Release 4.9.1 - RC4 - Installation assistant

[CarlosALgit]

Installation assistant information

Main release candidate issue	#26312
Version	4.9.1
Release candidate	RC4
Tag	https://github.com/wazuh/wazuh/tree/v4.9.1-rc4
Previous Installation assistant	#26194

---

Description

Test installation assistant with the -a option in the following OSs:

• Amazon Linux 2023.
• RHEL 9.
• Ubuntu 22.04.
• Test installation assistant with the -dw and -of option (Offline installation)

---

Checks

Status	OS	Check	Issues
🟢	AL2023	Installed packages
🟢	AL2023	Install logs
🟡	AL2023	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: wazuh/wazuh-indexer#71 - Known: opensearch-project/performance-analyzer#644 - Known: wazuh/wazuh-indexer#329
🟡	AL2023	Wazuh manager logs	Known: #25446
🟢	AL2023	Wazuh dashboard logs
🟢	AL2023	Wazuh dashboard
🟢	RHEL 9	Installed packages
🟢	RHEL 9	Install logs
🟡	RHEL 9	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: opensearch-project/performance-analyzer#644 - Known: wazuh/wazuh-indexer#329 - Known: wazuh/wazuh-indexer#71
🟡	RHEL 9	Wazuh manager logs	Known: #25446
🟢	RHEL 9	Wazuh dashboard logs
🟢	RHEL 9	Wazuh dashboard
🟢	Ubuntu 22.04	Installed packages
🟢	Ubuntu 22.04	Install logs
🟡	Ubuntu 22.04	Wazuh indexer logs	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 - Known: wazuh/wazuh-indexer#167 (comment)
🟡	Ubuntu 22.04	Wazuh manager logs	Known: #25446
🟢	Ubuntu 22.04	Wazuh dashboard logs
🟢	Ubuntu 22.04	Wazuh dashboard
🟢	AL2023	Installed packages - Offline
🟢	AL2023	Install logs - Offline
🟡	AL2023	Wazuh indexer logs - Offline	Known: wazuh/wazuh-packages#1511 (comment) - Known: wazuh/wazuh-indexer#167 (comment) - Known: opensearch-project/performance-analyzer#644 - Known: wazuh/wazuh-indexer#329 - Known: wazuh/wazuh-indexer#71
🟡	AL2023	Wazuh manager logs - Offline	Known: #25446
🟢	AL2023	Wazuh dashboard logs - Offline
🟢	AL2023	Wazuh dashboard - Offline

---

Checks legend:

• Installed packages: the installed packages must match the ones specified in the documentation. If additional packages are installed by the installation assistant, the reason must be justified.
• Install logs: check that there are no errors in the WIA logs.
• Wazuh indexer logs: check that there are no errors in the indexer logs.
• Wazuh manager logs: check that there are no errors in the manager logs.
• Wazuh dashboard logs: check that there are no errors in the dashboard logs.

---

Status legend:
⚫ - Pending/In progress
⚪ - Skipped
🔴 - Rejected
🟡 - Known issue
🟢 - Approved

---

Conclusion

Some issues were found and they were reported.

Auditor's validation

In order to close and proceed with the release or the next candidate version, the following auditors must give the green light to this RC.

• @wazuh/devel-qa-release
• @wazuh/devel-devops

[CarlosALgit]

Environment

Amazon Linux 2023

[root@ip-172-31-39-68 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.6.20241010"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

Ubuntu 22

root@ip-172-31-45-134:/home/ubuntu# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

RHEL 9

[root@ip-172-31-38-230 ec2-user]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"ellsession

Amazon Linux 2023 - Offline

[root@ip-172-31-47-133 ec2-user]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.6.20241010"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"

Proof of no internet connection

[root@ip-172-31-47-133 ec2-user]# ping google.com
PING google.com (142.250.31.102) 56(84) bytes of data.
^C
--- google.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2112ms

[CarlosALgit]

Install Logs

Amazon Linux 2023 🟢

Logs on the console:

[root@ip-172-31-39-68 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
16/10/2024 09:29:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:29:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:29:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:29:44 INFO: Wazuh web interface port will be 443.
16/10/2024 09:29:45 INFO: Wazuh development repository added.
16/10/2024 09:29:45 INFO: --- Configuration files ---
16/10/2024 09:29:45 INFO: Generating configuration files.
16/10/2024 09:29:45 INFO: Generating the root certificate.
16/10/2024 09:29:46 INFO: Generating Admin certificates.
16/10/2024 09:29:46 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:29:47 INFO: Generating Filebeat certificates.
16/10/2024 09:29:48 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:29:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:29:49 INFO: --- Wazuh indexer ---
16/10/2024 09:29:49 INFO: Starting Wazuh indexer installation.
16/10/2024 09:30:43 INFO: Wazuh indexer installation finished.
16/10/2024 09:30:43 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:30:43 INFO: Starting service wazuh-indexer.
16/10/2024 09:31:10 INFO: wazuh-indexer service started.
16/10/2024 09:31:10 INFO: Initializing Wazuh indexer cluster security settings.
16/10/2024 09:31:20 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:31:20 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:31:20 INFO: --- Wazuh server ---
16/10/2024 09:31:20 INFO: Starting the Wazuh manager installation.
16/10/2024 09:32:49 INFO: Wazuh manager installation finished.
16/10/2024 09:32:49 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 09:32:49 INFO: Starting service wazuh-manager.
16/10/2024 09:33:10 INFO: wazuh-manager service started.
16/10/2024 09:33:10 INFO: Starting Filebeat installation.
16/10/2024 09:33:17 INFO: Filebeat installation finished.
16/10/2024 09:33:18 INFO: Filebeat post-install configuration finished.
16/10/2024 09:33:18 INFO: Starting service filebeat.
16/10/2024 09:33:20 INFO: filebeat service started.
16/10/2024 09:33:20 INFO: --- Wazuh dashboard ---
16/10/2024 09:33:20 INFO: Starting Wazuh dashboard installation.
16/10/2024 09:36:08 INFO: Wazuh dashboard installation finished.
16/10/2024 09:36:08 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:36:08 INFO: Starting service wazuh-dashboard.
16/10/2024 09:36:09 INFO: wazuh-dashboard service started.
16/10/2024 09:36:09 INFO: Updating the internal users.
16/10/2024 09:36:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/10/2024 09:36:46 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
16/10/2024 09:37:38 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:37:38 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:37:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:38:09 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:38:09 INFO: --- Summary ---
16/10/2024 09:38:09 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: VtxpZaIVEGWoK3pE*4MZr0b0yYb3h*lX
16/10/2024 09:38:09 INFO: Installation finished.

Logs in wazuh-install.log:

[root@ip-172-31-39-68 ec2-user]# cat /var/log/wazuh-install.log
16/10/2024 09:29:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:29:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:29:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:29:44 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
16/10/2024 09:29:45 INFO: Wazuh development repository added.
16/10/2024 09:29:45 INFO: --- Configuration files ---
16/10/2024 09:29:45 INFO: Generating configuration files.
16/10/2024 09:29:45 INFO: Generating the root certificate.
16/10/2024 09:29:46 INFO: Generating Admin certificates.
16/10/2024 09:29:46 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:29:47 INFO: Generating Filebeat certificates.
16/10/2024 09:29:48 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:29:49 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:29:49 INFO: --- Wazuh indexer ---
16/10/2024 09:29:49 INFO: Starting Wazuh indexer installation.
EL-2023.6.20241010 - Wazuh 17 MB/s | 30 MB 00:01 Last metadata expiration check: 0:00:14 ago on Wed Oct 16 09:29:51 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.1-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.1-1.x86_64.rpm 108 MB/s | 813 MB 00:07 -------------------------------------------------------------------------------- Total 108 MB/s | 813 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 Installing : wazuh-indexer-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.1-1.x86_64 1/1 Installed: wazuh-indexer-4.9.1-1.x86_64 Complete!
16/10/2024 09:30:43 INFO: Wazuh indexer installation finished.
16/10/2024 09:30:43 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:30:43 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
16/10/2024 09:31:10 INFO: wazuh-indexer service started.
16/10/2024 09:31:10 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/10/2024 09:31:20 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:31:20 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:31:20 INFO: --- Wazuh server ---
16/10/2024 09:31:20 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:01:29 ago on Wed Oct 16 09:29:51 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.1-1 wazuh 314 M Transaction Summary ================================================================================ Install 1 Package Total download size: 314 M Installed size: 867 M Downloading Packages: wazuh-manager-4.9.1-1.x86_64.rpm 113 MB/s | 314 MB 00:02 -------------------------------------------------------------------------------- Total 112 MB/s | 314 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Installing : wazuh-manager-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Verifying : wazuh-manager-4.9.1-1.x86_64 1/1 Installed: wazuh-manager-4.9.1-1.x86_64 Complete!
16/10/2024 09:32:49 INFO: Wazuh manager installation finished.
16/10/2024 09:32:49 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 09:32:49 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
16/10/2024 09:33:10 INFO: wazuh-manager service started.
16/10/2024 09:33:10 INFO: Starting Filebeat installation.
Last metadata expiration check: 0:03:20 ago on Wed Oct 16 09:29:51 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 33 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 33 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed: filebeat-7.10.2-1.x86_64 Complete!
16/10/2024 09:33:17 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 09:33:18 INFO: Filebeat post-install configuration finished.
16/10/2024 09:33:18 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
16/10/2024 09:33:20 INFO: filebeat service started.
16/10/2024 09:33:20 INFO: --- Wazuh dashboard ---
16/10/2024 09:33:20 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:03:30 ago on Wed Oct 16 09:29:51 2024. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.1-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.1-1.x86_64.rpm 60 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 60 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.1-1.x86_64 1/1 Installed: wazuh-dashboard-4.9.1-1.x86_64 Complete!
16/10/2024 09:36:08 INFO: Wazuh dashboard installation finished.
16/10/2024 09:36:08 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:36:08 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/10/2024 09:36:09 INFO: wazuh-dashboard service started.
16/10/2024 09:36:09 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/10/2024 09:36:20 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 09:36:46 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/10/2024 09:37:38 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:37:38 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:37:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:38:09 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:38:09 INFO: Installation finished.

Ubuntu 22 🟢

Logs on the console:

root@ip-172-31-45-134:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
16/10/2024 09:29:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:29:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:30:18 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:30:18 INFO: Wazuh web interface port will be 443.
16/10/2024 09:30:30 INFO: --- Dependencies ----
16/10/2024 09:30:30 INFO: Installing apt-transport-https.
16/10/2024 09:30:42 INFO: Installing debhelper.
16/10/2024 09:31:26 INFO: Wazuh development repository added.
16/10/2024 09:31:26 INFO: --- Configuration files ---
16/10/2024 09:31:26 INFO: Generating configuration files.
16/10/2024 09:31:27 INFO: Generating the root certificate.
16/10/2024 09:31:27 INFO: Generating Admin certificates.
16/10/2024 09:31:28 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:31:28 INFO: Generating Filebeat certificates.
16/10/2024 09:31:29 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:31:29 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:31:30 INFO: --- Wazuh indexer ---
16/10/2024 09:31:30 INFO: Starting Wazuh indexer installation.
16/10/2024 09:32:19 INFO: Wazuh indexer installation finished.
16/10/2024 09:32:19 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:32:19 INFO: Starting service wazuh-indexer.
16/10/2024 09:32:48 INFO: wazuh-indexer service started.
16/10/2024 09:32:48 INFO: Initializing Wazuh indexer cluster security settings.
16/10/2024 09:32:58 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:32:58 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:32:58 INFO: --- Wazuh server ---
16/10/2024 09:32:58 INFO: Starting the Wazuh manager installation.
16/10/2024 09:34:48 INFO: Wazuh manager installation finished.
16/10/2024 09:34:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 09:34:48 INFO: Starting service wazuh-manager.
16/10/2024 09:35:13 INFO: wazuh-manager service started.
16/10/2024 09:35:13 INFO: Starting Filebeat installation.
16/10/2024 09:35:35 INFO: Filebeat installation finished.
16/10/2024 09:35:37 INFO: Filebeat post-install configuration finished.
16/10/2024 09:35:37 INFO: Starting service filebeat.
16/10/2024 09:35:39 INFO: filebeat service started.
16/10/2024 09:35:39 INFO: --- Wazuh dashboard ---
16/10/2024 09:35:39 INFO: Starting Wazuh dashboard installation.
16/10/2024 09:38:18 INFO: Wazuh dashboard installation finished.
16/10/2024 09:38:18 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:38:18 INFO: Starting service wazuh-dashboard.
16/10/2024 09:38:19 INFO: wazuh-dashboard service started.
16/10/2024 09:38:22 INFO: Updating the internal users.
16/10/2024 09:38:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/10/2024 09:39:01 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
16/10/2024 09:39:54 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:39:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:40:09 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:40:24 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:40:24 INFO: --- Summary ---
16/10/2024 09:40:24 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: ONl1To1cjvQLv.*WtzoFu824iCwQb2i8
16/10/2024 09:40:24 INFO: Installation finished.

Logs in wazuh-install.log:

root@ip-172-31-45-134:/home/ubuntu# cat /var/log/wazuh-install.log 
16/10/2024 09:29:48 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:29:48 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [2106 kB]
Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [363 kB]
Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [17.9 kB]
Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2568 kB]
Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [444 kB]
Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [616 B]
Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1132 kB]
Get:18 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1854 kB]
Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [265 kB]
Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [26.3 kB]
Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB]
Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB]
Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [444 B]
Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.7 kB]
Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.1 kB]
Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.8 kB]
Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [672 B]
Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [301 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [13.3 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2451 kB]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [422 kB]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [584 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [910 kB]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [180 kB]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [19.5 kB]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB]
Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B]
Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [228 B]
Fetched 34.0 MB in 6s (5456 kB/s)
Reading package lists...
16/10/2024 09:30:18 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:30:18 INFO: Wazuh web interface port will be 443.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
16/10/2024 09:30:30 INFO: --- Dependencies ----
16/10/2024 09:30:30 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 221 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.13 [1510 B] Fetched 1510 B in 0s (69.2 kB/s) Selecting previously unselected  NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1
16/10/2024 09:30:42 INFO: Installing debhelper.
Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gcc-12-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6 libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgcc-s1 libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libstdc++6 libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl Recommended packages: libnss-nis libnss-nisplus The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto The following packages will be upgraded: gcc-12-base libc6 libgcc-s1 libstdc++6 4 upgraded, 75 newly installed, 0 to remove and 217 not upgraded. Need to get 72.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3235 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-12-base amd64 12.3.0-1ubuntu1~22.04 [20.1 kB] Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++6 amd64 12.3.0-1ubuntu1~22.04 [699 kB] Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-s1 amd64 12.3.0-1ubuntu1~22.04 [53.9 kB] Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.8 [20.3 kB] Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-124.134 [1322 kB] Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.8 [2100 kB] Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:32 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:33 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:34 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:35 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:36 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:37 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:38 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:39 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:40 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:41 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:42 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:43 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:44 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:45 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:46 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:47 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:48 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:49 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:50 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:51 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:52 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:53 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:54 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:55 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:56 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:57 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:58 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:59 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:60 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:61 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:62 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:67 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:68 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:69 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:70 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.10 [185 kB] Get:71 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:72 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:73 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.8 [28.9 kB] Get:74 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:75 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:76 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:77 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:78 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:79 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 manpages-dev all 5.10-1ubuntu1 [2309 kB] Preconfigur NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [41.1 kB]
Fetched 58.4 kB in 1s (49.3 kB/s)
Reading package lists...
16/10/2024 09:31:26 INFO: Wazuh development repository added.
16/10/2024 09:31:26 INFO: --- Configuration files ---
16/10/2024 09:31:26 INFO: Generating configuration files.
16/10/2024 09:31:27 INFO: Generating the root certificate.
16/10/2024 09:31:27 INFO: Generating Admin certificates.
16/10/2024 09:31:28 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:31:28 INFO: Generating Filebeat certificates.
16/10/2024 09:31:29 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:31:29 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:31:30 INFO: --- Wazuh indexer ---
16/10/2024 09:31:30 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 850 MB of archives. After this operation, 1077 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.9.1-1 [850 MB] Fetched 850 MB in 13s (63.2 MB/s) Selecting previously unselected package wazuh-in ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automa NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
16/10/2024 09:32:19 INFO: Wazuh indexer installation finished.
16/10/2024 09:32:19 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:32:19 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
16/10/2024 09:32:48 INFO: wazuh-indexer service started.
16/10/2024 09:32:48 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/10/2024 09:32:58 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:32:58 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:32:58 INFO: --- Wazuh server ---
16/10/2024 09:32:58 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 333 MB of archives. After this operation, 902 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.9.1-1 [333 MB] Fetched 333 MB in 9s (37.8 MB/s) Selecting previously un NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
16/10/2024 09:34:48 INFO: Wazuh manager installation finished.
16/10/2024 09:34:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 09:34:48 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
16/10/2024 09:35:13 INFO: wazuh-manager service started.
16/10/2024 09:35:13 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd6 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
16/10/2024 09:35:35 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 09:35:37 INFO: Filebeat post-install configuration finished.
16/10/2024 09:35:37 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
16/10/2024 09:35:39 INFO: filebeat service started.
16/10/2024 09:35:39 INFO: --- Wazuh dashboard ---
16/10/2024 09:35:39 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 217 not upgraded. Need to get 166 MB of archives. After this operation, 935 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.9.1-1 [166 MB] Fetched 166 MB in 5s (34.2 MB/s) Selecting previously unselected package wazuh- NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: acpid.service NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: snapd.service NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
16/10/2024 09:38:18 INFO: Wazuh dashboard installation finished.
16/10/2024 09:38:18 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:38:18 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/10/2024 09:38:19 INFO: wazuh-dashboard service started.
16/10/2024 09:38:22 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/10/2024 09:38:33 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 09:39:01 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/10/2024 09:39:54 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:39:54 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:40:09 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 09:40:24 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:40:24 INFO: Installation finished.

RHEL 9 🟢

Logs on the console:

[root@ip-172-31-38-230 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
16/10/2024 09:57:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:57:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:57:56 INFO: Wazuh web interface port will be 443.
16/10/2024 09:57:56 INFO: --- Dependencies ---
16/10/2024 09:57:56 INFO: Installing lsof.
16/10/2024 09:58:23 INFO: Wazuh development repository added.
16/10/2024 09:58:23 INFO: --- Configuration files ---
16/10/2024 09:58:23 INFO: Generating configuration files.
16/10/2024 09:58:23 INFO: Generating the root certificate.
16/10/2024 09:58:24 INFO: Generating Admin certificates.
16/10/2024 09:58:24 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:58:24 INFO: Generating Filebeat certificates.
16/10/2024 09:58:25 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:58:26 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:58:26 INFO: --- Wazuh indexer ---
16/10/2024 09:58:26 INFO: Starting Wazuh indexer installation.
16/10/2024 09:59:16 INFO: Wazuh indexer installation finished.
16/10/2024 09:59:16 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:59:16 INFO: Starting service wazuh-indexer.
16/10/2024 09:59:40 INFO: wazuh-indexer service started.
16/10/2024 09:59:40 INFO: Initializing Wazuh indexer cluster security settings.
16/10/2024 09:59:48 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:59:48 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:59:48 INFO: --- Wazuh server ---
16/10/2024 09:59:48 INFO: Starting the Wazuh manager installation.
16/10/2024 10:01:07 INFO: Wazuh manager installation finished.
16/10/2024 10:01:07 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 10:01:07 INFO: Starting service wazuh-manager.
16/10/2024 10:01:27 INFO: wazuh-manager service started.
16/10/2024 10:01:27 INFO: Starting Filebeat installation.
16/10/2024 10:01:42 INFO: Filebeat installation finished.
16/10/2024 10:01:43 INFO: Filebeat post-install configuration finished.
16/10/2024 10:01:43 INFO: Starting service filebeat.
16/10/2024 10:01:44 INFO: filebeat service started.
16/10/2024 10:01:44 INFO: --- Wazuh dashboard ---
16/10/2024 10:01:44 INFO: Starting Wazuh dashboard installation.
16/10/2024 10:05:39 INFO: Wazuh dashboard installation finished.
16/10/2024 10:05:39 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 10:05:39 INFO: Starting service wazuh-dashboard.
16/10/2024 10:05:40 INFO: wazuh-dashboard service started.
16/10/2024 10:05:40 INFO: Updating the internal users.
16/10/2024 10:05:49 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/10/2024 10:06:09 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
16/10/2024 10:06:58 INFO: Initializing Wazuh dashboard web application.
16/10/2024 10:06:58 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:13 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:28 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:44 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:59 INFO: Wazuh dashboard web application initialized.
16/10/2024 10:08:00 INFO: --- Summary ---
16/10/2024 10:08:00 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: XBPOK9+3oC0DqPTb3JmVbqCpLY64JoVW
16/10/2024 10:08:00 INFO: --- Dependencies ---
16/10/2024 10:08:00 INFO: Removing lsof.
16/10/2024 10:08:30 INFO: Installation finished.

Logs in wazuh-install.log:

[root@ip-172-31-38-230 ec2-user]# cat /var/log/wazuh-install.log
16/10/2024 09:57:55 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:57:55 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

25 files removed
16/10/2024 09:57:56 INFO: Wazuh web interface port will be 443.
16/10/2024 09:57:56 INFO: --- Dependencies ---
16/10/2024 09:57:56 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 83 MB/s | 42 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 29 MB/s | 33 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 34 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 2.0 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 4.6 MB/s | 241 kB 00:00 -------------------------------------------------------------------------------- Total 4.1 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStre 83 MB/s | 42 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 29 MB/s | 33 MB 00:01 Red Hat Enterprise Linux 9 Client Configuration 34 kB/s | 3.2 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 rhel-9-baseos-rhui-rpms 241 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 338 k Installed size: 826 k Downloading Packages: (1/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 2.0 MB/s | 96 kB 00:00 (2/2): lsof-4.94.0-3.el9.x86_64.rpm 4.6 MB/s | 241 kB 00:00 -------------------------------------------------------------------------------- Total 4.1 MB/s | 338 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
16/10/2024 09:58:23 INFO: Wazuh development repository added.
16/10/2024 09:58:23 INFO: --- Configuration files ---
16/10/2024 09:58:23 INFO: Generating configuration files.
16/10/2024 09:58:23 INFO: Generating the root certificate.
16/10/2024 09:58:24 INFO: Generating Admin certificates.
16/10/2024 09:58:24 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:58:24 INFO: Generating Filebeat certificates.
16/10/2024 09:58:25 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:58:26 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/10/2024 09:58:26 INFO: --- Wazuh indexer ---
16/10/2024 09:58:26 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. EL-9 - Wazuh 30 MB/s | 30 MB 00:00 Last metadata expiration check: 0:00:09 ago on Wed 16 Oct 2024 09:58:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-indexer x86_64 4.9.1-1 wazuh 813 M Transaction Summary ================================================================================ Install 1 Package Total download size: 813 M Installed size: 1.0 G Downloading Packages: wazuh-indexer-4.9.1-1.x86_64.rpm 107 MB/s | 813 MB 00:07 -------------------------------------------------------------------------------- Total 107 MB/s | 813 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 Installing : wazuh-indexer-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-indexer-4.9.1-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Verifying : wazuh-indexer-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-indexer-4.9.1-1.x86_64 Complete!
16/10/2024 09:59:16 INFO: Wazuh indexer installation finished.
16/10/2024 09:59:16 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:59:16 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
16/10/2024 09:59:40 INFO: wazuh-indexer service started.
16/10/2024 09:59:40 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/10/2024 09:59:48 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:59:48 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:59:48 INFO: --- Wazuh server ---
16/10/2024 09:59:48 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:21 ago on Wed 16 Oct 2024 09:58:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-manager x86_64 4.9.1-1 wazuh 314 M Transaction Summary ================================================================================ Install 1 Package Total download size: 314 M Installed size: 867 M Downloading Packages: wazuh-manager-4.9.1-1.x86_64.rpm 132 MB/s | 314 MB 00:02 -------------------------------------------------------------------------------- Total 132 MB/s | 314 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Installing : wazuh-manager-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-manager-4.9.1-1.x86_64 1/1 Verifying : wazuh-manager-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-manager-4.9.1-1.x86_64 Complete!
16/10/2024 10:01:07 INFO: Wazuh manager installation finished.
16/10/2024 10:01:07 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 10:01:07 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
16/10/2024 10:01:27 INFO: wazuh-manager service started.
16/10/2024 10:01:27 INFO: Starting Filebeat installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:00 ago on Wed 16 Oct 2024 09:58:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: filebeat x86_64 7.10.2-1 wazuh 21 M Transaction Summary ================================================================================ Install 1 Package Total download size: 21 M Installed size: 70 M Downloading Packages: filebeat-oss-7.10.2-x86_64.rpm 35 MB/s | 21 MB 00:00 -------------------------------------------------------------------------------- Total 35 MB/s | 21 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : filebeat-7.10.2-1.x86_64 1/1 Running scriptlet: filebeat-7.10.2-1.x86_64 1/1 Verifying : filebeat-7.10.2-1.x86_64 1/1 Installed products updated. Installed: filebeat-7.10.2-1.x86_64 Complete!
16/10/2024 10:01:42 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 10:01:43 INFO: Filebeat post-install configuration finished.
16/10/2024 10:01:43 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
16/10/2024 10:01:44 INFO: filebeat service started.
16/10/2024 10:01:44 INFO: --- Wazuh dashboard ---
16/10/2024 10:01:44 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:03:19 ago on Wed 16 Oct 2024 09:58:28 AM UTC. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: wazuh-dashboard x86_64 4.9.1-1 wazuh 253 M Transaction Summary ================================================================================ Install 1 Package Total download size: 253 M Installed size: 849 M Downloading Packages: wazuh-dashboard-4.9.1-1.x86_64.rpm 56 MB/s | 253 MB 00:04 -------------------------------------------------------------------------------- Total 56 MB/s | 253 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Installing : wazuh-dashboard-4.9.1-1.x86_64 1/1 Running scriptlet: wazuh-dashboard-4.9.1-1.x86_64 1/1 Verifying : wazuh-dashboard-4.9.1-1.x86_64 1/1 Installed products updated. Installed: wazuh-dashboard-4.9.1-1.x86_64 Complete!
16/10/2024 10:05:39 INFO: Wazuh dashboard installation finished.
16/10/2024 10:05:39 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 10:05:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/10/2024 10:05:40 INFO: wazuh-dashboard service started.
16/10/2024 10:05:40 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/10/2024 10:05:49 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
Successfully updated the keystore
16/10/2024 10:06:09 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/10/2024 10:06:58 INFO: Initializing Wazuh dashboard web application.
16/10/2024 10:06:58 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:13 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:28 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:44 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/10/2024 10:07:59 INFO: Wazuh dashboard web application initialized.
16/10/2024 10:08:00 INFO: --- Dependencies ---
16/10/2024 10:08:00 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @rhel-9-baseos-rhui-rpms 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
16/10/2024 10:08:30 INFO: Installation finished.

Amazon Linux 2023 - Offline 🟢

Logs on the console:

[root@ip-172-31-47-133 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh
[root@ip-172-31-47-133 ec2-user]# ls
wazuh-install.sh
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh -dw rpm
16/10/2024 09:13:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:13:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:13:00 INFO: --- Dependencies ---
16/10/2024 09:13:00 INFO: Installing curl.
16/10/2024 09:13:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:13:12 INFO: --- Download Packages ---
16/10/2024 09:13:12 INFO: Starting Wazuh packages download.
16/10/2024 09:13:12 INFO: Downloading Wazuh rpm packages for x86_64.
16/10/2024 09:13:16 INFO: The manager package was downloaded.
16/10/2024 09:13:17 INFO: The filebeat package was downloaded.
16/10/2024 09:13:21 INFO: The indexer package was downloaded.
16/10/2024 09:13:23 INFO: The dashboard package was downloaded.
16/10/2024 09:13:23 INFO: The packages are in wazuh-offline/wazuh-packages
16/10/2024 09:13:23 INFO: Downloading configuration files and assets.
16/10/2024 09:13:23 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
16/10/2024 09:13:24 INFO: The resource https://packages-dev.wazuh.com/4.9/tpl/wazuh/filebeat/filebeat.yml was downloaded.
16/10/2024 09:13:24 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/v4.9.1-rc4/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
16/10/2024 09:13:24 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
16/10/2024 09:13:24 INFO: The configuration files and assets are in wazuh-offline.tar.gz
16/10/2024 09:14:37 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
[root@ip-172-31-47-133 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
[root@ip-172-31-47-133 ec2-user]# nano config.yml 
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh -g
16/10/2024 09:19:28 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:19:28 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:19:28 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:19:28 INFO: --- Configuration files ---
16/10/2024 09:19:28 INFO: Generating configuration files.
16/10/2024 09:19:29 INFO: Generating the root certificate.
16/10/2024 09:19:29 INFO: Generating Admin certificates.
16/10/2024 09:19:30 INFO: Generating Wazuh indexer certificates.
16/10/2024 09:19:31 INFO: Generating Filebeat certificates.
16/10/2024 09:19:31 INFO: Generating Wazuh dashboard certificates.
16/10/2024 09:19:32 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
[root@ip-172-31-47-133 ec2-user]# ls
wazuh-install-files.tar  wazuh-install.sh  wazuh-offline.tar.gz
[root@ip-172-31-47-133 ec2-user]# ping google.com
PING google.com (172.253.62.101) 56(84) bytes of data.
^C
--- google.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2102ms
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-indexer node-1
16/10/2024 09:22:15 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:22:15 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:22:15 INFO: Checking installed dependencies for Offline installation.
16/10/2024 09:22:18 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:22:18 INFO: Checking prerequisites for Offline installation.
16/10/2024 09:22:19 INFO: Checking wazuh-offline.tar.gz file.
16/10/2024 09:22:33 INFO: --- Wazuh indexer ---
16/10/2024 09:22:33 INFO: Starting Wazuh indexer installation.
16/10/2024 09:22:50 INFO: Wazuh indexer installation finished.
16/10/2024 09:22:50 INFO: Wazuh indexer post-install configuration finished.
16/10/2024 09:22:50 INFO: Starting service wazuh-indexer.
16/10/2024 09:23:16 INFO: wazuh-indexer service started.
16/10/2024 09:23:16 INFO: Initializing Wazuh indexer cluster security settings.
16/10/2024 09:23:16 INFO: Wazuh indexer cluster initialized.
16/10/2024 09:23:16 INFO: Installation finished.
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh --offline-installation --start-cluster
16/10/2024 09:26:41 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:26:41 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:26:41 INFO: Checking installed dependencies for Offline installation.
16/10/2024 09:26:44 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:26:44 INFO: Checking wazuh-offline.tar.gz file.
16/10/2024 09:26:51 INFO: Wazuh indexer cluster security configuration initialized.
16/10/2024 09:27:01 INFO: Updating the internal users.
16/10/2024 09:27:06 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/10/2024 09:27:24 INFO: Wazuh indexer cluster started.
[root@ip-172-31-47-133 ec2-user]# tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1
  indexer_username: 'admin'
  indexer_password: 'zKJh3V4E*IfywfdD.eOXriMu4CbQ+xoJ'
[root@ip-172-31-47-133 ec2-user]# curl -k -u admin:zKJh3V4E*IfywfdD.eOXriMu4CbQ+xoJ https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "3HSalDcHQrWAKA4h5shyBA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "06e21c13dd7df95b42014376ce7531fa574ce569",
    "build_date" : "2024-10-15T16:48:17.780639Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-47-133 ec2-user]# curl -k -u admin:zKJh3V4E*IfywfdD.eOXriMu4CbQ+xoJ https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
127.0.0.1           46          94  12    0.36    0.42     0.25 dimr      data,ingest,master,remote_cluster_client *               node-1
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-server wazuh-1
16/10/2024 09:29:12 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:29:12 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:29:12 INFO: Checking installed dependencies for Offline installation.
16/10/2024 09:29:14 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:29:15 INFO: Checking wazuh-offline.tar.gz file.
16/10/2024 09:29:15 INFO: --- Wazuh server ---
16/10/2024 09:29:15 INFO: Starting the Wazuh manager installation.
16/10/2024 09:30:28 INFO: Wazuh manager installation finished.
16/10/2024 09:30:29 INFO: Wazuh manager vulnerability detection configuration finished.
16/10/2024 09:30:29 INFO: Starting service wazuh-manager.
16/10/2024 09:30:49 INFO: wazuh-manager service started.
16/10/2024 09:30:49 INFO: Starting Filebeat installation.
16/10/2024 09:30:52 INFO: Filebeat installation finished.
16/10/2024 09:30:52 INFO: Filebeat post-install configuration finished.
16/10/2024 09:30:54 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
16/10/2024 09:31:20 INFO: Starting service filebeat.
16/10/2024 09:31:22 INFO: filebeat service started.
16/10/2024 09:31:22 INFO: Installation finished.
[root@ip-172-31-47-133 ec2-user]# bash wazuh-install.sh --offline-installation --wazuh-dashboard dashboard
16/10/2024 09:31:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:31:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:31:53 INFO: Checking installed dependencies for Offline installation.
16/10/2024 09:32:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:32:01 INFO: Wazuh web interface port will be 443.
16/10/2024 09:32:02 INFO: Checking prerequisites for Offline installation.
16/10/2024 09:32:02 INFO: Checking wazuh-offline.tar.gz file.
16/10/2024 09:32:03 INFO: --- Wazuh dashboard ----
16/10/2024 09:32:03 INFO: Starting Wazuh dashboard installation.
16/10/2024 09:34:20 INFO: Wazuh dashboard installation finished.
16/10/2024 09:34:20 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:34:20 INFO: Starting service wazuh-dashboard.
16/10/2024 09:34:21 INFO: wazuh-dashboard service started.
16/10/2024 09:34:44 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:34:45 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:34:45 INFO: --- Summary ---
16/10/2024 09:34:45 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: zKJh3V4E*IfywfdD.eOXriMu4CbQ+xoJ
16/10/2024 09:34:45 INFO: Installation finished.

Logs in wazuh-install.log

[root@ip-172-31-47-133 ec2-user]# cat /var/log/wazuh-install.log
16/10/2024 09:31:53 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
16/10/2024 09:31:53 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/10/2024 09:31:53 INFO: Checking installed dependencies for Offline installation.
16/10/2024 09:32:01 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/10/2024 09:32:01 INFO: Wazuh web interface port will be 443.
16/10/2024 09:32:02 INFO: Checking prerequisites for Offline installation.
16/10/2024 09:32:02 INFO: Checking wazuh-offline.tar.gz file.
16/10/2024 09:32:03 INFO: --- Wazuh dashboard ----
16/10/2024 09:32:03 INFO: Starting Wazuh dashboard installation.
Verifying... ######################################## Preparing... ######################################## Updating / installing... wazuh-dashboard-4.9.1-1 ########################################
16/10/2024 09:34:20 INFO: Wazuh dashboard installation finished.
16/10/2024 09:34:20 INFO: Wazuh dashboard post-install configuration finished.
16/10/2024 09:34:20 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/10/2024 09:34:21 INFO: wazuh-dashboard service started.
16/10/2024 09:34:44 INFO: Initializing Wazuh dashboard web application.
16/10/2024 09:34:45 INFO: Wazuh dashboard web application initialized.
16/10/2024 09:34:45 INFO: Installation finished.

[CarlosALgit]

Installed packages 🟢

Amazon Linux 2023 🟢

[root@ip-172-31-39-68 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64                Wed Oct 16 09:36:01 2024
filebeat-7.10.2-1.x86_64                      Wed Oct 16 09:33:14 2024
wazuh-manager-4.9.1-1.x86_64                  Wed Oct 16 09:32:13 2024
wazuh-indexer-4.9.1-1.x86_64                  Wed Oct 16 09:30:40 2024
gpg-pubkey-29111145-591cd381                  Wed Oct 16 09:29:44 2024

Ubuntu 22 🟢

root@ip-172-31-45-134:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-10-16 09:31:45 install wazuh-indexer:amd64 <none> 4.9.1-1
2024-10-16 09:33:09 install wazuh-manager:amd64 <none> 4.9.1-1
2024-10-16 09:35:17 install filebeat:amd64 <none> 7.10.2
2024-10-16 09:35:47 install wazuh-dashboard:amd64 <none> 4.9.1-1

RHEL 9 🟢

[root@ip-172-31-38-230 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64                Wed 16 Oct 2024 10:04:52 AM UTC
filebeat-7.10.2-1.x86_64                      Wed 16 Oct 2024 10:01:31 AM UTC
wazuh-manager-4.9.1-1.x86_64                  Wed 16 Oct 2024 10:00:38 AM UTC
wazuh-indexer-4.9.1-1.x86_64                  Wed 16 Oct 2024 09:59:11 AM UTC
gpg-pubkey-29111145-591cd381                  Wed 16 Oct 2024 09:58:22 AM UTC

Amazon Linux 2023 - Offline 🟢

[root@ip-172-31-47-133 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.9.1-1.x86_64                Wed Oct 16 09:34:15 2024
filebeat-7.10.2-1.x86_64                      Wed Oct 16 09:30:50 2024
wazuh-manager-4.9.1-1.x86_64                  Wed Oct 16 09:29:56 2024
wazuh-indexer-4.9.1-1.x86_64                  Wed Oct 16 09:22:48 2024
gpg-pubkey-29111145-591cd381                  Wed Oct 16 09:22:33 2024

[CarlosALgit]

Wazuh Indexer logs 🟡

Amazon Linux 2023 🟡

Agent status

[root@ip-172-31-39-68 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:31:10 UTC; 55min ago
       Docs: https://documentation.wazuh.com
   Main PID: 4286 (java)
      Tasks: 72 (limit: 4581)
     Memory: 1.3G
        CPU: 2min 27.083s
     CGroup: /system.slice/wazuh-indexer.service
             └─4286 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch>

Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager has been called b>
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: Please consider reporting this to the mainta>
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager will be removed i>
Oct 16 09:30:49 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: Oct 16, 2024 9:30:49 AM sun.util.locale.provider.Loca>
Oct 16 09:30:49 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: COMPAT locale provider will be removed in a >
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: A terminally deprecated method in java.lang.>
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager has been called b>
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: Please consider reporting this to the mainta>
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager will be removed i>
Oct 16 09:31:10 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.

Service status

[root@ip-172-31-39-68 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Oct 16 09:30:44 ip-172-31-39-68.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-indexer.service has begun execution.
░░ 
░░ The job identifier is 3179.
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 16 09:30:47 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:30:49 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: Oct 16, 2024 9:30:49 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Oct 16 09:30:49 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: COMPAT locale provider will be removed in a future release
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 16 09:30:50 ip-172-31-39-68.ec2.internal systemd-entrypoint[4286]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:31:10 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░ 
░░ The job identifier is 3179.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167 (comment)
🟡 Fail to read queue capacity via reflection Related: wazuh/wazuh-indexer#71
🟡 Json Mapping Error: Cannot invoke "java.lang.Long.longValue() Related: opensearch-project/performance-analyzer#644 Related: wazuh/wazuh-indexer#329

[root@ip-172-31-39-68 ec2-user]# head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-10-16T09:30:50,120][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-16T09:31:00,821][ERROR][o.o.p.c.j.GCMetrics      ] [node-1] MX bean missing: G1 Concurrent GC
[2024-10-16T09:31:03,701][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-16T09:31:03,754][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-10-16T09:31:03,756][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-16T09:31:05,404][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-16T09:31:05,825][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,830][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,852][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,852][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,853][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,853][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:05,872][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:31:07,979][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-16T09:31:10,426][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-10-16T09:31:10,809][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-10-16T09:31:10,942][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:31:11,494][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:31:11,494][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:31:11,495][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:31:11,496][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:31:11,496][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:31:15,874][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:31:20,228][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-10-16T09:31:20,875][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:31:25,877][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:31:30,878][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:06,080][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:11,081][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:16,095][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:21,087][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:26,089][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:34:31,089][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])

Ubuntu 22 🟡

Agent status

root@ip-172-31-45-134:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-10-16 09:32:48 UTC; 57min ago
       Docs: https://documentation.wazuh.com
   Main PID: 5599 (java)
      Tasks: 68 (limit: 4632)
     Memory: 1.3G
        CPU: 2min 9.046s
     CGroup: /system.slice/wazuh-indexer.service
             └─5599 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch>

Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager has been called by org.opense>
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: Please consider reporting this to the maintainers of org>
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager will be removed in a future r>
Oct 16 09:32:25 ip-172-31-45-134 systemd-entrypoint[5599]: Oct 16, 2024 9:32:25 AM sun.util.locale.provider.LocaleProviderAd>
Oct 16 09:32:25 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: COMPAT locale provider will be removed in a future relea>
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: A terminally deprecated method in java.lang.System has b>
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager has been called by org.opense>
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: Please consider reporting this to the maintainers of org>
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager will be removed in a future r>
Oct 16 09:32:48 ip-172-31-45-134 systemd[1]: Started wazuh-indexer.

Service status

root@ip-172-31-45-134:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager
Oct 16 09:32:20 ip-172-31-45-134 systemd[1]: Starting wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-indexer.service has begun execution.
░░ 
░░ The job identifier is 2141.
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 16 09:32:24 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:32:25 ip-172-31-45-134 systemd-entrypoint[5599]: Oct 16, 2024 9:32:25 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Oct 16 09:32:25 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: COMPAT locale provider will be removed in a future release
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 16 09:32:26 ip-172-31-45-134 systemd-entrypoint[5599]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:32:48 ip-172-31-45-134 systemd[1]: Started wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░ 
░░ The job identifier is 2141.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167 (comment)
🟡 Authentication finally failed for admin Related: wazuh/wazuh-indexer#167

root@ip-172-31-45-134:/home/ubuntu# head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-10-16T09:32:26,762][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true]
[2024-10-16T09:32:40,445][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-16T09:32:40,506][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-10-16T09:32:40,510][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-16T09:32:42,571][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-16T09:32:45,192][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-16T09:32:48,008][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-10-16T09:32:48,496][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-10-16T09:32:49,087][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,087][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,088][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,097][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,097][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,098][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,098][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,098][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,098][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:49,098][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:32:58,735][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-10-16T09:39:30,429][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:48208
[2024-10-16T09:39:33,728][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:48216
[2024-10-16T09:39:36,797][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:48216
[2024-10-16T09:39:41,618][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:48216

RHEL 9 🟡

Agent status

[root@ip-172-31-38-230 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:59:40 UTC; 33min ago
       Docs: https://documentation.wazuh.com
   Main PID: 15058 (java)
      Tasks: 72 (limit: 22632)
     Memory: 1.3G
        CPU: 1min 47.154s
     CGroup: /system.slice/wazuh-indexer.service
             └─15058 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearc>

Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager has been called>
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: Please consider reporting this to the main>
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager will be removed>
Oct 16 09:59:21 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: Oct 16, 2024 9:59:21 AM sun.util.locale.provider.Lo>
Oct 16 09:59:21 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: COMPAT locale provider will be removed in >
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: A terminally deprecated method in java.lan>
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager has been called>
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: Please consider reporting this to the main>
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager will be removed>
Oct 16 09:59:40 ip-172-31-38-230.ec2.internal systemd[1]: Started wazuh-indexer.

Service status

[root@ip-172-31-38-230 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Oct 16 09:59:17 ip-172-31-38-230.ec2.internal systemd[1]: Starting wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-indexer.service has begun execution.
░░ 
░░ The job identifier is 3328.
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 16 09:59:20 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:59:21 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: Oct 16, 2024 9:59:21 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Oct 16 09:59:21 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: COMPAT locale provider will be removed in a future release
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 16 09:59:22 ip-172-31-38-230.ec2.internal systemd-entrypoint[15058]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:59:40 ip-172-31-38-230.ec2.internal systemd[1]: Started wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░ 
░░ The job identifier is 3328.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167 (comment)
🟡 Fail to read queue capacity via reflection Related: wazuh/wazuh-indexer#71
🟡 Json Mapping Error: Cannot invoke "java.lang.Long.longValue() Related: opensearch-project/performance-analyzer#644 Related: wazuh/wazuh-indexer#329

[root@ip-172-31-38-230 ec2-user]# head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-10-16T09:59:22,455][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-16T09:59:32,520][ERROR][o.o.p.c.j.GCMetrics      ] [node-1] MX bean missing: G1 Concurrent GC
[2024-10-16T09:59:34,411][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-16T09:59:34,460][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-10-16T09:59:34,461][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-16T09:59:35,999][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-16T09:59:37,524][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,535][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,536][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,536][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,536][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,537][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,537][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,538][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,538][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,549][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,560][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,561][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,561][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,567][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,568][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:37,568][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:59:38,250][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-16T09:59:40,838][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-10-16T09:59:41,278][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-10-16T09:59:41,912][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,913][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,914][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,915][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,915][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,920][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,933][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,934][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,934][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:41,934][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:59:42,664][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:59:47,585][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:59:48,833][WARN ][o.o.s.c.ConfigurationRepository] [node-1] Unable to reload configuration, initalization thread has not yet completed.
[2024-10-16T09:59:52,554][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:59:57,556][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:02,549][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:07,552][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:12,552][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:17,554][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:22,554][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:27,559][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:32,555][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:37,557][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:42,554][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:47,557][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:52,562][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:00:57,556][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:02,557][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:07,559][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:12,558][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:17,561][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:22,559][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:27,563][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:32,563][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:37,564][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:42,572][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:47,568][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:52,584][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:01:57,573][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:02:02,572][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:02:07,580][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:02:12,592][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T10:02:17,577][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])

Amazon Linux 2023 - Offline 🟡

Agent status

[root@ip-172-31-47-133 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:23:16 UTC; 1h 12min ago
       Docs: https://documentation.wazuh.com
   Main PID: 4313 (java)
      Tasks: 74 (limit: 4581)
     Memory: 1.3G
        CPU: 2min 33.653s
     CGroup: /system.slice/wazuh-indexer.service
             └─4313 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch>

Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager has been called >
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: Please consider reporting this to the maint>
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager will be removed >
Oct 16 09:22:56 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: Oct 16, 2024 9:22:56 AM sun.util.locale.provider.Loc>
Oct 16 09:22:56 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: COMPAT locale provider will be removed in a>
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: A terminally deprecated method in java.lang>
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager has been called >
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: Please consider reporting this to the maint>
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager will be removed >
Oct 16 09:23:16 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.

Service status

[root@ip-172-31-47-133 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
Oct 16 09:22:51 ip-172-31-47-133.ec2.internal systemd[1]: Starting wazuh-indexer.service - wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-indexer.service has begun execution.
░░ 
░░ The job identifier is 2811.
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 16 09:22:54 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:22:56 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: Oct 16, 2024 9:22:56 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Oct 16 09:22:56 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: COMPAT locale provider will be removed in a future release
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 16 09:22:57 ip-172-31-47-133.ec2.internal systemd-entrypoint[4313]: WARNING: System::setSecurityManager will be removed in a future release
Oct 16 09:23:16 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-indexer.service - wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░ 
░░ The job identifier is 2811.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167 (comment)
🟡 Fail to read queue capacity via reflection Related: wazuh/wazuh-indexer#71
🟡 Json Mapping Error: Cannot invoke "java.lang.Long.longValue() Related: opensearch-project/performance-analyzer#644 Related: wazuh/wazuh-indexer#329

[root@ip-172-31-47-133 ec2-user]# head -n 300 /var/log/wazuh-indexer/wazuh-indexer-cluster.log | grep -i -E "error|warn"
[2024-10-16T09:22:57,463][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms1024m, -Xmx1024m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-16T09:23:07,902][ERROR][o.o.p.c.j.GCMetrics      ] [node-1] MX bean missing: G1 Concurrent GC
[2024-10-16T09:23:09,627][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-16T09:23:09,680][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-10-16T09:23:09,684][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-16T09:23:11,379][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-16T09:23:12,825][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,838][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,839][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,839][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,840][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,858][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,858][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,880][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,880][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,881][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,881][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,882][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,882][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,882][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,883][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:12,883][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-10-16T09:23:13,825][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-16T09:23:16,258][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-10-16T09:23:16,671][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-10-16T09:23:17,335][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,336][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,336][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,338][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:17,862][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:22,822][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:27,825][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:30,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:30,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:32,814][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:37,819][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:42,821][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:43,347][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,347][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,349][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:43,349][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:47,815][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:52,816][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:23:56,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:56,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:23:57,822][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:24:02,818][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:24:07,819][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
[2024-10-16T09:24:09,353][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:09,355][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-10-16T09:24:12,820][WARN ][o.o.p.c.u.JsonConverter  ] [node-1] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])

[CarlosALgit]

Wazuh Manager logs 🟡

Amazon Linux 2023 🟡

Agent status

[root@ip-172-31-39-68 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:37:17 UTC; 1h 12min ago
      Tasks: 153 (limit: 4581)
     Memory: 1.4G
        CPU: 7min 15.345s
     CGroup: /system.slice/wazuh-manager.service
             ├─9156 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─9157 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─9160 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─9163 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─9207 /var/ossec/bin/wazuh-authd
             ├─9224 /var/ossec/bin/wazuh-db
             ├─9250 /var/ossec/bin/wazuh-execd
             ├─9264 /var/ossec/bin/wazuh-analysisd
             ├─9277 /var/ossec/bin/wazuh-syscheckd
             ├─9326 /var/ossec/bin/wazuh-remoted
             ├─9361 /var/ossec/bin/wazuh-logcollector
             ├─9381 /var/ossec/bin/wazuh-monitord
             └─9403 /var/ossec/bin/wazuh-modulesd

Oct 16 09:37:09 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-analysisd...
Oct 16 09:37:10 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-syscheckd...
Oct 16 09:37:11 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-remoted...
Oct 16 09:37:12 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-logcollector...
Oct 16 09:37:14 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-monitord...
Oct 16 09:37:14 ip-172-31-39-68.ec2.internal env[9399]: 2024/10/16 09:37:14 wazuh-modulesd:router: INFO: Loaded router modul>

Service status

[root@ip-172-31-39-68 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Oct 16 09:32:50 ip-172-31-39-68.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3405.
Oct 16 09:32:53 ip-172-31-39-68.ec2.internal env[5959]: 2024/10/16 09:32:53 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:32:53 ip-172-31-39-68.ec2.internal env[5959]: 2024/10/16 09:32:53 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:32:54 ip-172-31-39-68.ec2.internal env[5926]: Starting Wazuh v4.9.1...
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-apid...
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-csyslogd...
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-dbd...
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[6008]: 2024/10/16 09:32:58 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-integratord...
Oct 16 09:32:58 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-agentlessd...
Oct 16 09:32:59 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-authd...
Oct 16 09:33:00 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-db...
Oct 16 09:33:01 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-execd...
Oct 16 09:33:02 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-analysisd...
Oct 16 09:33:03 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-syscheckd...
Oct 16 09:33:04 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-remoted...
Oct 16 09:33:06 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-logcollector...
Oct 16 09:33:07 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-monitord...
Oct 16 09:33:07 ip-172-31-39-68.ec2.internal env[6231]: 2024/10/16 09:33:07 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:33:07 ip-172-31-39-68.ec2.internal env[6231]: 2024/10/16 09:33:07 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:33:08 ip-172-31-39-68.ec2.internal env[5926]: Started wazuh-modulesd...
Oct 16 09:33:10 ip-172-31-39-68.ec2.internal env[5926]: Completed.
Oct 16 09:33:10 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3405.
Oct 16 09:36:47 ip-172-31-39-68.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3934.
Oct 16 09:36:47 ip-172-31-39-68.ec2.internal env[8846]: wazuh-clusterd not running...
Oct 16 09:36:47 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-modulesd...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-monitord...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-logcollector...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-remoted...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-syscheckd...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-analysisd...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: wazuh-maild not running...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-execd...
Oct 16 09:36:53 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-db...
Oct 16 09:36:54 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-authd...
Oct 16 09:36:55 ip-172-31-39-68.ec2.internal env[8846]: wazuh-agentlessd not running...
Oct 16 09:36:55 ip-172-31-39-68.ec2.internal env[8846]: wazuh-integratord not running...
Oct 16 09:36:55 ip-172-31-39-68.ec2.internal env[8846]: wazuh-dbd not running...
Oct 16 09:36:55 ip-172-31-39-68.ec2.internal env[8846]: wazuh-csyslogd not running...
Oct 16 09:36:55 ip-172-31-39-68.ec2.internal env[8846]: Killing wazuh-apid...
Oct 16 09:36:56 ip-172-31-39-68.ec2.internal env[8846]: Wazuh v4.9.1 Stopped
Oct 16 09:36:56 ip-172-31-39-68.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Oct 16 09:36:56 ip-172-31-39-68.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-manager.service has finished.
░░ 
░░ The job identifier is 3934 and the job result is done.
Oct 16 09:36:56 ip-172-31-39-68.ec2.internal systemd[1]: wazuh-manager.service: Consumed 2min 25.106s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Oct 16 09:36:56 ip-172-31-39-68.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3934.
Oct 16 09:37:00 ip-172-31-39-68.ec2.internal env[9127]: 2024/10/16 09:37:00 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:37:00 ip-172-31-39-68.ec2.internal env[9127]: 2024/10/16 09:37:00 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:37:01 ip-172-31-39-68.ec2.internal env[9093]: Starting Wazuh v4.9.1...
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-apid...
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-csyslogd...
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-dbd...
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9185]: 2024/10/16 09:37:05 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-integratord...
Oct 16 09:37:05 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-agentlessd...
Oct 16 09:37:06 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-authd...
Oct 16 09:37:07 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-db...
Oct 16 09:37:08 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-execd...
Oct 16 09:37:09 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-analysisd...
Oct 16 09:37:10 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-syscheckd...
Oct 16 09:37:11 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-remoted...
Oct 16 09:37:12 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-logcollector...
Oct 16 09:37:14 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-monitord...
Oct 16 09:37:14 ip-172-31-39-68.ec2.internal env[9399]: 2024/10/16 09:37:14 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:37:14 ip-172-31-39-68.ec2.internal env[9399]: 2024/10/16 09:37:14 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:37:15 ip-172-31-39-68.ec2.internal env[9093]: Started wazuh-modulesd...
Oct 16 09:37:17 ip-172-31-39-68.ec2.internal env[9093]: Completed.
Oct 16 09:37:17 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3934.

Errors

🟡 IndexerConnector initialization failed for index Related: #25446

[root@ip-172-31-39-68 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/10/16 09:33:07 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-39-68.ec2.internal', retrying until the connection is successful.
2024/10/16 09:37:14 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-39-68.ec2.internal', retrying until the connection is successful.

Ubuntu 22 🟡

Agent status

root@ip-172-31-45-134:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-10-16 09:39:32 UTC; 1h 12min ago
      Tasks: 153 (limit: 4632)
     Memory: 1.4G
        CPU: 7min 48.905s
     CGroup: /system.slice/wazuh-manager.service
             ├─58063 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─58064 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─58067 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─58070 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─58112 /var/ossec/bin/wazuh-authd
             ├─58128 /var/ossec/bin/wazuh-db
             ├─58153 /var/ossec/bin/wazuh-execd
             ├─58167 /var/ossec/bin/wazuh-analysisd
             ├─58180 /var/ossec/bin/wazuh-syscheckd
             ├─58227 /var/ossec/bin/wazuh-remoted
             ├─58261 /var/ossec/bin/wazuh-logcollector
             ├─58280 /var/ossec/bin/wazuh-monitord
             └─58302 /var/ossec/bin/wazuh-modulesd

Oct 16 09:39:25 ip-172-31-45-134 env[58000]: Started wazuh-analysisd...
Oct 16 09:39:26 ip-172-31-45-134 env[58000]: Started wazuh-syscheckd...
Oct 16 09:39:27 ip-172-31-45-134 env[58000]: Started wazuh-remoted...
Oct 16 09:39:28 ip-172-31-45-134 env[58000]: Started wazuh-logcollector...
Oct 16 09:39:29 ip-172-31-45-134 env[58000]: Started wazuh-monitord...
Oct 16 09:39:29 ip-172-31-45-134 env[58299]: 2024/10/16 09:39:29 wazuh-modulesd:router: INFO: Loaded router module.
root@ip-172-31-45-134:/home/ubuntu#

Service status

root@ip-172-31-45-134:/home/ubuntu# journalctl -xe -u wazuh-manager.service --no-pager
Oct 16 09:34:49 ip-172-31-45-134 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 2229.
Oct 16 09:34:55 ip-172-31-45-134 env[54691]: 2024/10/16 09:34:55 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:34:55 ip-172-31-45-134 env[54691]: 2024/10/16 09:34:55 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:34:56 ip-172-31-45-134 env[54658]: Starting Wazuh v4.9.1...
Oct 16 09:35:01 ip-172-31-45-134 env[54658]: Started wazuh-apid...
Oct 16 09:35:01 ip-172-31-45-134 env[54658]: Started wazuh-csyslogd...
Oct 16 09:35:01 ip-172-31-45-134 env[54658]: Started wazuh-dbd...
Oct 16 09:35:01 ip-172-31-45-134 env[54739]: 2024/10/16 09:35:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:35:01 ip-172-31-45-134 env[54658]: Started wazuh-integratord...
Oct 16 09:35:01 ip-172-31-45-134 env[54658]: Started wazuh-agentlessd...
Oct 16 09:35:02 ip-172-31-45-134 env[54658]: Started wazuh-authd...
Oct 16 09:35:03 ip-172-31-45-134 env[54658]: Started wazuh-db...
Oct 16 09:35:04 ip-172-31-45-134 env[54658]: Started wazuh-execd...
Oct 16 09:35:05 ip-172-31-45-134 env[54658]: Started wazuh-analysisd...
Oct 16 09:35:06 ip-172-31-45-134 env[54658]: Started wazuh-syscheckd...
Oct 16 09:35:07 ip-172-31-45-134 env[54658]: Started wazuh-remoted...
Oct 16 09:35:09 ip-172-31-45-134 env[54658]: Started wazuh-logcollector...
Oct 16 09:35:10 ip-172-31-45-134 env[54658]: Started wazuh-monitord...
Oct 16 09:35:10 ip-172-31-45-134 env[54956]: 2024/10/16 09:35:10 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:35:10 ip-172-31-45-134 env[54956]: 2024/10/16 09:35:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:35:11 ip-172-31-45-134 env[54658]: Started wazuh-modulesd...
Oct 16 09:35:13 ip-172-31-45-134 env[54658]: Completed.
Oct 16 09:35:13 ip-172-31-45-134 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 2229.
Oct 16 09:39:02 ip-172-31-45-134 systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 2582.
Oct 16 09:39:02 ip-172-31-45-134 env[57761]: wazuh-clusterd not running...
Oct 16 09:39:02 ip-172-31-45-134 env[57761]: Killing wazuh-modulesd...
Oct 16 09:39:07 ip-172-31-45-134 env[57761]: Killing wazuh-monitord...
Oct 16 09:39:07 ip-172-31-45-134 env[57761]: Killing wazuh-logcollector...
Oct 16 09:39:07 ip-172-31-45-134 env[57761]: Killing wazuh-remoted...
Oct 16 09:39:07 ip-172-31-45-134 env[57761]: Killing wazuh-syscheckd...
Oct 16 09:39:08 ip-172-31-45-134 env[57761]: Killing wazuh-analysisd...
Oct 16 09:39:08 ip-172-31-45-134 env[57761]: wazuh-maild not running...
Oct 16 09:39:08 ip-172-31-45-134 env[57761]: Killing wazuh-execd...
Oct 16 09:39:08 ip-172-31-45-134 env[57761]: Killing wazuh-db...
Oct 16 09:39:09 ip-172-31-45-134 env[57761]: Killing wazuh-authd...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: wazuh-agentlessd not running...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: wazuh-integratord not running...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: wazuh-dbd not running...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: wazuh-csyslogd not running...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: Killing wazuh-apid...
Oct 16 09:39:10 ip-172-31-45-134 env[57761]: Wazuh v4.9.1 Stopped
Oct 16 09:39:10 ip-172-31-45-134 systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Oct 16 09:39:10 ip-172-31-45-134 systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-manager.service has finished.
░░ 
░░ The job identifier is 2582 and the job result is done.
Oct 16 09:39:10 ip-172-31-45-134 systemd[1]: wazuh-manager.service: Consumed 2min 32.112s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Oct 16 09:39:10 ip-172-31-45-134 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 2582.
Oct 16 09:39:15 ip-172-31-45-134 env[58034]: 2024/10/16 09:39:15 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:39:15 ip-172-31-45-134 env[58034]: 2024/10/16 09:39:15 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:39:16 ip-172-31-45-134 env[58000]: Starting Wazuh v4.9.1...
Oct 16 09:39:20 ip-172-31-45-134 env[58000]: Started wazuh-apid...
Oct 16 09:39:20 ip-172-31-45-134 env[58000]: Started wazuh-csyslogd...
Oct 16 09:39:20 ip-172-31-45-134 env[58000]: Started wazuh-dbd...
Oct 16 09:39:20 ip-172-31-45-134 env[58091]: 2024/10/16 09:39:20 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:39:20 ip-172-31-45-134 env[58000]: Started wazuh-integratord...
Oct 16 09:39:20 ip-172-31-45-134 env[58000]: Started wazuh-agentlessd...
Oct 16 09:39:21 ip-172-31-45-134 env[58000]: Started wazuh-authd...
Oct 16 09:39:22 ip-172-31-45-134 env[58000]: Started wazuh-db...
Oct 16 09:39:23 ip-172-31-45-134 env[58000]: Started wazuh-execd...
Oct 16 09:39:25 ip-172-31-45-134 env[58000]: Started wazuh-analysisd...
Oct 16 09:39:26 ip-172-31-45-134 env[58000]: Started wazuh-syscheckd...
Oct 16 09:39:27 ip-172-31-45-134 env[58000]: Started wazuh-remoted...
Oct 16 09:39:28 ip-172-31-45-134 env[58000]: Started wazuh-logcollector...
Oct 16 09:39:29 ip-172-31-45-134 env[58000]: Started wazuh-monitord...
Oct 16 09:39:29 ip-172-31-45-134 env[58299]: 2024/10/16 09:39:29 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:39:29 ip-172-31-45-134 env[58299]: 2024/10/16 09:39:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:39:30 ip-172-31-45-134 env[58000]: Started wazuh-modulesd...
Oct 16 09:39:32 ip-172-31-45-134 env[58000]: Completed.
Oct 16 09:39:32 ip-172-31-45-134 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 2582.

Errors

🟡 IndexerConnector initialization failed for index Related: #25446

root@ip-172-31-45-134:/home/ubuntu# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/10/16 09:35:10 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-45-134', retrying until the connection is successful.
2024/10/16 09:39:30 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-45-134', retrying until the connection is successful.

RHEL 9 🟡

Agent status

[root@ip-172-31-38-230 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 10:06:33 UTC; 46min ago
      Tasks: 153 (limit: 22632)
     Memory: 1.3G
        CPU: 7min 18.947s
     CGroup: /system.slice/wazuh-manager.service
             ├─19460 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─19461 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─19464 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─19467 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─19511 /var/ossec/bin/wazuh-authd
             ├─19528 /var/ossec/bin/wazuh-db
             ├─19541 /var/ossec/bin/wazuh-execd
             ├─19557 /var/ossec/bin/wazuh-analysisd
             ├─19581 /var/ossec/bin/wazuh-syscheckd
             ├─19629 /var/ossec/bin/wazuh-remoted
             ├─19666 /var/ossec/bin/wazuh-logcollector
             ├─19685 /var/ossec/bin/wazuh-monitord
             └─19707 /var/ossec/bin/wazuh-modulesd

Oct 16 10:06:26 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-analysisd...
Oct 16 10:06:27 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-syscheckd...
Oct 16 10:06:28 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-remoted...
Oct 16 10:06:29 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-logcollector...
Oct 16 10:06:30 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-monitord...
Oct 16 10:06:30 ip-172-31-38-230.ec2.internal env[19703]: 2024/10/16 10:06:30 wazuh-modulesd:router: INFO: Loaded router mod>
[root@ip-172-31-38-230 ec2-user]#

Service status

[root@ip-172-31-38-230 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Oct 16 10:01:08 ip-172-31-38-230.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3504.
Oct 16 10:01:10 ip-172-31-38-230.ec2.internal env[16633]: 2024/10/16 10:01:10 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 10:01:10 ip-172-31-38-230.ec2.internal env[16633]: 2024/10/16 10:01:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 10:01:12 ip-172-31-38-230.ec2.internal env[16600]: Starting Wazuh v4.9.1...
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-apid...
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-csyslogd...
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-dbd...
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16682]: 2024/10/16 10:01:15 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-integratord...
Oct 16 10:01:15 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-agentlessd...
Oct 16 10:01:16 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-authd...
Oct 16 10:01:17 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-db...
Oct 16 10:01:18 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-execd...
Oct 16 10:01:19 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-analysisd...
Oct 16 10:01:20 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-syscheckd...
Oct 16 10:01:21 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-remoted...
Oct 16 10:01:22 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-logcollector...
Oct 16 10:01:23 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-monitord...
Oct 16 10:01:24 ip-172-31-38-230.ec2.internal env[16905]: 2024/10/16 10:01:24 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 10:01:24 ip-172-31-38-230.ec2.internal env[16905]: 2024/10/16 10:01:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 10:01:25 ip-172-31-38-230.ec2.internal env[16600]: Started wazuh-modulesd...
Oct 16 10:01:27 ip-172-31-38-230.ec2.internal env[16600]: Completed.
Oct 16 10:01:27 ip-172-31-38-230.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3504.
Oct 16 10:06:10 ip-172-31-38-230.ec2.internal systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3947.
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: wazuh-clusterd not running...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-modulesd...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-monitord...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-logcollector...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-remoted...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-syscheckd...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-analysisd...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: wazuh-maild not running...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-execd...
Oct 16 10:06:11 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-db...
Oct 16 10:06:12 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-authd...
Oct 16 10:06:13 ip-172-31-38-230.ec2.internal env[19253]: wazuh-agentlessd not running...
Oct 16 10:06:13 ip-172-31-38-230.ec2.internal env[19253]: wazuh-integratord not running...
Oct 16 10:06:13 ip-172-31-38-230.ec2.internal env[19253]: wazuh-dbd not running...
Oct 16 10:06:13 ip-172-31-38-230.ec2.internal env[19253]: wazuh-csyslogd not running...
Oct 16 10:06:13 ip-172-31-38-230.ec2.internal env[19253]: Killing wazuh-apid...
Oct 16 10:06:14 ip-172-31-38-230.ec2.internal env[19253]: Wazuh v4.9.1 Stopped
Oct 16 10:06:14 ip-172-31-38-230.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Oct 16 10:06:14 ip-172-31-38-230.ec2.internal systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-manager.service has finished.
░░ 
░░ The job identifier is 3947 and the job result is done.
Oct 16 10:06:14 ip-172-31-38-230.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 25.816s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Oct 16 10:06:14 ip-172-31-38-230.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3947.
Oct 16 10:06:17 ip-172-31-38-230.ec2.internal env[19431]: 2024/10/16 10:06:17 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 10:06:17 ip-172-31-38-230.ec2.internal env[19431]: 2024/10/16 10:06:17 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 10:06:18 ip-172-31-38-230.ec2.internal env[19398]: Starting Wazuh v4.9.1...
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-apid...
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-csyslogd...
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-dbd...
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19489]: 2024/10/16 10:06:21 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-integratord...
Oct 16 10:06:21 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-agentlessd...
Oct 16 10:06:22 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-authd...
Oct 16 10:06:23 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-db...
Oct 16 10:06:25 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-execd...
Oct 16 10:06:26 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-analysisd...
Oct 16 10:06:27 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-syscheckd...
Oct 16 10:06:28 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-remoted...
Oct 16 10:06:29 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-logcollector...
Oct 16 10:06:30 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-monitord...
Oct 16 10:06:30 ip-172-31-38-230.ec2.internal env[19703]: 2024/10/16 10:06:30 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 10:06:30 ip-172-31-38-230.ec2.internal env[19703]: 2024/10/16 10:06:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 10:06:31 ip-172-31-38-230.ec2.internal env[19398]: Started wazuh-modulesd...
Oct 16 10:06:33 ip-172-31-38-230.ec2.internal env[19398]: Completed.
Oct 16 10:06:33 ip-172-31-38-230.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3947.

Errors

🟡 IndexerConnector initialization failed for index Related: #25446

[root@ip-172-31-38-230 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/10/16 10:01:24 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-38-230.ec2.internal', retrying until the connection is successful.
2024/10/16 10:06:31 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-38-230.ec2.internal', retrying until the connection is successful.

Amazon Linux 2023 - Offline 🟡

Agent status

[root@ip-172-31-47-133 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:31:17 UTC; 1h 23min ago
      Tasks: 153 (limit: 4581)
     Memory: 1012.4M
        CPU: 2min 40.688s
     CGroup: /system.slice/wazuh-manager.service
             ├─8361 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─8362 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─8365 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─8368 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
             ├─8412 /var/ossec/bin/wazuh-authd
             ├─8429 /var/ossec/bin/wazuh-db
             ├─8454 /var/ossec/bin/wazuh-execd
             ├─8470 /var/ossec/bin/wazuh-analysisd
             ├─8482 /var/ossec/bin/wazuh-syscheckd
             ├─8530 /var/ossec/bin/wazuh-remoted
             ├─8566 /var/ossec/bin/wazuh-logcollector
             ├─8587 /var/ossec/bin/wazuh-monitord
             └─8608 /var/ossec/bin/wazuh-modulesd

Oct 16 09:31:10 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-analysisd...
Oct 16 09:31:11 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-syscheckd...
Oct 16 09:31:12 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-remoted...
Oct 16 09:31:13 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-logcollector...
Oct 16 09:31:14 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-monitord...
Oct 16 09:31:14 ip-172-31-47-133.ec2.internal env[8604]: 2024/10/16 09:31:14 wazuh-modulesd:router: INFO: Loaded router modu>
[root@ip-172-31-47-133 ec2-user]#

Service status

[[root@ip-172-31-47-133 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
Oct 16 09:30:30 ip-172-31-47-133.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3332.
Oct 16 09:30:32 ip-172-31-47-133.ec2.internal env[7285]: 2024/10/16 09:30:32 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:30:32 ip-172-31-47-133.ec2.internal env[7285]: 2024/10/16 09:30:32 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:30:33 ip-172-31-47-133.ec2.internal env[7252]: Starting Wazuh v4.9.1...
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-apid...
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-csyslogd...
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-dbd...
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7334]: 2024/10/16 09:30:37 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-integratord...
Oct 16 09:30:37 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-agentlessd...
Oct 16 09:30:38 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-authd...
Oct 16 09:30:39 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-db...
Oct 16 09:30:40 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-execd...
Oct 16 09:30:41 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-analysisd...
Oct 16 09:30:42 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-syscheckd...
Oct 16 09:30:43 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-remoted...
Oct 16 09:30:44 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-logcollector...
Oct 16 09:30:46 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-monitord...
Oct 16 09:30:46 ip-172-31-47-133.ec2.internal env[7559]: 2024/10/16 09:30:46 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:30:46 ip-172-31-47-133.ec2.internal env[7559]: 2024/10/16 09:30:46 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:30:47 ip-172-31-47-133.ec2.internal env[7252]: Started wazuh-modulesd...
Oct 16 09:30:49 ip-172-31-47-133.ec2.internal env[7252]: Completed.
Oct 16 09:30:49 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3332.
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal systemd[1]: Stopping wazuh-manager.service - Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3488.
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: wazuh-clusterd not running...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-modulesd...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-monitord...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-logcollector...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-remoted...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-syscheckd...
Oct 16 09:30:56 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-analysisd...
Oct 16 09:30:57 ip-172-31-47-133.ec2.internal env[8167]: wazuh-maild not running...
Oct 16 09:30:57 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-execd...
Oct 16 09:30:57 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-db...
Oct 16 09:30:57 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-authd...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: wazuh-agentlessd not running...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: wazuh-integratord not running...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: wazuh-dbd not running...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: wazuh-csyslogd not running...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: Killing wazuh-apid...
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal env[8167]: Wazuh v4.9.1 Stopped
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal systemd[1]: Stopped wazuh-manager.service - Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-manager.service has finished.
░░ 
░░ The job identifier is 3488 and the job result is done.
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal systemd[1]: wazuh-manager.service: Consumed 36.140s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
Oct 16 09:30:58 ip-172-31-47-133.ec2.internal systemd[1]: Starting wazuh-manager.service - Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has begun execution.
░░ 
░░ The job identifier is 3488.
Oct 16 09:31:01 ip-172-31-47-133.ec2.internal env[8331]: 2024/10/16 09:31:01 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:31:01 ip-172-31-47-133.ec2.internal env[8331]: 2024/10/16 09:31:01 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:31:02 ip-172-31-47-133.ec2.internal env[8297]: Starting Wazuh v4.9.1...
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-apid...
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-csyslogd...
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-dbd...
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8390]: 2024/10/16 09:31:05 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-integratord...
Oct 16 09:31:05 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-agentlessd...
Oct 16 09:31:06 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-authd...
Oct 16 09:31:07 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-db...
Oct 16 09:31:08 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-execd...
Oct 16 09:31:10 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-analysisd...
Oct 16 09:31:11 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-syscheckd...
Oct 16 09:31:12 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-remoted...
Oct 16 09:31:13 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-logcollector...
Oct 16 09:31:14 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-monitord...
Oct 16 09:31:14 ip-172-31-47-133.ec2.internal env[8604]: 2024/10/16 09:31:14 wazuh-modulesd:router: INFO: Loaded router module.
Oct 16 09:31:14 ip-172-31-47-133.ec2.internal env[8604]: 2024/10/16 09:31:14 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Oct 16 09:31:15 ip-172-31-47-133.ec2.internal env[8297]: Started wazuh-modulesd...
Oct 16 09:31:17 ip-172-31-47-133.ec2.internal env[8297]: Completed.
Oct 16 09:31:17 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-manager.service - Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-manager.service has finished successfully.
░░ 
░░ The job identifier is 3488.

Errors

🟡 IndexerConnector initialization failed for index Related: #25446
⚠️ Expected timeout error when trying to update the feed because this is an instance with no internet connection.

[root@ip-172-31-47-133 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/10/16 09:30:46 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-47-133.ec2.internal', retrying until the connection is successful.
2024/10/16 09:38:09 wazuh-modulesd:content-updater: ERROR: Action for 'vulnerability_feed_manager' failed: Orchestration run failed: Error -1 from server: Timeout was reached.

[CarlosALgit]

Wazuh Dashboard logs 🟢

Amazon Linux 2023 🟢

Agent status

[root@ip-172-31-39-68 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:37:20 UTC; 1h 24min ago
   Main PID: 9984 (node)
      Tasks: 11 (limit: 4581)
     Memory: 178.9M
        CPU: 23.581s
     CGroup: /system.slice/wazuh-dashboard.service
             └─9984 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist

Oct 16 09:37:53 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeep>
Oct 16 09:37:54 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"response","@timestamp":"2024-10-16T09:37:>
Oct 16 09:40:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z",>
Oct 16 09:40:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z",>
Oct 16 09:45:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:45:00Z",>
Oct 16 10:00:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:00:00Z",>
Oct 16 10:15:02 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:15:02Z",>
Oct 16 10:30:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z",>
Oct 16 10:45:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:45:00Z",>
Oct 16 11:00:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z",>
[root@ip-172-31-39-68 ec2-user]#

Service status

[root@ip-172-31-39-68 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
Oct 16 09:36:09 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 3709.
Oct 16 09:36:30 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:30Z","tags":["info","plugins-service"],"pid":8220,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 09:36:30 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:30Z","tags":["info","plugins-service"],"pid":8220,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 09:36:30 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:30Z","tags":["info","plugins-service"],"pid":8220,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 09:36:30 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:30Z","tags":["info","plugins-service"],"pid":8220,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 09:36:30 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:30Z","tags":["info","plugins-service"],"pid":8220,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 09:36:31 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:31 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:31Z","tags":["info","plugins-system"],"pid":8220,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:32 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:33 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:33 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:36:33 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:33Z","tags":["info","savedobjects-service"],"pid":8220,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 09:36:34 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:34Z","tags":["info","savedobjects-service"],"pid":8220,"message":"Starting saved objects migrations"}
Oct 16 09:36:35 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:35Z","tags":["info","savedobjects-service"],"pid":8220,"message":"Creating index .kibana_1."}
Oct 16 09:36:35 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:35Z","tags":["info","savedobjects-service"],"pid":8220,"message":"Pointing alias .kibana to .kibana_1."}
Oct 16 09:36:35 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:35Z","tags":["info","savedobjects-service"],"pid":8220,"message":"Finished in 709ms."}
Oct 16 09:36:35 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:35Z","tags":["warning","cross-compatibility-service"],"pid":8220,"message":"Starting cross compatibility service"}
Oct 16 09:36:35 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:35Z","tags":["info","plugins-system"],"pid":8220,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:36:36 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:36Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":8220,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Oct 16 09:36:38 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:38Z","tags":["info","plugins","wazuh","initialize"],"pid":8220,"message":"dashboard index: .kibana"}
Oct 16 09:36:38 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:38Z","tags":["info","plugins","wazuh","initialize"],"pid":8220,"message":"App revision: 04"}
Oct 16 09:36:38 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:38Z","tags":["info","plugins","wazuh","initialize"],"pid":8220,"message":"Total RAM: 3840MB"}
Oct 16 09:36:38 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:38Z","tags":["error","opensearch","data"],"pid":8220,"message":"[ResponseError]: Response Error"}
Oct 16 09:36:38 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:38Z","tags":["error","opensearch","data"],"pid":8220,"message":"[ResponseError]: Response Error"}
Oct 16 09:36:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:39Z","tags":["info","plugins","wazuh","monitoring"],"pid":8220,"message":"Updated the wazuh-agent template"}
Oct 16 09:36:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:39Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":8220,"message":"Updated the wazuh-statistics template"}
Oct 16 09:36:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:40Z","tags":["listening","info"],"pid":8220,"message":"Server running at https://0.0.0.0:443"}
Oct 16 09:36:41 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:41Z","tags":["info","http","server","OpenSearchDashboards"],"pid":8220,"message":"http server running at https://0.0.0.0:443"}
Oct 16 09:36:42 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:42Z","tags":["info","plugins","wazuh","monitoring"],"pid":8220,"message":"wazuh-monitoring-2024.42w index created"}
Oct 16 09:36:42 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:36:42Z","tags":["info","plugins","wazuh","monitoring"],"pid":8220,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░ 
░░ The job identifier is 4086.
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal opensearch-dashboards[8220]: {"type":"log","@timestamp":"2024-10-16T09:37:20Z","tags":["info","plugins-system"],"pid":8220,"message":"Stopping all plugins."}
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-dashboard.service has finished.
░░ 
░░ The job identifier is 4086 and the job result is done.
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 14.177s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Oct 16 09:37:20 ip-172-31-39-68.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 4086.
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-service"],"pid":9984,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-service"],"pid":9984,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-service"],"pid":9984,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-service"],"pid":9984,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-service"],"pid":9984,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:39Z","tags":["info","plugins-system"],"pid":9984,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,opensearchUiShared,share,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeTimeline,visTypeVega,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:39 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:40 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:40Z","tags":["info","savedobjects-service"],"pid":9984,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 09:37:41 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:41Z","tags":["info","savedobjects-service"],"pid":9984,"message":"Starting saved objects migrations"}
Oct 16 09:37:41 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:41Z","tags":["warning","cross-compatibility-service"],"pid":9984,"message":"Starting cross compatibility service"}
Oct 16 09:37:41 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:41Z","tags":["info","plugins-system"],"pid":9984,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,opensearchUiShared,share,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeTimeline,visTypeVega,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:37:42 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:42Z","tags":["info","plugins","wazuh","initialize"],"pid":9984,"message":"dashboard index: .kibana"}
Oct 16 09:37:42 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:42Z","tags":["info","plugins","wazuh","initialize"],"pid":9984,"message":"App revision: 04"}
Oct 16 09:37:42 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:42Z","tags":["info","plugins","wazuh","initialize"],"pid":9984,"message":"Total RAM: 3840MB"}
Oct 16 09:37:43 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:43Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Updated the wazuh-agent template"}
Oct 16 09:37:43 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:43Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9984,"message":"Updated the wazuh-statistics template"}
Oct 16 09:37:43 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:43Z","tags":["listening","info"],"pid":9984,"message":"Server running at https://0.0.0.0:443"}
Oct 16 09:37:44 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:44Z","tags":["info","http","server","OpenSearchDashboards"],"pid":9984,"message":"http server running at https://0.0.0.0:443"}
Oct 16 09:37:44 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:37:44Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 09:37:53 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:37:54 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"response","@timestamp":"2024-10-16T09:37:53Z","tags":[],"pid":9984,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":1318,"contentLength":9},"message":"GET /status 200 1318ms - 9.0B"}
Oct 16 09:40:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["error","opensearch","data"],"pid":9984,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.42w/lLUdY-STQrqdKcZ8-eb2Rg] already exists"}
Oct 16 09:40:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":9984,"message":"wazuh-statistics-2024.42w index created"}
Oct 16 09:45:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:00:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:15:02 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:15:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:30:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:45:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 11:00:00 ip-172-31-39-68.ec2.internal opensearch-dashboards[9984]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":9984,"message":"Settings added to wazuh-monitoring-2024.42w index"}

Ubuntu 22 🟢

Agent status

root@ip-172-31-45-134:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-10-16 09:39:35 UTC; 1h 23min ago
   Main PID: 58951 (node)
      Tasks: 11 (limit: 4632)
     Memory: 198.3M
        CPU: 27.653s
     CGroup: /system.slice/wazuh-dashboard.service
             └─58951 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist

Oct 16 09:49:42 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T09:49:42Z","tags">
Oct 16 09:49:56 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T09:49:56Z","tags">
Oct 16 10:00:01 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:00:01Z","tags":["in>
Oct 16 10:12:53 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T10:12:53Z","tags">
Oct 16 10:12:53 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T10:12:53Z","tags">
Oct 16 10:15:02 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:15:02Z","tags":["in>
Oct 16 10:30:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z","tags":["in>
Oct 16 10:45:01 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:45:01Z","tags":["in>
Oct 16 10:50:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"error","@timestamp":"2024-10-16T10:50:00Z","tags":[">
Oct 16 11:00:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z","tags":["in>
root@ip-172-31-45-134:/home/ubuntu#

Service status

root@ip-172-31-45-134:/home/ubuntu# journalctl -xe -u wazuh-dashboard.service --no-pager
Oct 16 09:38:19 ip-172-31-45-134 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 2408.
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:45Z","tags":["info","plugins-service"],"pid":57170,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:45Z","tags":["info","plugins-service"],"pid":57170,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:45Z","tags":["info","plugins-service"],"pid":57170,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:45Z","tags":["info","plugins-service"],"pid":57170,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:45Z","tags":["info","plugins-service"],"pid":57170,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 09:38:45 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:46 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:46Z","tags":["info","plugins-system"],"pid":57170,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:38:46 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:46 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:47 ip-172-31-45-134 opensearch-dashboards[57170]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:38:48 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:48Z","tags":["info","savedobjects-service"],"pid":57170,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 09:38:49 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:49Z","tags":["info","savedobjects-service"],"pid":57170,"message":"Starting saved objects migrations"}
Oct 16 09:38:49 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:49Z","tags":["info","savedobjects-service"],"pid":57170,"message":"Creating index .kibana_1."}
Oct 16 09:38:49 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:49Z","tags":["info","savedobjects-service"],"pid":57170,"message":"Pointing alias .kibana to .kibana_1."}
Oct 16 09:38:50 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:50Z","tags":["info","savedobjects-service"],"pid":57170,"message":"Finished in 811ms."}
Oct 16 09:38:50 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:50Z","tags":["warning","cross-compatibility-service"],"pid":57170,"message":"Starting cross compatibility service"}
Oct 16 09:38:50 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:50Z","tags":["info","plugins-system"],"pid":57170,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:38:50 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:50Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":57170,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Oct 16 09:38:53 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:53Z","tags":["info","plugins","wazuh","initialize"],"pid":57170,"message":"dashboard index: .kibana"}
Oct 16 09:38:53 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:53Z","tags":["info","plugins","wazuh","initialize"],"pid":57170,"message":"App revision: 04"}
Oct 16 09:38:53 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:53Z","tags":["info","plugins","wazuh","initialize"],"pid":57170,"message":"Total RAM: 3876MB"}
Oct 16 09:38:53 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:53Z","tags":["error","opensearch","data"],"pid":57170,"message":"[ResponseError]: Response Error"}
Oct 16 09:38:53 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:53Z","tags":["error","opensearch","data"],"pid":57170,"message":"[ResponseError]: Response Error"}
Oct 16 09:38:55 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:55Z","tags":["info","plugins","wazuh","monitoring"],"pid":57170,"message":"Updated the wazuh-agent template"}
Oct 16 09:38:55 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:55Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":57170,"message":"Updated the wazuh-statistics template"}
Oct 16 09:38:55 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:55Z","tags":["listening","info"],"pid":57170,"message":"Server running at https://0.0.0.0:443"}
Oct 16 09:38:56 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:56Z","tags":["info","http","server","OpenSearchDashboards"],"pid":57170,"message":"http server running at https://0.0.0.0:443"}
Oct 16 09:38:57 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:57Z","tags":["info","plugins","wazuh","monitoring"],"pid":57170,"message":"wazuh-monitoring-2024.42w index created"}
Oct 16 09:38:57 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:38:57Z","tags":["info","plugins","wazuh","monitoring"],"pid":57170,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 09:39:35 ip-172-31-45-134 opensearch-dashboards[57170]: {"type":"log","@timestamp":"2024-10-16T09:39:35Z","tags":["info","plugins-system"],"pid":57170,"message":"Stopping all plugins."}
Oct 16 09:39:35 ip-172-31-45-134 systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░ 
░░ The job identifier is 2669.
Oct 16 09:39:35 ip-172-31-45-134 systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Oct 16 09:39:35 ip-172-31-45-134 systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A stop job for unit wazuh-dashboard.service has finished.
░░ 
░░ The job identifier is 2669 and the job result is done.
Oct 16 09:39:35 ip-172-31-45-134 systemd[1]: wazuh-dashboard.service: Consumed 16.953s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Oct 16 09:39:35 ip-172-31-45-134 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 2669.
Oct 16 09:39:54 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:54Z","tags":["info","plugins-service"],"pid":58951,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 09:39:54 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:54Z","tags":["info","plugins-service"],"pid":58951,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 09:39:54 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:54Z","tags":["info","plugins-service"],"pid":58951,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 09:39:54 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:54Z","tags":["info","plugins-service"],"pid":58951,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 09:39:54 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:54Z","tags":["info","plugins-service"],"pid":58951,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:55Z","tags":["info","plugins-system"],"pid":58951,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:55 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:56 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:56 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:56 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:39:56 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:56Z","tags":["info","savedobjects-service"],"pid":58951,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 09:39:56 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:56Z","tags":["info","savedobjects-service"],"pid":58951,"message":"Starting saved objects migrations"}
Oct 16 09:39:57 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:57Z","tags":["warning","cross-compatibility-service"],"pid":58951,"message":"Starting cross compatibility service"}
Oct 16 09:39:57 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:57Z","tags":["info","plugins-system"],"pid":58951,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:39:58 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:58Z","tags":["info","plugins","wazuh","initialize"],"pid":58951,"message":"dashboard index: .kibana"}
Oct 16 09:39:58 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:58Z","tags":["info","plugins","wazuh","initialize"],"pid":58951,"message":"App revision: 04"}
Oct 16 09:39:58 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:58Z","tags":["info","plugins","wazuh","initialize"],"pid":58951,"message":"Total RAM: 3876MB"}
Oct 16 09:39:59 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:59Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58951,"message":"Updated the wazuh-statistics template"}
Oct 16 09:39:59 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:59Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Updated the wazuh-agent template"}
Oct 16 09:39:59 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:39:59Z","tags":["listening","info"],"pid":58951,"message":"Server running at https://0.0.0.0:443"}
Oct 16 09:40:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["info","http","server","OpenSearchDashboards"],"pid":58951,"message":"http server running at https://0.0.0.0:443"}
Oct 16 09:40:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 09:40:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["error","opensearch","data"],"pid":58951,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.42w/hsur_lZJT5CPdZ5U51xYoQ] already exists"}
Oct 16 09:40:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:40:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":58951,"message":"wazuh-statistics-2024.42w index created"}
Oct 16 09:40:09 ip-172-31-45-134 opensearch-dashboards[58951]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:40:09 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T09:40:09Z","tags":[],"pid":58951,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.81.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.81.0"},"res":{"statusCode":200,"responseTime":486,"contentLength":9},"message":"GET /status 200 486ms - 9.0B"}
Oct 16 09:45:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 09:49:42 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T09:49:42Z","tags":[],"pid":58951,"method":"get","statusCode":401,"req":{"url":"/baseProj/images/favicon.ico","method":"get","headers":{"host":"54.237.245.16","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"185.180.140.106","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":401,"responseTime":7,"contentLength":9},"message":"GET /baseProj/images/favicon.ico 401 7ms - 9.0B"}
Oct 16 09:49:56 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T09:49:56Z","tags":[],"pid":58951,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"54.237.245.16","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"185.180.140.5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /favicon.ico 401 3ms - 9.0B"}
Oct 16 10:00:01 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:12:53 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T10:12:53Z","tags":[],"pid":58951,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.237.245.16","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"3.70.127.93","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"}
Oct 16 10:12:53 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"response","@timestamp":"2024-10-16T10:12:53Z","tags":[],"pid":58951,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.237.245.16","user-agent":"Opera/9.51 Beta (Microsoft Windows; PPC; Opera Mobi/1718; U; en)","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"3.70.127.93","userAgent":"Opera/9.51 Beta (Microsoft Windows; PPC; Opera Mobi/1718; U; en)"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"}
Oct 16 10:15:02 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:15:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:30:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:45:01 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T10:45:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:50:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"error","@timestamp":"2024-10-16T10:50:00Z","tags":["connection","client","error"],"pid":58951,"level":"error","error":{"message":"00D87078557F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","name":"Error","stack":"Error: 00D87078557F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","code":"ERR_SSL_NO_SUITABLE_SIGNATURE_ALGORITHM"},"message":"00D87078557F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n"}
Oct 16 11:00:00 ip-172-31-45-134 opensearch-dashboards[58951]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":58951,"message":"Settings added to wazuh-monitoring-2024.42w index"}

RHEL 9 🟢

Agent status

[root@ip-172-31-38-230 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 10:06:36 UTC; 57min ago
   Main PID: 20078 (node)
      Tasks: 11 (limit: 22632)
     Memory: 208.6M
        CPU: 21.116s
     CGroup: /system.slice/wazuh-dashboard.service
             └─20078 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist

Oct 16 10:07:43 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKe>
Oct 16 10:07:44 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"response","@timestamp":"2024-10-16T10:0>
Oct 16 10:10:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:10:00Z>
Oct 16 10:10:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:10:00Z>
Oct 16 10:15:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:15:00Z>
Oct 16 10:27:21 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"error","@timestamp":"2024-10-16T10:27:2>
Oct 16 10:30:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z>
Oct 16 10:39:07 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"response","@timestamp":"2024-10-16T10:3>
Oct 16 10:45:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:45:00Z>
Oct 16 11:00:01 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T11:00:01Z>
[root@ip-172-31-38-230 ec2-user]#

Service status

[root@ip-172-31-38-230 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
Oct 16 10:05:40 ip-172-31-38-230.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 3686.
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:56Z","tags":["info","plugins-service"],"pid":18670,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:56Z","tags":["info","plugins-service"],"pid":18670,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:56Z","tags":["info","plugins-service"],"pid":18670,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:56Z","tags":["info","plugins-service"],"pid":18670,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:56Z","tags":["info","plugins-service"],"pid":18670,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 10:05:56 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:57Z","tags":["info","plugins-system"],"pid":18670,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,opensearchUiShared,share,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTable,visTypeTimeline,visBuilder,visTypeMarkdown,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh]"}
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:57 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:58 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:05:58 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:58Z","tags":["info","savedobjects-service"],"pid":18670,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 10:05:59 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:59Z","tags":["info","savedobjects-service"],"pid":18670,"message":"Starting saved objects migrations"}
Oct 16 10:05:59 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:05:59Z","tags":["info","savedobjects-service"],"pid":18670,"message":"Creating index .kibana_1."}
Oct 16 10:06:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:00Z","tags":["info","savedobjects-service"],"pid":18670,"message":"Pointing alias .kibana to .kibana_1."}
Oct 16 10:06:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:00Z","tags":["info","savedobjects-service"],"pid":18670,"message":"Finished in 1151ms."}
Oct 16 10:06:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:00Z","tags":["warning","cross-compatibility-service"],"pid":18670,"message":"Starting cross compatibility service"}
Oct 16 10:06:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:00Z","tags":["info","plugins-system"],"pid":18670,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,opensearchUiShared,share,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTable,visTypeTimeline,visBuilder,visTypeMarkdown,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh]"}
Oct 16 10:06:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:00Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":18670,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Oct 16 10:06:01 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:01Z","tags":["info","plugins","wazuh","initialize"],"pid":18670,"message":"dashboard index: .kibana"}
Oct 16 10:06:01 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:01Z","tags":["info","plugins","wazuh","initialize"],"pid":18670,"message":"App revision: 04"}
Oct 16 10:06:01 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:01Z","tags":["info","plugins","wazuh","initialize"],"pid":18670,"message":"Total RAM: 3615MB"}
Oct 16 10:06:02 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:02Z","tags":["error","opensearch","data"],"pid":18670,"message":"[ResponseError]: Response Error"}
Oct 16 10:06:02 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:02Z","tags":["error","opensearch","data"],"pid":18670,"message":"[ResponseError]: Response Error"}
Oct 16 10:06:02 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:02Z","tags":["listening","info"],"pid":18670,"message":"Server running at https://0.0.0.0:443"}
Oct 16 10:06:03 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:03Z","tags":["info","http","server","OpenSearchDashboards"],"pid":18670,"message":"http server running at https://0.0.0.0:443"}
Oct 16 10:06:03 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:03Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":18670,"message":"Updated the wazuh-statistics template"}
Oct 16 10:06:03 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:03Z","tags":["info","plugins","wazuh","monitoring"],"pid":18670,"message":"Updated the wazuh-agent template"}
Oct 16 10:06:04 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:04Z","tags":["info","plugins","wazuh","monitoring"],"pid":18670,"message":"wazuh-monitoring-2024.42w index created"}
Oct 16 10:06:04 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:04Z","tags":["info","plugins","wazuh","monitoring"],"pid":18670,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░ 
░░ The job identifier is 4038.
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal opensearch-dashboards[18670]: {"type":"log","@timestamp":"2024-10-16T10:06:36Z","tags":["info","plugins-system"],"pid":18670,"message":"Stopping all plugins."}
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A stop job for unit wazuh-dashboard.service has finished.
░░ 
░░ The job identifier is 4038 and the job result is done.
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 13.914s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Oct 16 10:06:36 ip-172-31-38-230.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 4038.
Oct 16 10:07:22 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:22Z","tags":["info","plugins-service"],"pid":20078,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 10:07:22 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:22Z","tags":["info","plugins-service"],"pid":20078,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 10:07:22 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:22Z","tags":["info","plugins-service"],"pid":20078,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 10:07:22 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:22Z","tags":["info","plugins-service"],"pid":20078,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 10:07:22 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:22Z","tags":["info","plugins-service"],"pid":20078,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 10:07:23 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:23 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:23Z","tags":["info","plugins-system"],"pid":20078,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,mapsLegacy,opensearchDashboardsLegacy,share,opensearchUiShared,embeddable,legacyExport,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTable,visTypeTimeline,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeTimeseries,visTypeVislib,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 10:07:23 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:23 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:24 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:24Z","tags":["info","savedobjects-service"],"pid":20078,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 10:07:25 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:25Z","tags":["info","savedobjects-service"],"pid":20078,"message":"Starting saved objects migrations"}
Oct 16 10:07:25 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:25Z","tags":["warning","cross-compatibility-service"],"pid":20078,"message":"Starting cross compatibility service"}
Oct 16 10:07:25 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:25Z","tags":["info","plugins-system"],"pid":20078,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,mapsLegacy,opensearchDashboardsLegacy,share,opensearchUiShared,embeddable,legacyExport,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTable,visTypeTimeline,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeTimeseries,visTypeVislib,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 10:07:28 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:28Z","tags":["info","plugins","wazuh","initialize"],"pid":20078,"message":"dashboard index: .kibana"}
Oct 16 10:07:28 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:28Z","tags":["info","plugins","wazuh","initialize"],"pid":20078,"message":"App revision: 04"}
Oct 16 10:07:28 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:28Z","tags":["info","plugins","wazuh","initialize"],"pid":20078,"message":"Total RAM: 3615MB"}
Oct 16 10:07:28 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:28Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Updated the wazuh-agent template"}
Oct 16 10:07:29 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:29Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20078,"message":"Updated the wazuh-statistics template"}
Oct 16 10:07:30 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:30Z","tags":["listening","info"],"pid":20078,"message":"Server running at https://0.0.0.0:443"}
Oct 16 10:07:30 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:30Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20078,"message":"http server running at https://0.0.0.0:443"}
Oct 16 10:07:30 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:07:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:07:43 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 10:07:44 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"response","@timestamp":"2024-10-16T10:07:43Z","tags":[],"pid":20078,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.76.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.76.1"},"res":{"statusCode":200,"responseTime":1106,"contentLength":9},"message":"GET /status 200 1106ms - 9.0B"}
Oct 16 10:10:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:10:00Z","tags":["error","opensearch","data"],"pid":20078,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.42w/eGU_Idm0Q8exH8x-SSJcew] already exists"}
Oct 16 10:10:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:10:00Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":20078,"message":"wazuh-statistics-2024.42w index created"}
Oct 16 10:15:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:27:21 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"error","@timestamp":"2024-10-16T10:27:21Z","tags":["connection","client","error"],"pid":20078,"level":"error","error":{"message":"00C8292B8C7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","name":"Error","stack":"Error: 00C8292B8C7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","code":"ERR_SSL_NO_SUITABLE_SIGNATURE_ALGORITHM"},"message":"00C8292B8C7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n"}
Oct 16 10:30:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:39:07 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"response","@timestamp":"2024-10-16T10:39:07Z","tags":[],"pid":20078,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.210.119.14","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"44.234.252.20","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"},"res":{"statusCode":302,"responseTime":11,"contentLength":9},"message":"GET / 302 11ms - 9.0B"}
Oct 16 10:45:00 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T10:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 11:00:01 ip-172-31-38-230.ec2.internal opensearch-dashboards[20078]: {"type":"log","@timestamp":"2024-10-16T11:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":20078,"message":"Settings added to wazuh-monitoring-2024.42w index"}

Amazon Linux 2023 - Offline 🟢

Agent status

[root@ip-172-31-47-133 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
     Active: active (running) since Wed 2024-10-16 09:34:24 UTC; 1h 30min ago
   Main PID: 10970 (node)
      Tasks: 11 (limit: 4581)
     Memory: 192.9M
        CPU: 22.693s
     CGroup: /system.slice/wazuh-dashboard.service
             └─10970 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist

Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:0>
Oct 16 10:30:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z>
Oct 16 10:45:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:45:02Z>
Oct 16 10:54:46 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:5>
Oct 16 11:00:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z>
[root@ip-172-31-47-133 ec2-user]#

Service status

[root@ip-172-31-47-133 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager -n 100
Oct 16 09:34:21 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 3792.
Oct 16 09:34:24 ip-172-31-47-133.ec2.internal systemd[1]: Stopping wazuh-dashboard.service - wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░ 
░░ The job identifier is 3865.
Oct 16 09:34:24 ip-172-31-47-133.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
Oct 16 09:34:24 ip-172-31-47-133.ec2.internal systemd[1]: Stopped wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A stop job for unit wazuh-dashboard.service has finished.
░░ 
░░ The job identifier is 3865 and the job result is done.
Oct 16 09:34:24 ip-172-31-47-133.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 2.273s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
Oct 16 09:34:24 ip-172-31-47-133.ec2.internal systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░ 
░░ The job identifier is 3865.
Oct 16 09:34:33 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:33Z","tags":["info","plugins-service"],"pid":10970,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Oct 16 09:34:33 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:33Z","tags":["info","plugins-service"],"pid":10970,"message":"Plugin \"applicationConfig\" is disabled."}
Oct 16 09:34:33 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:33Z","tags":["info","plugins-service"],"pid":10970,"message":"Plugin \"cspHandler\" is disabled."}
Oct 16 09:34:33 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:33Z","tags":["info","plugins-service"],"pid":10970,"message":"Plugin \"dataSource\" is disabled."}
Oct 16 09:34:33 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:33Z","tags":["info","plugins-service"],"pid":10970,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:34Z","tags":["info","plugins-system"],"pid":10970,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:34 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:34Z","tags":["info","savedobjects-service"],"pid":10970,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["info","savedobjects-service"],"pid":10970,"message":"Starting saved objects migrations"}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["info","savedobjects-service"],"pid":10970,"message":"Creating index .kibana_1."}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["info","savedobjects-service"],"pid":10970,"message":"Pointing alias .kibana to .kibana_1."}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["info","savedobjects-service"],"pid":10970,"message":"Finished in 292ms."}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["warning","cross-compatibility-service"],"pid":10970,"message":"Starting cross compatibility service"}
Oct 16 09:34:35 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:35Z","tags":["info","plugins-system"],"pid":10970,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["info","plugins","wazuhCore","configuration-store"],"pid":10970,"message":"Configuration file was created [/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["info","plugins","wazuh","initialize"],"pid":10970,"message":"dashboard index: .kibana"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["info","plugins","wazuh","initialize"],"pid":10970,"message":"App revision: 04"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["info","plugins","wazuh","initialize"],"pid":10970,"message":"Total RAM: 3840MB"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["error","opensearch","data"],"pid":10970,"message":"[ResponseError]: Response Error"}
Oct 16 09:34:36 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:36Z","tags":["error","opensearch","data"],"pid":10970,"message":"[ResponseError]: Response Error"}
Oct 16 09:34:37 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:37Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Updated the wazuh-agent template"}
Oct 16 09:34:37 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:37Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":10970,"message":"Updated the wazuh-statistics template"}
Oct 16 09:34:37 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:37Z","tags":["listening","info"],"pid":10970,"message":"Server running at https://0.0.0.0:443"}
Oct 16 09:34:37 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:37Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10970,"message":"http server running at https://0.0.0.0:443"}
Oct 16 09:34:37 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:34:37Z","tags":["error","plugins","wazuh","monitoring"],"pid":10970,"message":"Request failed with status code 401"}
Oct 16 09:34:44 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
Oct 16 09:34:45 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T09:34:44Z","tags":[],"pid":10970,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"127.0.0.1","user-agent":"curl/8.5.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.5.0"},"res":{"statusCode":200,"responseTime":969,"contentLength":9},"message":"GET /status 200 969ms - 9.0B"}
Oct 16 09:35:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:35:01Z","tags":["error","opensearch","data"],"pid":10970,"message":"[resource_already_exists_exception]: index [wazuh-statistics-2024.42w/JQ5X4T5uTMuqi2vbkGLIWQ] already exists"}
Oct 16 09:35:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:35:01Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":10970,"message":"wazuh-statistics-2024.42w index created"}
Oct 16 09:45:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"wazuh-monitoring-2024.42w index created"}
Oct 16 09:45:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T09:45:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:00:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:00:01Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:03:07 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:03:07Z","tags":[],"pid":10970,"method":"get","statusCode":401,"req":{"url":"/baseProj/images/favicon.ico","method":"get","headers":{"host":"18.206.222.247","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"185.180.140.105","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /baseProj/images/favicon.ico 401 6ms - 9.0B"}
Oct 16 10:03:24 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:03:24Z","tags":[],"pid":10970,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"18.206.222.247","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"185.180.140.106","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /favicon.ico 401 2ms - 9.0B"}
Oct 16 10:15:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:15:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:22:22 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:22:22Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n","code":"ERR_SSL_NO_SUITABLE_SIGNATURE_ALGORITHM"},"message":"008883649D7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../deps/openssl/openssl/ssl/t1_lib.c:3340:\n"}
Oct 16 10:25:58 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:25:58Z","tags":[],"pid":10970,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.206.222.247","user-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"98.96.193.29","userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"}
Oct 16 10:25:58 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:25:58Z","tags":[],"pid":10970,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"18.206.222.247","user-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36","accept":"*/*","referer":"https://18.206.222.247/","accept-encoding":"gzip"},"remoteAddress":"98.96.193.29","userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36","referer":"https://18.206.222.247/"},"res":{"statusCode":200,"responseTime":41,"contentLength":9},"message":"GET /app/login 200 41ms - 9.0B"}
Oct 16 10:26:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:00Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:01Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"008883649D7F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:01Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"008883649D7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
Oct 16 10:26:01 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:01Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","code":"ERR_SSL_UNKNOWN_PROTOCOL"},"message":"008883649D7F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n"}
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:02Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:02Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Oct 16 10:26:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"error","@timestamp":"2024-10-16T10:26:02Z","tags":["connection","client","error"],"pid":10970,"level":"error","error":{"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: 008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"008883649D7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
Oct 16 10:30:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:30:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:45:02 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T10:45:02Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}
Oct 16 10:54:46 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"response","@timestamp":"2024-10-16T10:54:46Z","tags":[],"pid":10970,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"18.206.222.247","user-agent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A5010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"44.234.252.20","userAgent":"Mozilla/5.0 (Linux; Android 9; ONEPLUS A5010) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}
Oct 16 11:00:00 ip-172-31-47-133.ec2.internal opensearch-dashboards[10970]: {"type":"log","@timestamp":"2024-10-16T11:00:00Z","tags":["info","plugins","wazuh","monitoring"],"pid":10970,"message":"Settings added to wazuh-monitoring-2024.42w index"}

[CarlosALgit]

Additional tests 🟢

Accessing Wazuh web interface

Amazon Linux 2023 🟢

Landing page

About

Ubuntu 22 🟢

Landing page

About

RHEL 9 🟢

Landing page

About

Amazon Linux 2023 - Offline 🟢

Landing page

About