23 11:09:24 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:24Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 11:09:26 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:26Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0088458AED7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 11:09:27 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:27Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"0088458AED7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0088458AED7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"0088458AED7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:34Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"GET /app/login 200 38ms - 9.0B"}
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:34Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 11ms - 9.0B"}
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:34Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 4ms - 9.0B"}
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:34Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 4ms - 9.0B"}
Sep 23 11:09:34 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:34Z","tags":[],"pid":58877,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 6ms - 9.0B"}
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:35Z","tags":[],"pid":58877,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip","connection":"close"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /favicon.ico 401 3ms - 9.0B"}
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:35Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"}
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"error","@timestamp":"2024-09-23T11:09:35Z","tags":["connection","client","error"],"pid":58877,"level":"error","error":{"message":"Parse Error: Pause on PRI/Upgrade","name":"Error","stack":"Error: Parse Error: Pause on PRI/Upgrade","code":"HPE_PAUSED_H2_UPGRADE"},"message":"Parse Error: Pause on PRI/Upgrade"}
Sep 23 11:09:35 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:09:35Z","tags":[],"pid":58877,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"3.81.234.62:443","user-agent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)","accept-encoding":"gzip"},"remoteAddress":"206.168.34.32","userAgent":"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}
Sep 23 11:15:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:28:30 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:28:30Z","tags":[],"pid":58877,"method":"get","statusCode":401,"req":{"url":"/autodiscover/autodiscover.json?%40zdi%2FPowershell=","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 zgrab/0.x","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"4.151.228.179","userAgent":"Mozilla/5.0 zgrab/0.x"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /autodiscover/autodiscover.json?%40zdi%2FPowershell= 401 6ms - 9.0B"}
Sep 23 11:29:14 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"response","@timestamp":"2024-09-23T11:29:14Z","tags":[],"pid":58877,"method":"get","statusCode":401,"req":{"url":"/.git/config","method":"get","headers":{"host":"3.81.234.62","user-agent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A6010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"154.216.17.66","userAgent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A6010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /.git/config 401 3ms - 9.0B"}
Sep 23 11:30:00 ip-172-31-42-212 opensearch-dashboards[58877]: {"type":"log","@timestamp":"2024-09-23T11:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58877,"message":"Settings added to wazuh-monitoring-2024.39w index"} RHEL 9 🟢Agent status[root@ip-172-31-34-143 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 08:28:20 UTC; 3h 13min ago
Main PID: 20383 (node)
Tasks: 11 (limit: 48194)
Memory: 197.4M
CPU: 30.947s
CGroup: /system.slice/wazuh-dashboard.service
└─20383 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Sep 23 11:00:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09>
Sep 23 11:04:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:15:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09>
Sep 23 11:20:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:20:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:20:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:20:42 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:20:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:20:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"20>
Sep 23 11:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09> Service status[root@ip-172-31-34-143 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
Sep 23 08:27:10 ip-172-31-34-143.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 3687.
Sep 23 08:27:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:33Z","tags":["info","plugins-service"],"pid":18680,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:27:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:33Z","tags":["info","plugins-service"],"pid":18680,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:27:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:33Z","tags":["info","plugins-service"],"pid":18680,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:27:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:33Z","tags":["info","plugins-service"],"pid":18680,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:27:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:33Z","tags":["info","plugins-service"],"pid":18680,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:27:34 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:34 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:34Z","tags":["info","plugins-system"],"pid":18680,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:27:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:27:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:36Z","tags":["info","savedobjects-service"],"pid":18680,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:27:38 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:38Z","tags":["info","savedobjects-service"],"pid":18680,"message":"Starting saved objects migrations"}
Sep 23 08:27:38 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:38Z","tags":["info","savedobjects-service"],"pid":18680,"message":"Creating index .kibana_1."}
Sep 23 08:27:39 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:39Z","tags":["info","savedobjects-service"],"pid":18680,"message":"Pointing alias .kibana to .kibana_1."}
Sep 23 08:27:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:40Z","tags":["info","savedobjects-service"],"pid":18680,"message":"Finished in 1694ms."}
Sep 23 08:27:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:40Z","tags":["warning","cross-compatibility-service"],"pid":18680,"message":"Starting cross compatibility service"}
Sep 23 08:27:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:40Z","tags":["info","plugins-system"],"pid":18680,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:27:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:40Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":18680,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Sep 23 08:27:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:43Z","tags":["info","plugins","wazuh","initialize"],"pid":18680,"message":"dashboard index: .kibana"}
Sep 23 08:27:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:43Z","tags":["info","plugins","wazuh","initialize"],"pid":18680,"message":"App revision: 01"}
Sep 23 08:27:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:43Z","tags":["info","plugins","wazuh","initialize"],"pid":18680,"message":"Total RAM: 7609MB"}
Sep 23 08:27:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:43Z","tags":["error","opensearch","data"],"pid":18680,"message":"[ResponseError]: Response Error"}
Sep 23 08:27:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:43Z","tags":["error","opensearch","data"],"pid":18680,"message":"[ResponseError]: Response Error"}
Sep 23 08:27:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:44Z","tags":["info","plugins","wazuh","monitoring"],"pid":18680,"message":"Updated the wazuh-agent template"}
Sep 23 08:27:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:44Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":18680,"message":"Updated the wazuh-statistics template"}
Sep 23 08:27:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:44Z","tags":["listening","info"],"pid":18680,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:27:46 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:46Z","tags":["info","http","server","OpenSearchDashboards"],"pid":18680,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:27:47 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:47Z","tags":["info","plugins","wazuh","monitoring"],"pid":18680,"message":"wazuh-monitoring-2024.39w index created"}
Sep 23 08:27:47 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:27:47Z","tags":["info","plugins","wazuh","monitoring"],"pid":18680,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 3954.
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal opensearch-dashboards[18680]: {"type":"log","@timestamp":"2024-09-23T08:28:20Z","tags":["info","plugins-system"],"pid":18680,"message":"Stopping all plugins."}
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 3954 and the job result is done.
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 15.148s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Sep 23 08:28:20 ip-172-31-34-143.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 3954.
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:36Z","tags":["info","plugins-service"],"pid":20383,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:36Z","tags":["info","plugins-service"],"pid":20383,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:36Z","tags":["info","plugins-service"],"pid":20383,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:36Z","tags":["info","plugins-service"],"pid":20383,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:36Z","tags":["info","plugins-service"],"pid":20383,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 08:28:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:37Z","tags":["info","plugins-system"],"pid":20383,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:38 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:38Z","tags":["info","savedobjects-service"],"pid":20383,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 08:28:38 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:38Z","tags":["info","savedobjects-service"],"pid":20383,"message":"Starting saved objects migrations"}
Sep 23 08:28:39 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:39Z","tags":["warning","cross-compatibility-service"],"pid":20383,"message":"Starting cross compatibility service"}
Sep 23 08:28:39 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:39Z","tags":["info","plugins-system"],"pid":20383,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 08:28:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:40Z","tags":["info","plugins","wazuh","initialize"],"pid":20383,"message":"dashboard index: .kibana"}
Sep 23 08:28:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:40Z","tags":["info","plugins","wazuh","initialize"],"pid":20383,"message":"App revision: 01"}
Sep 23 08:28:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:40Z","tags":["info","plugins","wazuh","initialize"],"pid":20383,"message":"Total RAM: 7609MB"}
Sep 23 08:28:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:40Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20383,"message":"Updated the wazuh-statistics template"}
Sep 23 08:28:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:41Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Updated the wazuh-agent template"}
Sep 23 08:28:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:41Z","tags":["listening","info"],"pid":20383,"message":"Server running at https://0.0.0.0:443"}
Sep 23 08:28:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:41Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20383,"message":"http server running at https://0.0.0.0:443"}
Sep 23 08:28:42 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:28:42Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:28:55 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 08:28:56 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:28:55Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.76.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.76.1"},"res":{"statusCode":200,"responseTime":656,"contentLength":9},"message":"GET /status 200 656ms - 9.0B"}
Sep 23 08:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["error","opensearch","data"],"pid":20383,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.39w/57L5NrJNQP-ZtQWTPyEi5g] already exists"}
Sep 23 08:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:30:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20383,"message":"wazuh-statistics-2024.39w index created"}
Sep 23 08:38:50 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:50Z","tags":[],"pid":20383,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.161","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":302,"responseTime":7,"contentLength":9},"message":"GET / 302 7ms - 9.0B"}
Sep 23 08:38:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:51Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","accept":"*/*","referer":"https://54.165.28.29","accept-encoding":"gzip","connection":"close"},"remoteAddress":"87.236.176.161","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","referer":"https://54.165.28.29"},"res":{"statusCode":200,"responseTime":46,"contentLength":9},"message":"GET /app/login 200 46ms - 9.0B"}
Sep 23 08:38:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:51Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.22","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 38ms - 9.0B"}
Sep 23 08:38:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:51Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.84","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 49ms - 9.0B"}
Sep 23 08:38:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:51Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.125","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 35ms - 9.0B"}
Sep 23 08:38:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:38:51Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.52","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 34ms - 9.0B"}
Sep 23 08:39:57 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"error","@timestamp":"2024-09-23T08:39:57Z","tags":["connection","client","error"],"pid":20383,"level":"error","error":{"message":"0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Sep 23 08:41:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"error","@timestamp":"2024-09-23T08:41:37Z","tags":["connection","client","error"],"pid":20383,"level":"error","error":{"message":"0038C5AECC7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 0038C5AECC7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"0038C5AECC7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 08:43:16 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"error","@timestamp":"2024-09-23T08:43:16Z","tags":["connection","client","error"],"pid":20383,"level":"error","error":{"message":"0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"0038C5AECC7F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"}
Sep 23 08:43:49 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"error","@timestamp":"2024-09-23T08:43:49Z","tags":["connection","client","error"],"pid":20383,"level":"error","error":{"message":"0038C5AECC7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 0038C5AECC7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"0038C5AECC7F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"}
Sep 23 08:45:02 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T08:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 08:55:42 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T08:55:42Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/.git/config","method":"get","headers":{"host":"54.165.28.29","user-agent":"Opera/10.61 (J2ME/MIDP; Opera Mini/5.1.21219/19.999; en-US; rv:1.9.3a5) WebKit/534.5 Presto/2.6.30","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"186.2.171.38","userAgent":"Opera/10.61 (J2ME/MIDP; Opera Mini/5.1.21219/19.999; en-US; rv:1.9.3a5) WebKit/534.5 Presto/2.6.30"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /.git/config 401 4ms - 9.0B"}
Sep 23 09:00:01 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T09:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:15:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T09:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:16:27 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T09:16:27Z","tags":[],"pid":20383,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.165.28.29:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]","accept-encoding":"gzip"},"remoteAddress":"35.203.210.9","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]"},"res":{"statusCode":302,"responseTime":7,"contentLength":9},"message":"GET / 302 7ms - 9.0B"}
Sep 23 09:16:27 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T09:16:27Z","tags":[],"pid":20383,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.165.28.29:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]","accept-encoding":"gzip"},"remoteAddress":"35.203.210.9","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: [email protected]"},"res":{"statusCode":200,"responseTime":45,"contentLength":9},"message":"GET /app/login 200 45ms - 9.0B"}
Sep 23 09:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T09:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:45:02 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T09:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:00:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T10:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:08:34 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:34Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":15,"contentLength":9},"message":"POST /bin/sh 404 15ms - 9.0B"}
Sep 23 10:08:34 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:34Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh 404 2ms - 9.0B"}
Sep 23 10:08:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:35Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput=","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"application/x-www-form-urlencoded","content-length":"225"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":3,"contentLength":9},"message":"POST /hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput= 404 3ms - 9.0B"}
Sep 23 10:08:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:35Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 4ms - 9.0B"}
Sep 23 10:08:37 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:37Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:38 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:38Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":7,"contentLength":9},"message":"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php 401 7ms - 9.0B"}
Sep 23 10:08:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:40Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /vendor/phpunit/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:08:42 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:42Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/LICENSE/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:43Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:44Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:46 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:46Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/phpunit/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /phpunit/phpunit/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:48 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:48Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:49 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:49Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /phpunit/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:08:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:51Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:52 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:52Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/lib/phpunit/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:08:54 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:54Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/lib/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /lib/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:08:56 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:55Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/lib/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /lib/phpunit/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:08:57 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:57Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 4ms - 9.0B"}
Sep 23 10:08:59 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:08:59Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:01 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:01Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:02 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:02Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:04 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:04Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 4ms - 9.0B"}
Sep 23 10:09:06 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:06Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:08 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:08Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:09 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:09Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:11 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:11Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 5ms - 9.0B"}
Sep 23 10:09:12 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:12Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:09:14 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:14Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:15 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:15Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:09:17 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:17Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 4ms - 9.0B"}
Sep 23 10:09:18 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:18Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 5ms - 9.0B"}
Sep 23 10:09:20 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:20Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:21 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:21Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:23 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:23Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:25 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:25Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 10:09:26 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:26Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:28 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:28Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:30 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:30Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 1ms - 9.0B"}
Sep 23 10:09:31 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:31Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 10:09:33 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:33Z","tags":[],"pid":20383,"method":"get","statusCode":302,"req":{"url":"/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 302 2ms - 9.0B"}
Sep 23 10:09:34 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:34Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/index.php?s=%2Findex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=Hello","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /index.php?s=%2Findex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=Hello 401 2ms - 9.0B"}
Sep 23 10:09:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:35Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/public/index.php?s=%2Findex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=Hello","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /public/index.php?s=%2Findex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=Hello 401 2ms - 9.0B"}
Sep 23 10:09:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:36Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/index.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fusr%2Flocal%2Flib%2Fphp%2Fpearcmd&%20config-create%20%2F=&%2F%3C%3Fecho%28md5%28%22hi%22%29%29%3B%3F%3E%20%2Ftmp%2Findex1.php=","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /index.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fusr%2Flocal%2Flib%2Fphp%2Fpearcmd&%20config-create%20%2F=&%2F%3C%3Fecho%28md5%28%22hi%22%29%29%3B%3F%3E%20%2Ftmp%2Findex1.php= 401 2ms - 9.0B"}
Sep 23 10:09:36 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T10:09:36Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/index.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Ftmp%2Findex1","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive"},"remoteAddress":"84.247.146.45","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /index.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Ftmp%2Findex1 401 2ms - 9.0B"}
Sep 23 10:15:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T10:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:45:01 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T10:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:00:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:04:35 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:04:35Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/autodiscover/autodiscover.json?%40zdi%2FPowershell=","method":"get","headers":{"host":"54.165.28.29","user-agent":"Mozilla/5.0 zgrab/0.x","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"172.168.41.107","userAgent":"Mozilla/5.0 zgrab/0.x"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /autodiscover/autodiscover.json?%40zdi%2FPowershell= 401 5ms - 9.0B"}
Sep 23 11:15:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T11:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:20:40 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:40Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /bin/sh 404 2ms - 9.0B"}
Sep 23 11:20:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:41Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":1,"contentLength":9},"message":"POST /cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh 404 1ms - 9.0B"}
Sep 23 11:20:41 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:41Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput=","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"application/x-www-form-urlencoded","content-length":"225"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput= 404 2ms - 9.0B"}
Sep 23 11:20:42 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:42Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 4ms - 9.0B"}
Sep 23 11:20:43 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:43Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php 401 2ms - 9.0B"}
Sep 23 11:20:44 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:20:44Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"8.213.208.72","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"}
Sep 23 11:30:00 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"log","@timestamp":"2024-09-23T11:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20383,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:42:50 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:42:50Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"8.219.216.114","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /bin/sh 404 2ms - 9.0B"}
Sep 23 11:42:51 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:42:51Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"105"},"remoteAddress":"8.219.216.114","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh 404 2ms - 9.0B"}
Sep 23 11:42:52 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:42:52Z","tags":[],"pid":20383,"method":"post","statusCode":404,"req":{"url":"/hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput=","method":"post","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"application/x-www-form-urlencoded","content-length":"225"},"remoteAddress":"8.219.216.114","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":404,"responseTime":2,"contentLength":9},"message":"POST /hello.world?%EF%BF%BDd%20allow_url_include%3D1%20%EF%BF%BDd%20auto_prepend_file%3Dphp%3A%2F%2Finput= 404 2ms - 9.0B"}
Sep 23 11:42:52 ip-172-31-34-143.ec2.internal opensearch-dashboards[20383]: {"type":"response","@timestamp":"2024-09-23T11:42:52Z","tags":[],"pid":20383,"method":"get","statusCode":401,"req":{"url":"/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php","method":"get","headers":{"host":"54.165.28.29:443","accept":"*/*","upgrade-insecure-requests":"1","user-agent":"Custom-AsyncHttpClient","connection":"keep-alive","content-type":"text/plain","content-length":"33"},"remoteAddress":"8.219.216.114","userAgent":"Custom-AsyncHttpClient"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 401 3ms - 9.0B"} Amazon Linux 2023 - Offline 🟢Agent status[root@ip-172-31-41-102 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-09-23 09:15:45 UTC; 2h 29min ago
Main PID: 11181 (node)
Tasks: 11 (limit: 9373)
Memory: 188.8M
CPU: 26.873s
CGroup: /system.slice/wazuh-dashboard.service
└─11181 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Sep 23 11:13:50 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"20>
Sep 23 11:15:02 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09>
Sep 23 11:17:51 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"20>
Sep 23 11:24:44 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"20>
Sep 23 11:25:20 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024->
Sep 23 11:25:27 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024->
Sep 23 11:25:31 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024->
Sep 23 11:25:32 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024->
Sep 23 11:30:02 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09>
Sep 23 11:45:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09> Service status[root@ip-172-31-41-102 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
Sep 23 09:15:41 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 5050.
Sep 23 09:15:45 ip-172-31-41-102.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 5123.
Sep 23 09:15:45 ip-172-31-41-102.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Sep 23 09:15:45 ip-172-31-41-102.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 5123 and the job result is done.
Sep 23 09:15:45 ip-172-31-41-102.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 2.752s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Sep 23 09:15:45 ip-172-31-41-102.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 5123.
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-service"],"pid":11181,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-service"],"pid":11181,"message":"Plugin \"applicationConfig\" is disabled."}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-service"],"pid":11181,"message":"Plugin \"cspHandler\" is disabled."}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-service"],"pid":11181,"message":"Plugin \"dataSource\" is disabled."}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-service"],"pid":11181,"message":"Plugin \"visTypeXy\" is disabled."}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:53Z","tags":["info","plugins-system"],"pid":11181,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:53 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:54 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:15:54 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:54Z","tags":["info","savedobjects-service"],"pid":11181,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Sep 23 09:15:54 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:54Z","tags":["info","savedobjects-service"],"pid":11181,"message":"Starting saved objects migrations"}
Sep 23 09:15:54 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:54Z","tags":["info","savedobjects-service"],"pid":11181,"message":"Creating index .kibana_1."}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","savedobjects-service"],"pid":11181,"message":"Pointing alias .kibana to .kibana_1."}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","savedobjects-service"],"pid":11181,"message":"Finished in 209ms."}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["warning","cross-compatibility-service"],"pid":11181,"message":"Starting cross compatibility service"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins-system"],"pid":11181,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":11181,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11181,"message":"dashboard index: .kibana"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11181,"message":"App revision: 01"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins","wazuh","initialize"],"pid":11181,"message":"Total RAM: 7834MB"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["error","opensearch","data"],"pid":11181,"message":"[ResponseError]: Response Error"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["error","opensearch","data"],"pid":11181,"message":"[ResponseError]: Response Error"}
Sep 23 09:15:55 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:55Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":11181,"message":"Updated the wazuh-statistics template"}
Sep 23 09:15:56 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:56Z","tags":["listening","info"],"pid":11181,"message":"Server running at https://0.0.0.0:443"}
Sep 23 09:15:56 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:56Z","tags":["info","http","server","OpenSearchDashboards"],"pid":11181,"message":"http server running at https://0.0.0.0:443"}
Sep 23 09:15:56 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:56Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Updated the wazuh-agent template"}
Sep 23 09:15:57 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:15:57Z","tags":["error","plugins","wazuh","monitoring"],"pid":11181,"message":"Request failed with status code 401"}
Sep 23 09:16:05 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Sep 23 09:16:06 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T09:16:05Z","tags":[],"pid":11181,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"127.0.0.1","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":868,"contentLength":9},"message":"GET /status 200 868ms - 9.0B"}
Sep 23 09:20:01 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:20:01Z","tags":["error","opensearch","data"],"pid":11181,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.39w/R_Stu4aRRZKDNkiKXNr23w] already exists"}
Sep 23 09:20:01 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:20:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":11181,"message":"wazuh-statistics-2024.39w index created"}
Sep 23 09:30:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"wazuh-monitoring-2024.39w index created"}
Sep 23 09:30:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:45:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 09:49:05 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T09:49:05Z","tags":[],"pid":11181,"method":"get","statusCode":401,"req":{"url":"/.env","method":"get","headers":{"host":"54.80.247.150","user-agent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A6003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"91.92.249.4","userAgent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A6003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36"},"res":{"statusCode":401,"responseTime":9,"contentLength":9},"message":"GET /.env 401 9ms - 9.0B"}
Sep 23 10:00:01 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T10:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:15:01 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T10:15:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:30:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:45:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 10:57:43 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T10:57:43Z","tags":[],"pid":11181,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"user-agent":"curl/7.29.0","host":"54.80.247.150","accept":"*/*"},"remoteAddress":"165.154.120.253","userAgent":"curl/7.29.0"},"res":{"statusCode":302,"responseTime":7,"contentLength":9},"message":"GET / 302 7ms - 9.0B"}
Sep 23 10:57:47 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T10:57:47Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Sep 23 10:57:49 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T10:57:49Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 10:57:50 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T10:57:50Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"}
Sep 23 10:57:51 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T10:57:51Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"}
Sep 23 11:00:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:11:04 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T11:11:04Z","tags":[],"pid":11181,"method":"get","statusCode":401,"req":{"url":"/.git/config","method":"get","headers":{"host":"54.80.247.150","user-agent":"Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 635) like Gecko","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"186.2.171.38","userAgent":"Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 635) like Gecko"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /.git/config 401 3ms - 9.0B"}
Sep 23 11:13:50 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T11:13:50Z","tags":[],"pid":11181,"method":"get","statusCode":401,"req":{"url":"/.git/config","method":"get","headers":{"host":"54.80.247.150","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"186.2.171.38","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /.git/config 401 4ms - 9.0B"}
Sep 23 11:15:02 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T11:15:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:17:51 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T11:17:51Z","tags":[],"pid":11181,"method":"get","statusCode":401,"req":{"url":"/.git/config","method":"get","headers":{"host":"54.80.247.150","user-agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"186.2.171.38","userAgent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /.git/config 401 3ms - 9.0B"}
Sep 23 11:24:44 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"response","@timestamp":"2024-09-23T11:24:44Z","tags":[],"pid":11181,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.80.247.150","user-agent":"Mozilla/5.0 (Kubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"45.79.120.183","userAgent":"Mozilla/5.0 (Kubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}
Sep 23 11:25:20 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T11:25:20Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Sep 23 11:25:27 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T11:25:27Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"00F8EAA7907F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Sep 23 11:25:31 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T11:25:31Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"00F8EAA7907F0000:error:0A0000C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1762:\n"}
Sep 23 11:25:32 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"error","@timestamp":"2024-09-23T11:25:32Z","tags":["connection","client","error"],"pid":11181,"level":"error","error":{"message":"00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","name":"Error","stack":"Error: 00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"00F8EAA7907F0000:error:0A00006C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:646:\n"}
Sep 23 11:30:02 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T11:30:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"}
Sep 23 11:45:00 ip-172-31-41-102.ec2.internal opensearch-dashboards[11181]: {"type":"log","@timestamp":"2024-09-23T11:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":11181,"message":"Settings added to wazuh-monitoring-2024.39w index"} |
@CarlosALgit just to mention:
|
@davidcr01 the above-mentioned changes have been applied. |
LGTM! |
The related VMs were deleted. |
Installation assistant information
Description
Test installation assistant with the
-a
option in the following OSs:-dw
option (Offline installation)Checks
Checks legend:
Status legend:
⚫ - Pending/In progress
⚪ - Skipped
🔴 - Rejected
🟡 - Known issue
🟢 - Approved
Conclusion
Some issues were found and they were reported.
Auditor's validation
In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.
The text was updated successfully, but these errors were encountered: