Release 4.8.0 - RC 2 - E2E UX tests - Demo environment

[davidjiglesias]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by May 15, 2024 and notify the @wazuh/devel-devops team via Slack using the c-release channel
• Review: The @wazuh/devel-devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by May 16, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by May 17, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer
Server
Dashboard		-
Agent		-

Test description

Test demo.wazuh.info environment:

• Check that there are no errors in the manager, agent, cluster, indexer, and dashboard logs.
• Check that the Wazuh daemons are running with the expected user.
• Check that the status of the indexer cluster is the expected.
• Check that there are no errors in the browser's developer console when browsing the App.
• Check that there are alerts for each of the modules configured.
• Check that no warning symbols appear in the browser's developer console when browsing the App
• Generate an alert and check that this alert appears in the dashboard (end to end)
• Check that the search engine works without specifying a field and using *

To access the demo environment, please contact @devel-devops.

Known issues

• Warnings and errors when logging out of the app wazuh-dashboard-plugins#4108
• Multiple unexpected warning during Wazuh app session wazuh-dashboard-plugins#4092
• Warnings messages when checking Wazuh-Indexer status wazuh-packages#1749
• Logcollector attempts messages when a file doesn't exist should be info until the last attempt #13253
• [Development] Windows 2012 R2 Wazuh agent can't subscribe to Windows Defender events #5214
• Reconnect time does not work when system time changed #8580
• Wazuh does not reconnect to Windows event log if the service is down at the start #8581
• ChunkLoadError, Loading chunk 4 failed. wazuh-dashboard-plugins#4406
• highlight.js is EOL wazuh-dashboard-plugins#4407
• Agent information cannot be parsed #14710
• Map rendering Uncaught TypeError: bounds is null wazuh-dashboard-plugins#4232
• Disabled plugins shouldn't appear in More menu wazuh-dashboard-plugins#4074
• Console error when I have an agent selected and environment change wazuh-dashboard-plugins#5745
• OpenSearch modifies log files permissions wazuh-packages#2139
• SUSE OVAL feeds download are too slow #18593
• Multiple unexpected Errors during Wazuh app session wazuh-dashboard-plugins#5821
• https://github.com/wazuh/wazuh-automation/issues/1113
• Does not show events in the 'Docker Listener', 'VirusTotal' and 'System Auditing' Modules when they are enabled wazuh-dashboard-plugins#5749
• The search with (*) does not return all the expected results. wazuh-dashboard-plugins#5750
• https://github.com/wazuh/wazuh-dashboard-plugins/4121
• https://github.com/wazuh/wazuh-dashboard-plugins/5332
• https://github.com/wazuh/wazuh-dashboard-plugins/6022
• https://github.com/wazuh/wazuh-automation/issues/1369
• https://github.com/wazuh/wazuh-dashboard-plugins/6023
• Unexpected Canvas2D warning in HIPAA module wazuh-dashboard-plugins#6182
• The page freezes and shows a notable delay in the response of the elements wazuh-dashboard-plugins#6216
• Premature IndexerConnector warnings generated #21829

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure Type	Notes
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	#13253
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Errors and Warning Logs	wazuh/wazuh-packages#2685
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#4092
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#4108
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#4121
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#5332
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#5821
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#5869
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#6022
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#6318
🟡	Check Browser's Developer Console for Errors While Browsing the App	Console Errors and Warning Messages	wazuh/wazuh-dashboard-plugins#6320
🟡	Check that there are Alerts for each of the Modules Configured	Docker is not installed on the agents	None
🟡	Check that there are Alerts for each of the Modules Configured	Unecessary ENV2 Virus Total Setting	https://github.com/wazuh/wazuh-automation/issues/1369

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Yes, the information has been clear enough.
• Did you face any challenges not covered by the guideline?
  • No
• Suggestions for improvement:
  • I have no suggestions, I think the steps are good and clear enough to follow.

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• @davidjiglesias
• @wazuh/devel-devops

[rafabailon]

Note

Blocked until the environments are ready to start with the issue

[rafabailon]

The available machines are:

Agents

• Amazon
• Centos
• Debian
• RHEL9
• Ubuntu
• Windows

Dashboard

• WazuhDashboard

Indexers

• IndexerBootstrap
• IndexerMasterB
• IndexerMasterC
• WazuhDashboard

Managers

• WazuhMasterEnv1
• WazuhMasterEnv2
• WazuhWorker

[rafabailon]

Check Agent, Dashboard, Indexer, and Manager Logs 🟡

Agent Logs

Amazon 🟢

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Agent Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="agent"

Agent Status

systemctl status wazuh-agent -l
   ● wazuh-agent.service - Wazuh agent
      Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 09:04:32 UTC; 22h ago
     Process: 9624 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
     Process: 9762 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
      CGroup: /system.slice/wazuh-agent.service
              ├─11195 /var/ossec/bin/wazuh-execd
              ├─11207 /var/ossec/bin/wazuh-agentd
              ├─11222 /var/ossec/bin/wazuh-syscheckd
              ├─11238 /var/ossec/bin/wazuh-logcollector
              └─11256 /var/ossec/bin/wazuh-modulesd

   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0...
   May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd...
   May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd...
   May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd...
   May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector...
   May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd...
   May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed.
   May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
   May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root)

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-modulesd is running...
   wazuh-logcollector is running...
   wazuh-syscheckd is running...
   wazuh-agentd is running...
   wazuh-execd is running...

Service Status

journalctl -xe -u wazuh-agent.service
   May 15 09:04:17 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
   -- Subject: Unit wazuh-agent.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-agent.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
   -- Subject: Unit wazuh-agent.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-agent.service has begun shutting down.
   May 15 09:04:21 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-modulesd...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-logcollector...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-syscheckd...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-agentd...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Killing wazuh-execd...
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9624]: Wazuh v4.8.0 Stopped
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
   -- Subject: Unit wazuh-agent.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-agent.service has finished shutting down.
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   -- Subject: Unit wazuh-agent.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-agent.service has begun starting up.
   May 15 09:04:25 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Starting Wazuh v4.8.0...
   May 15 09:04:26 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-execd...
   May 15 09:04:27 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-agentd...
   May 15 09:04:28 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-syscheckd...
   May 15 09:04:29 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-logcollector...
   May 15 09:04:30 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Started wazuh-modulesd...
   May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal env[9762]: Completed.
   May 15 09:04:32 ip-10-0-1-38.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
   -- Subject: Unit wazuh-agent.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-agent.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 09:04:39 ip-10-0-1-38.us-west-1.compute.internal crontab[10283]: (root) LIST (root)

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

Centos 🟢

System information

cat /etc/*release
   CentOS Linux release 8.4.2105
   NAME="CentOS Linux"
   VERSION="8"
   ID="centos"
   ID_LIKE="rhel fedora"
   VERSION_ID="8"
   PLATFORM_ID="platform:el8"
   PRETTY_NAME="CentOS Linux 8"
   ANSI_COLOR="0;31"
   CPE_NAME="cpe:/o:centos:centos:8"
   HOME_URL="https://centos.org/"
   BUG_REPORT_URL="https://bugs.centos.org/"
   CENTOS_MANTISBT_PROJECT="CentOS-8"
   CENTOS_MANTISBT_PROJECT_VERSION="8"
   CentOS Linux release 8.4.2105
   CentOS Linux release 8.4.2105

Agent Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="agent"

Agent Status

systemctl status wazuh-agent -l
   ● wazuh-agent.service - Wazuh agent
      Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 09:06:32 UTC; 22h ago
     Process: 7982 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
     Process: 8375 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
       Tasks: 32 (limit: 4668)
      Memory: 356.8M
      CGroup: /system.slice/wazuh-agent.service
              ├─9753 /var/ossec/bin/wazuh-execd
              ├─9765 /var/ossec/bin/wazuh-agentd
              ├─9780 /var/ossec/bin/wazuh-syscheckd
              ├─9795 /var/ossec/bin/wazuh-logcollector
              └─9812 /var/ossec/bin/wazuh-modulesd

   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0...
   May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd...
   May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd...
   May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd...
   May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector...
   May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd...
   May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed.
   May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-modulesd is running...
   wazuh-logcollector is running...
   wazuh-syscheckd is running...
   wazuh-agentd is running...
   wazuh-execd is running...

Service Status

journalctl -xe -u wazuh-agent.service
   -- Unit wazuh-agent.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 09:06:20 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
   -- Subject: Unit wazuh-agent.service has begun shutting down
   -- Defined-By: systemd
   -- Support: https://access.redhat.com/support
   --
   -- Unit wazuh-agent.service has begun shutting down.
   May 15 09:06:21 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-modulesd...
   May 15 09:06:24 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-logcollector...
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-syscheckd...
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-agentd...
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Killing wazuh-execd...
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[7982]: Wazuh v4.8.0 Stopped
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Succeeded.
   -- Subject: Unit succeeded
   -- Defined-By: systemd
   -- Support: https://access.redhat.com/support
   --
   -- The unit wazuh-agent.service has successfully entered the 'dead' state.
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
   -- Subject: Unit wazuh-agent.service has finished shutting down
   -- Defined-By: systemd
   -- Support: https://access.redhat.com/support
   --
   -- Unit wazuh-agent.service has finished shutting down.
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   -- Subject: Unit wazuh-agent.service has begun start-up
   -- Defined-By: systemd
   -- Support: https://access.redhat.com/support
   --
   -- Unit wazuh-agent.service has begun starting up.
   May 15 09:06:25 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Starting Wazuh v4.8.0...
   May 15 09:06:26 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-execd...
   May 15 09:06:27 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-agentd...
   May 15 09:06:28 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-syscheckd...
   May 15 09:06:29 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-logcollector...
   May 15 09:06:30 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Started wazuh-modulesd...
   May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal env[8375]: Completed.
   May 15 09:06:32 ip-10-0-1-143.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
   -- Subject: Unit wazuh-agent.service has finished start-up
   -- Defined-By: systemd
   -- Support: https://access.redhat.com/support
   --
   -- Unit wazuh-agent.service has finished starting up.
   --
   -- The start-up result is done.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

Debian 🟢

System information

cat /etc/*release
   ID="ec2"
   VERSION="20220503-998"
   PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
   NAME="Debian GNU/Linux"
   VERSION_ID="11"
   VERSION="11 (bullseye)"
   VERSION_CODENAME=bullseye
   ID=debian
   HOME_URL="https://www.debian.org/"
   SUPPORT_URL="https://www.debian.org/support"
   BUG_REPORT_URL="https://bugs.debian.org/"

Agent Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="agent"

Agent Status

systemctl status wazuh-agent -l
   ● wazuh-agent.service - Wazuh agent
        Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
        Active: active (running) since Wed 2024-05-15 09:04:52 UTC; 22h ago
         Tasks: 32 (limit: 1123)
        Memory: 46.8M
           CPU: 1min 54.756s
        CGroup: /system.slice/wazuh-agent.service
                ├─9771 /var/ossec/bin/wazuh-execd
                ├─9782 /var/ossec/bin/wazuh-agentd
                ├─9796 /var/ossec/bin/wazuh-syscheckd
                ├─9811 /var/ossec/bin/wazuh-logcollector
                └─9830 /var/ossec/bin/wazuh-modulesd

   May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent...
   May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0...
   May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd...
   May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd...
   May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd...
   May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector...
   May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd...
   May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed.
   May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-modulesd is running...
   wazuh-logcollector is running...
   wazuh-syscheckd is running...
   wazuh-agentd is running...
   wazuh-execd is running...

Service Status

journalctl -xe -u wazuh-agent.service
   May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-logcollector...
   May 15 09:04:44 ip-10-0-1-76 env[7226]: Killing wazuh-syscheckd...
   May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-agentd...
   May 15 09:04:45 ip-10-0-1-76 env[7226]: Killing wazuh-execd...
   May 15 09:04:45 ip-10-0-1-76 env[7226]: Wazuh v4.8.0 Stopped
   May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Succeeded.
   ░░ Subject: Unit succeeded
   ░░ Defined-By: systemd
   ░░ Support: https://www.debian.org/support
   ░░
   ░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
   May 15 09:04:45 ip-10-0-1-76 systemd[1]: Stopped Wazuh agent.
   ░░ Subject: A stop job for unit wazuh-agent.service has finished
   ░░ Defined-By: systemd
   ░░ Support: https://www.debian.org/support
   ░░
   ░░ A stop job for unit wazuh-agent.service has finished.
   ░░
   ░░ The job identifier is 3515 and the job result is done.
   May 15 09:04:45 ip-10-0-1-76 systemd[1]: wazuh-agent.service: Consumed 18.921s CPU time.
   ░░ Subject: Resources consumed by unit runtime
   ░░ Defined-By: systemd
   ░░ Support: https://www.debian.org/support
   ░░
   ░░ The unit wazuh-agent.service completed and consumed the indicated resources.
   May 15 09:04:45 ip-10-0-1-76 systemd[1]: Starting Wazuh agent...
   ░░ Subject: A start job for unit wazuh-agent.service has begun execution
   ░░ Defined-By: systemd
   ░░ Support: https://www.debian.org/support
   ░░
   ░░ A start job for unit wazuh-agent.service has begun execution.
   ░░
   ░░ The job identifier is 3515.
   May 15 09:04:45 ip-10-0-1-76 env[7774]: Starting Wazuh v4.8.0...
   May 15 09:04:46 ip-10-0-1-76 env[7774]: Started wazuh-execd...
   May 15 09:04:47 ip-10-0-1-76 env[7774]: Started wazuh-agentd...
   May 15 09:04:48 ip-10-0-1-76 env[7774]: Started wazuh-syscheckd...
   May 15 09:04:49 ip-10-0-1-76 env[7774]: Started wazuh-logcollector...
   May 15 09:04:50 ip-10-0-1-76 env[7774]: Started wazuh-modulesd...
   May 15 09:04:52 ip-10-0-1-76 env[7774]: Completed.
   May 15 09:04:52 ip-10-0-1-76 systemd[1]: Started Wazuh agent.
   ░░ Subject: A start job for unit wazuh-agent.service has finished successfully
   ░░ Defined-By: systemd
   ░░ Support: https://www.debian.org/support
   ░░
   ░░ A start job for unit wazuh-agent.service has finished successfully.
   ░░
   ░░ The job identifier is 3515.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

RHEL9 🟢

System information

cat /etc/*release
   NAME="Red Hat Enterprise Linux"
   VERSION="9.2 (Plow)"
   ID="rhel"
   ID_LIKE="fedora"
   VERSION_ID="9.2"
   PLATFORM_ID="platform:el9"
   PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
   ANSI_COLOR="0;31"
   LOGO="fedora-logo-icon"
   CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
   HOME_URL="https://www.redhat.com/"
   DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
   BUG_REPORT_URL="https://bugzilla.redhat.com/"

   REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
   REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
   REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
   REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
   Red Hat Enterprise Linux release 9.2 (Plow)
   Red Hat Enterprise Linux release 9.2 (Plow)

Agent Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="agent"

Agent Status

systemctl status wazuh-agent -l
   ● wazuh-agent.service - Wazuh agent
        Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled)
        Active: active (running) since Wed 2024-05-15 09:54:54 UTC; 22h ago
       Process: 62223 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
         Tasks: 54 (limit: 22632)
        Memory: 527.6M
           CPU: 9min 28.962s
        CGroup: /system.slice/wazuh-agent.service
                ├─62250 /var/ossec/bin/wazuh-execd
                ├─62262 /var/ossec/bin/wazuh-agentd
                ├─62277 /var/ossec/bin/wazuh-syscheckd
                ├─62291 /var/ossec/bin/wazuh-logcollector
                ├─62314 /var/ossec/bin/wazuh-modulesd
                ├─62326 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf
                ├─62327 python3 wodles/docker/DockerListener
                └─62336 /usr/bin/osqueryd

   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0...
   May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd...
   May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd...
   May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd...
   May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector...
   May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0]
   May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd...
   May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed.
   May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-modulesd is running...
   wazuh-logcollector is running...
   wazuh-syscheckd is running...
   wazuh-agentd is running...
   wazuh-execd is running...

Service Status

journalctl -xe -u wazuh-agent.service
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62155]: Wazuh v4.8.0 Stopped
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
   ░░ Subject: Unit succeeded
   ░░ Defined-By: systemd
   ░░ Support: https://access.redhat.com/support
   ░░
   ░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 59551 (osqueryd) remains running after unit stopped.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62184 (wazuh-modulesd) remains running after unit stopped.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 62185 (wazuh-modulesd) remains running after unit stopped.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
   ░░ Subject: A stop job for unit wazuh-agent.service has finished
   ░░ Defined-By: systemd
   ░░ Support: https://access.redhat.com/support
   ░░
   ░░ A stop job for unit wazuh-agent.service has finished.
   ░░
   ░░ The job identifier is 27242 and the job result is done.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 37.853s CPU time.
   ░░ Subject: Resources consumed by unit runtime
   ░░ Defined-By: systemd
   ░░ Support: https://access.redhat.com/support
   ░░
   ░░ The unit wazuh-agent.service completed and consumed the indicated resources.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
   ░░ Subject: A start job for unit wazuh-agent.service has begun execution
   ░░ Defined-By: systemd
   ░░ Support: https://access.redhat.com/support
   ░░
   ░░ A start job for unit wazuh-agent.service has begun execution.
   ░░
   ░░ The job identifier is 27242.
   May 15 09:54:46 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Starting Wazuh v4.8.0...
   May 15 09:54:48 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-execd...
   May 15 09:54:49 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-agentd...
   May 15 09:54:50 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-syscheckd...
   May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-logcollector...
   May 15 09:54:51 ip-10-0-1-14.us-west-1.compute.internal osqueryd[62326]: osqueryd started [version=4.4.0]
   May 15 09:54:52 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Started wazuh-modulesd...
   May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal env[62223]: Completed.
   May 15 09:54:54 ip-10-0-1-14.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
   ░░ Subject: A start job for unit wazuh-agent.service has finished successfully
   ░░ Defined-By: systemd
   ░░ Support: https://access.redhat.com/support
   ░░
   ░░ A start job for unit wazuh-agent.service has finished successfully.
   ░░
   ░░ The job identifier is 27242.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

Ubuntu 🟢

System information

cat /etc/*release
   DISTRIB_ID=Ubuntu
   DISTRIB_RELEASE=22.04
   DISTRIB_CODENAME=jammy
   DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
   PRETTY_NAME="Ubuntu 22.04.2 LTS"
   NAME="Ubuntu"
   VERSION_ID="22.04"
   VERSION="22.04.2 LTS (Jammy Jellyfish)"
   VERSION_CODENAME=jammy
   ID=ubuntu
   ID_LIKE=debian
   HOME_URL="https://www.ubuntu.com/"
   SUPPORT_URL="https://help.ubuntu.com/"
   BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
   PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
   UBUNTU_CODENAME=jammy

Agent Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="agent"

Agent Status

systemctl status wazuh-agent -l
   ● wazuh-agent.service - Wazuh agent
        Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
        Active: active (running) since Wed 2024-05-15 09:05:48 UTC; 22h ago
         Tasks: 32 (limit: 1116)
        Memory: 32.2M
           CPU: 1min 40.086s
        CGroup: /system.slice/wazuh-agent.service
                ├─9671 /var/ossec/bin/wazuh-execd
                ├─9682 /var/ossec/bin/wazuh-agentd
                ├─9696 /var/ossec/bin/wazuh-syscheckd
                ├─9711 /var/ossec/bin/wazuh-logcollector
                └─9730 /var/ossec/bin/wazuh-modulesd

   May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running...
   May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed.
   May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-modulesd is running...
   wazuh-logcollector is running...
   wazuh-syscheckd is running...
   wazuh-agentd is running...
   wazuh-execd is running...

Service Status

journalctl -xe -u wazuh-agent.service
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Unit process 8643 (wazuh-modulesd) remains running after unit stopped.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: Stopped Wazuh agent.
   ░░ Subject: A stop job for unit wazuh-agent.service has finished
   ░░ Defined-By: systemd
   ░░ Support: http://www.ubuntu.com/support
   ░░
   ░░ A stop job for unit wazuh-agent.service has finished.
   ░░
   ░░ The job identifier is 6222 and the job result is done.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Consumed 15.219s CPU time.
   ░░ Subject: Resources consumed by unit runtime
   ░░ Defined-By: systemd
   ░░ Support: http://www.ubuntu.com/support
   ░░
   ░░ The unit wazuh-agent.service completed and consumed the indicated resources.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8571 (wazuh-execd) in control group while starting unit. Ignoring.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8586 (wazuh-agentd) in control group while starting unit. Ignoring.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8604 (wazuh-syscheckd) in control group while starting unit. Ignoring.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8623 (wazuh-logcollec) in control group while starting unit. Ignoring.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: wazuh-agent.service: Found left-over process 8643 (wazuh-modulesd) in control group while starting unit. Ignoring.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
   May 15 09:05:46 ip-10-0-1-162 systemd[1]: Starting Wazuh agent...
   ░░ Subject: A start job for unit wazuh-agent.service has begun execution
   ░░ Defined-By: systemd
   ░░ Support: http://www.ubuntu.com/support
   ░░
   ░░ A start job for unit wazuh-agent.service has begun execution.
   ░░
   ░░ The job identifier is 6222.
   May 15 09:05:46 ip-10-0-1-162 env[9101]: Starting Wazuh v4.8.0...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-execd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-agentd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-syscheckd already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-logcollector already running...
   May 15 09:05:46 ip-10-0-1-162 env[9101]: wazuh-modulesd already running...
   May 15 09:05:48 ip-10-0-1-162 env[9101]: Completed.
   May 15 09:05:48 ip-10-0-1-162 systemd[1]: Started Wazuh agent.
   ░░ Subject: A start job for unit wazuh-agent.service has finished successfully
   ░░ Defined-By: systemd
   ░░ Support: http://www.ubuntu.com/support
   ░░
   ░░ A start job for unit wazuh-agent.service has finished successfully.
   ░░
   ░░ The job identifier is 6222.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

Windows 🟡

System information

systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
   OS Name:                   Microsoft Windows Server 2019 Datacenter
   OS Version:                10.0.17763 N/A Build 17763

Agent Version

cd 'C:\Program Files (x86)\ossec-agent\'
(Get-Command .\wazuh-agent.exe).FileVersionInfo

   ProductVersion   FileVersion      FileName
   --------------   -----------      --------
   v4.8.0           v4.8.0           C:\Program Files (x86)\ossec-agent\wazuh-agent.exe

Agent Status

NET START wazuh
   The requested service has already been started.

Error Logs

Get-Content "C:\Program Files (x86)\ossec-agent\ossec.log" | Select-String -Pattern "ERR|WARN|CRIT|FAT"
   2024/05/16 00:00:17 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240516.log' due to [(2)-(No such file or directory)].

Analysis:
The ERROR logs are expected, it is a known issue: #13253

Dashboard Logs

WazuhDashboard 🟢

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Dashboard Version

cat /usr/share/wazuh-dashboard/plugins/wazuh/package.json
   {
     "name": "wazuh",
     "version": "4.8.0",
     "revision": "10",
     "pluginPlatform": {
       "version": "2.10.0"
     },
     "description": "Wazuh dashboard",
     "keywords": [
       "opensearch_dashboards",
       "wazuh",
       "ossec"
     ],
     "node_build": "10.23.1",
     "author": "Wazuh, Inc",
     "license": "GPL-2.0",
     "repository": {
       "type": "git",
       "url": "https://github.com/wazuh/wazuh-dashboard-plugins.git"
     },
     "bugs": {
       "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues"
     },
     "homepage": "https://www.wazuh.com/",
     "scripts": {
       "lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}",
       "lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}",
       "lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}",
       "lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}",
       "lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'",
       "format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc",
       "kbn": "node ../../scripts/kbn",
       "es": "node ../../scripts/es",
       "start": "plugin-helpers start",
       "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION",
       "build:runner": "node scripts/runner build",
       "plugin-helpers": "node ../../scripts/plugin_helpers",
       "test:ui:runner": "node ../../scripts/functional_test_runner.js",
       "test:server": "plugin-helpers test:server",
       "test:browser": "plugin-helpers test:browser",
       "test:jest": "node scripts/jest --runInBand",
       "test:jest:runner": "node scripts/runner test",
       "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration",
       "prebuild": "node scripts/generate-build-version"
     },
     "dependencies": {
       "angular-animate": "1.8.3",
       "angular-material": "1.2.5",
       "axios": "^1.6.1",
       "install": "^0.13.0",
       "js2xmlparser": "^5.0.0",
       "json2csv": "^4.1.2",
       "jwt-decode": "^3.1.2",
       "loglevel": "^1.7.1",
       "markdown-it-link-attributes": "^4.0.1",
       "md5": "^2.3.0",
       "needle": "^3.2.0",
       "node-cron": "^1.1.2",
       "pdfmake": "0.2.7",
       "querystring-browser": "1.0.4",
       "react-codemirror": "^1.0.0",
       "react-cookie": "^4.0.3",
       "read-last-lines": "^1.7.2",
       "timsort": "^0.3.0",
       "typescript": "^5.0.4",
       "winston": "3.9.0"
     },
     "devDependencies": {
       "@types/node-cron": "^2.0.3",
       "@typescript-eslint/eslint-plugin": "^6.2.1",
       "@typescript-eslint/parser": "^6.2.1",
       "eslint": "^8.46.0",
       "eslint-config-prettier": "^8.5.0",
       "eslint-import-resolver-typescript": "3.5.5",
       "eslint-plugin-async-await": "^0.0.0",
       "eslint-plugin-cypress": "^2.12.1",
       "eslint-plugin-filenames-simple": "^0.8.0",
       "eslint-plugin-import": "^2.28.0",
       "eslint-plugin-prettier": "^4.2.1",
       "eslint-plugin-react": "^7.31.8",
       "eslint-plugin-react-hooks": "^4.6.0",
       "prettier": "^2.7.1",
       "redux-mock-store": "^1.5.4",
       "swagger-client": "^3.19.11"
     },
     "opensearchDashboards": {
       "version": "2.10.0"
     }
   }

Dashboard Status

systemctl status wazuh-dashboard -l
   ● wazuh-dashboard.service - wazuh-dashboard
      Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 09:11:05 UTC; 22h ago
    Main PID: 19828 (node)
      CGroup: /system.slice/wazuh-dashboard.service
              └─19828 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

   May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":1,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 401 1ms - 9.0B"}
   May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"}
   May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"}
   May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"}
   May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}

Dashboard Service Status

journalctl -xe -u wazuh-dashboard.service --no-pager
   May 16 07:14:20 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:20Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /api/logos 200 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"925","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"POST /api/core/capabilities 200 5ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":401,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /api/v1/configuration/account 401 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /48010/bundles/plugin/securityDashboards/securityDashboards.chunk.5.js 200 2ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_background.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/ui/legacy_light_theme.css"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_background.svg 200 5ms - 9.0B"}
   May 16 07:14:21 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:21Z","tags":[],"pid":19828,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_dashboard_login_mark.svg","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"image/avif,image/webp,*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /ui/logos/wazuh_dashboard_login_mark.svg 200 5ms - 9.0B"}
   May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"log","@timestamp":"2024-05-16T07:14:25Z","tags":["error","plugins","securityDashboards"],"pid":19828,"message":"Failed authentication: Error: Authentication Exception"}
   May 16 07:14:25 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:14:25Z","tags":[],"pid":19828,"method":"post","statusCode":401,"req":{"url":"/auth/login","method":"post","headers":{"host":"10.0.0.155:5601","connection":"close","content-length":"59","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://demo.wazuh.info/app/login?","content-type":"application/json","osd-version":"2.10.0","osd-xsrf":"osd-fetch","origin":"https://demo.wazuh.info","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0","referer":"https://demo.wazuh.info/app/login?"},"res":{"statusCode":401,"responseTime":411,"contentLength":9},"message":"POST /auth/login 401 411ms - 9.0B"}
   May 16 07:41:11 ip-10-0-0-155.us-west-1.compute.internal opensearch-dashboards[19828]: {"type":"response","@timestamp":"2024-05-16T07:41:11Z","tags":[],"pid":19828,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.155:5601","connection":"close","user-agent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36","accept-charset":"utf-8","accept-encoding":"gzip"},"remoteAddress":"10.0.0.155","userAgent":"Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}

Error Logs

egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l
   0

Indexer Logs

IndexerBootstrap 🟡

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Agent Status

systemctl status wazuh-indexer -l
   ● wazuh-indexer.service - Wazuh-indexer
      Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 08:47:07 UTC; 23h ago
        Docs: https://documentation.wazuh.com
    Main PID: 12359 (java)
      CGroup: /system.slice/wazuh-indexer.service
              └─12359 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

journalctl -xe -u wazuh-indexer.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:10:01 UTC. --
   May 15 08:45:23 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:26 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:45:28 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[10628]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:45:49 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   ---- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun shutting down.
   May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished shutting down.
   May 15 08:46:44 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.
   May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
   May 15 08:46:47 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:46:49 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:47:07 ip-10-0-2-249.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-249.us-west-1.compute.internal systemd-entrypoint[12359]: at java.base/java.lang.Thread.run(Thread.java:833)

Analysis:
The ERROR logs are expected, it is a known issue: wazuh/wazuh-packages#2685

Error Logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
   0

IndexerMasterB 🟡

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Agent Status

systemctl status wazuh-indexer -l
   ● wazuh-indexer.service - Wazuh-indexer
      Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 08:47:33 UTC; 23h ago
        Docs: https://documentation.wazuh.com
    Main PID: 12303 (java)
      CGroup: /system.slice/wazuh-indexer.service
              └─12303 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

journalctl -xe -u wazuh-indexer.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:13:22 UTC. --
   May 15 08:45:26 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:28 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:45:30 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[10483]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:45:49 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   ---- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun shutting down.
   May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished shutting down.
   May 15 08:47:09 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.
   May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
   May 15 08:47:12 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:47:14 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:47:33 ip-10-0-2-123.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:00:02 ip-10-0-2-123.us-west-1.compute.internal systemd-entrypoint[12303]: at java.base/java.lang.Thread.run(Thread.java:833)

Analysis:
The ERROR logs are expected, it is a known issue: wazuh/wazuh-packages#2685

Error Logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
   0

IndexerMasterC 🟡

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Agent Status

systemctl status wazuh-indexer -l
   ● wazuh-indexer.service - Wazuh-indexer
      Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 08:48:04 UTC; 23h ago
        Docs: https://documentation.wazuh.com
    Main PID: 12810 (java)
      CGroup: /system.slice/wazuh-indexer.service
              └─12810 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

journalctl -xe -u wazuh-indexer.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:16:01 UTC. --
   May 15 08:45:35 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:45:37 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:45:39 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[10471]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:45:58 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   ---- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun shutting down.
   May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished shutting down.
   May 15 08:47:39 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.
   May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
   May 15 08:47:42 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:47:44 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:48:04 ip-10-0-2-62.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-2-62.us-west-1.compute.internal systemd-entrypoint[12810]: at java.base/java.lang.Thread.run(Thread.java:833)

Analysis:
The ERROR logs are expected, it is a known issue: wazuh/wazuh-packages#2685

Error Logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
   0

WazuhDashboard 🟡

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Agent Status

systemctl status wazuh-indexer -l
   ● wazuh-indexer.service - Wazuh-indexer
      Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
      Active: active (running) since Wed 2024-05-15 08:54:17 UTC; 23h ago
        Docs: https://documentation.wazuh.com
    Main PID: 14580 (java)
      CGroup: /system.slice/wazuh-indexer.service
              └─14580 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

journalctl -xe -u wazuh-indexer.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:28 UTC, end at Thu 2024-05-16 08:20:19 UTC. --
   May 15 08:50:38 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been calledMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)May 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchMay 15 08:50:40 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future releaseMay 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:50:42 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[10443]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:51:01 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   ---- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun shutting down.
   May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished shutting down.
   May 15 08:53:51 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
   -- Subject: Unit wazuh-indexer.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has begun starting up.
   May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
   May 15 08:53:56 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: A terminally deprecated method in java.lang.System has been called
   May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
   May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
   May 15 08:53:58 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: WARNING: System::setSecurityManager will be removed in a future release
   May 15 08:54:17 ip-10-0-0-155.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
   -- Subject: Unit wazuh-indexer.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-indexer.service has finished starting up.
   --
   -- The start-up result is done.
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
   May 16 00:01:04 ip-10-0-0-155.us-west-1.compute.internal systemd-entrypoint[14580]: at java.base/java.lang.Thread.run(Thread.java:833)

Analysis:
The ERROR logs are expected, it is a known issue: wazuh/wazuh-packages#2685

Error Logs

egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
   0

Manager Logs

WazuhMasterEnv1 🟢

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Manager Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="server"

Agent Status

systemctl status wazuh-manager -l
   ● wazuh-manager.service - Wazuh manager
      Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
      Active: active (exited) since Wed 2024-05-15 08:58:46 UTC; 23h ago
     Process: 15268 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
     Process: 15437 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

   May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted...
   May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector...
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord...
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd...
   May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd...
   May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root)
   May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed.
   May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-clusterd is running...
   wazuh-modulesd is running...
   wazuh-monitord is running...
   wazuh-logcollector is running...
   wazuh-remoted is running...
   wazuh-syscheckd is running...
   wazuh-analysisd is running...
   wazuh-maild not running...
   wazuh-execd is running...
   wazuh-db is running...
   wazuh-authd is running...
   wazuh-agentlessd not running...
   wazuh-integratord is running...
   wazuh-dbd not running...
   wazuh-csyslogd not running...
   wazuh-apid is running...

Service Status

journalctl -xe -u wazuh-manager.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:22:12 UTC. --
   May 15 08:56:27 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:56:28 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:56:29 wazuh-manager-master-0 env[11357]: Starting Wazuh v4.8.0...
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-apid...
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-csyslogd...
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-dbd...
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:31 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-integratord...
   May 15 08:56:31 wazuh-manager-master-0 env[11357]: Started wazuh-agentlessd...
   May 15 08:56:32 wazuh-manager-master-0 env[11357]: Started wazuh-authd...
   May 15 08:56:33 wazuh-manager-master-0 env[11357]: Started wazuh-db...
   May 15 08:56:34 wazuh-manager-master-0 env[11357]: Started wazuh-execd...
   May 15 08:56:36 wazuh-manager-master-0 env[11357]: Started wazuh-analysisd...
   May 15 08:56:37 wazuh-manager-master-0 env[11357]: Started wazuh-syscheckd...
   May 15 08:56:38 wazuh-manager-master-0 env[11357]: Started wazuh-remoted...
   May 15 08:56:39 wazuh-manager-master-0 env[11357]: Started wazuh-logcollector...
   May 15 08:56:40 wazuh-manager-master-0 env[11357]: Started wazuh-monitord...
   May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:56:40 wazuh-manager-master-0 env[11357]: 2024/05/15 08:56:40 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:56:41 wazuh-manager-master-0 env[11357]: Started wazuh-modulesd...
   May 15 08:56:43 wazuh-manager-master-0 env[11357]: Started wazuh-clusterd...
   May 15 08:56:43 wazuh-manager-master-0 crontab[11939]: (root) LIST (root)
   May 15 08:56:45 wazuh-manager-master-0 env[11357]: Completed.
   May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:58:24 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun shutting down.
   May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-clusterd...
   May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-modulesd...
   May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-monitord...
   May 15 08:58:24 wazuh-manager-master-0 env[15268]: Killing wazuh-logcollector...
   May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-remoted...
   May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-syscheckd...
   May 15 08:58:25 wazuh-manager-master-0 env[15268]: Killing wazuh-analysisd...
   May 15 08:58:26 wazuh-manager-master-0 env[15268]: wazuh-maild not running...
   May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-execd...
   May 15 08:58:26 wazuh-manager-master-0 env[15268]: Killing wazuh-db...
   May 15 08:58:27 wazuh-manager-master-0 env[15268]: Killing wazuh-authd...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-agentlessd not running...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-integratord not running...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-dbd not running...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: wazuh-csyslogd not running...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: Killing wazuh-apid...
   May 15 08:58:28 wazuh-manager-master-0 env[15268]: Wazuh v4.8.0 Stopped
   May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished shutting down.
   May 15 08:58:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:58:30 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:30 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:58:31 wazuh-manager-master-0 env[15437]: Starting Wazuh v4.8.0...
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-apid...
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-csyslogd...
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-dbd...
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:34 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-integratord...
   May 15 08:58:34 wazuh-manager-master-0 env[15437]: Started wazuh-agentlessd...
   May 15 08:58:35 wazuh-manager-master-0 env[15437]: Started wazuh-authd...
   May 15 08:58:36 wazuh-manager-master-0 env[15437]: Started wazuh-db...
   May 15 08:58:37 wazuh-manager-master-0 env[15437]: Started wazuh-execd...
   May 15 08:58:38 wazuh-manager-master-0 env[15437]: Started wazuh-analysisd...
   May 15 08:58:39 wazuh-manager-master-0 env[15437]: Started wazuh-syscheckd...
   May 15 08:58:40 wazuh-manager-master-0 env[15437]: Started wazuh-remoted...
   May 15 08:58:41 wazuh-manager-master-0 env[15437]: Started wazuh-logcollector...
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: Started wazuh-monitord...
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:58:42 wazuh-manager-master-0 env[15437]: 2024/05/15 08:58:42 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:58:43 wazuh-manager-master-0 env[15437]: Started wazuh-modulesd...
   May 15 08:58:44 wazuh-manager-master-0 env[15437]: Started wazuh-clusterd...
   May 15 08:58:45 wazuh-manager-master-0 crontab[16020]: (root) LIST (root)
   May 15 08:58:46 wazuh-manager-master-0 env[15437]: Completed.
   May 15 08:58:46 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
   0

Filebeat Output

filebeat test output
   elasticsearch: https://10.0.2.249:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.249
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.123:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.123
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.62:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.62
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2

WazuhMasterEnv2 🟢

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Manager Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="server"

Agent Status

systemctl status wazuh-manager -l
   ● wazuh-manager.service - Wazuh manager
      Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
      Active: active (exited) since Wed 2024-05-15 08:59:14 UTC; 23h ago
     Process: 15239 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
     Process: 15387 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

   May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted...
   May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector...
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord...
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd...
   May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd...
   May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root)
   May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed.
   May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-clusterd is running...
   wazuh-modulesd is running...
   wazuh-monitord is running...
   wazuh-logcollector is running...
   wazuh-remoted is running...
   wazuh-syscheckd is running...
   wazuh-analysisd is running...
   wazuh-maild not running...
   wazuh-execd is running...
   wazuh-db is running...
   wazuh-authd is running...
   wazuh-agentlessd not running...
   wazuh-integratord is running...
   wazuh-dbd not running...
   wazuh-csyslogd not running...
   wazuh-apid is running...

Service Status

journalctl -xe -u wazuh-manager.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:27 UTC, end at Thu 2024-05-16 08:24:14 UTC. --
   May 15 08:56:28 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:56:29 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:29 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:56:30 wazuh-manager-master-0 env[11367]: Starting Wazuh v4.8.0...
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-apid...
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-csyslogd...
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-dbd...
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-integratord...
   May 15 08:56:32 wazuh-manager-master-0 env[11367]: Started wazuh-agentlessd...
   May 15 08:56:34 wazuh-manager-master-0 env[11367]: Started wazuh-authd...
   May 15 08:56:35 wazuh-manager-master-0 env[11367]: Started wazuh-db...
   May 15 08:56:36 wazuh-manager-master-0 env[11367]: Started wazuh-execd...
   May 15 08:56:37 wazuh-manager-master-0 env[11367]: Started wazuh-analysisd...
   May 15 08:56:38 wazuh-manager-master-0 env[11367]: Started wazuh-syscheckd...
   May 15 08:56:39 wazuh-manager-master-0 env[11367]: Started wazuh-remoted...
   May 15 08:56:40 wazuh-manager-master-0 env[11367]: Started wazuh-logcollector...
   May 15 08:56:41 wazuh-manager-master-0 env[11367]: Started wazuh-monitord...
   May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:56:41 wazuh-manager-master-0 env[11367]: 2024/05/15 08:56:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:56:42 wazuh-manager-master-0 env[11367]: Started wazuh-modulesd...
   May 15 08:56:43 wazuh-manager-master-0 env[11367]: Started wazuh-clusterd...
   May 15 08:56:44 wazuh-manager-master-0 crontab[11945]: (root) LIST (root)
   May 15 08:56:45 wazuh-manager-master-0 env[11367]: Completed.
   May 15 08:56:45 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 08:58:52 wazuh-manager-master-0 systemd[1]: Stopping Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun shutting down.
   May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-clusterd...
   May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-modulesd...
   May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-monitord...
   May 15 08:58:52 wazuh-manager-master-0 env[15239]: Killing wazuh-logcollector...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-remoted...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-syscheckd...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-analysisd...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: wazuh-maild not running...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-execd...
   May 15 08:58:53 wazuh-manager-master-0 env[15239]: Killing wazuh-db...
   May 15 08:58:54 wazuh-manager-master-0 env[15239]: Killing wazuh-authd...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-agentlessd not running...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-integratord not running...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-dbd not running...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: wazuh-csyslogd not running...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: Killing wazuh-apid...
   May 15 08:58:55 wazuh-manager-master-0 env[15239]: Wazuh v4.8.0 Stopped
   May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Stopped Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished shutting down.
   May 15 08:58:55 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:58:57 wazuh-manager-master-0 env[15387]: 2024/05/15 08:58:57 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:58:58 wazuh-manager-master-0 env[15387]: Starting Wazuh v4.8.0...
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-apid...
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-csyslogd...
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-dbd...
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-integratord...
   May 15 08:59:01 wazuh-manager-master-0 env[15387]: Started wazuh-agentlessd...
   May 15 08:59:02 wazuh-manager-master-0 env[15387]: Started wazuh-authd...
   May 15 08:59:03 wazuh-manager-master-0 env[15387]: Started wazuh-db...
   May 15 08:59:04 wazuh-manager-master-0 env[15387]: Started wazuh-execd...
   May 15 08:59:05 wazuh-manager-master-0 env[15387]: Started wazuh-analysisd...
   May 15 08:59:06 wazuh-manager-master-0 env[15387]: Started wazuh-syscheckd...
   May 15 08:59:07 wazuh-manager-master-0 env[15387]: Started wazuh-remoted...
   May 15 08:59:08 wazuh-manager-master-0 env[15387]: Started wazuh-logcollector...
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: Started wazuh-monitord...
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 08:59:10 wazuh-manager-master-0 env[15387]: 2024/05/15 08:59:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 08:59:11 wazuh-manager-master-0 env[15387]: Started wazuh-modulesd...
   May 15 08:59:12 wazuh-manager-master-0 env[15387]: Started wazuh-clusterd...
   May 15 08:59:13 wazuh-manager-master-0 crontab[15970]: (root) LIST (root)
   May 15 08:59:14 wazuh-manager-master-0 env[15387]: Completed.
   May 15 08:59:14 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
   0

Filebeat Output

filebeat test output
   elasticsearch: https://10.0.2.249:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.249
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.123:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.123
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.62:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.62
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2

WazuhWorker 🟢

System information

cat /etc/*release
   NAME="Amazon Linux"
   VERSION="2"
   ID="amzn"
   ID_LIKE="centos rhel fedora"
   VERSION_ID="2"
   PRETTY_NAME="Amazon Linux 2"
   ANSI_COLOR="0;33"
   CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
   HOME_URL="https://amazonlinux.com/"
   Amazon Linux release 2 (Karoo)

Manager Version

/var/ossec/bin/wazuh-control info
   WAZUH_VERSION="v4.8.0"
   WAZUH_REVISION="40810"
   WAZUH_TYPE="server"

Agent Status

systemctl status wazuh-manager -l
   ● wazuh-manager.service - Wazuh manager
      Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
      Active: active (exited) since Wed 2024-05-15 09:03:28 UTC; 23h ago
     Process: 14921 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
     Process: 15063 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

   May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted...
   May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector...
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord...
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd...
   May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd...
   May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root)
   May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed.
   May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.

Module Status

/var/ossec/bin/wazuh-control status
   wazuh-clusterd is running...
   wazuh-modulesd is running...
   wazuh-monitord is running...
   wazuh-logcollector is running...
   wazuh-remoted is running...
   wazuh-syscheckd is running...
   wazuh-analysisd is running...
   wazuh-maild not running...
   wazuh-execd is running...
   wazuh-db is running...
   wazuh-authd not running...
   wazuh-agentlessd not running...
   wazuh-integratord is running...
   wazuh-dbd not running...
   wazuh-csyslogd not running...
   wazuh-apid is running...

Service Status

journalctl -xe -u wazuh-manager.service --no-pager
   -- Logs begin at Wed 2024-05-15 08:32:26 UTC, end at Thu 2024-05-16 08:27:47 UTC. --
   May 15 09:01:14 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 09:01:16 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 09:01:17 wazuh-manager-worker-0 env[11130]: Starting Wazuh v4.8.0...
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-apid...
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-csyslogd...
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-dbd...
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:19 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-integratord...
   May 15 09:01:19 wazuh-manager-worker-0 env[11130]: Started wazuh-agentlessd...
   May 15 09:01:20 wazuh-manager-worker-0 env[11130]: Started wazuh-db...
   May 15 09:01:21 wazuh-manager-worker-0 env[11130]: Started wazuh-execd...
   May 15 09:01:22 wazuh-manager-worker-0 env[11130]: Started wazuh-analysisd...
   May 15 09:01:23 wazuh-manager-worker-0 env[11130]: Started wazuh-syscheckd...
   May 15 09:01:25 wazuh-manager-worker-0 env[11130]: Started wazuh-remoted...
   May 15 09:01:26 wazuh-manager-worker-0 env[11130]: Started wazuh-logcollector...
   May 15 09:01:27 wazuh-manager-worker-0 env[11130]: Started wazuh-monitord...
   May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 09:01:27 wazuh-manager-worker-0 env[11130]: 2024/05/15 09:01:27 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 09:01:28 wazuh-manager-worker-0 env[11130]: Started wazuh-modulesd...
   May 15 09:01:29 wazuh-manager-worker-0 env[11130]: Started wazuh-clusterd...
   May 15 09:01:31 wazuh-manager-worker-0 crontab[11686]: (root) LIST (root)
   May 15 09:01:31 wazuh-manager-worker-0 env[11130]: Completed.
   May 15 09:01:31 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.
   May 15 09:03:08 wazuh-manager-worker-0 systemd[1]: Stopping Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun shutting down.
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-clusterd...
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-modulesd...
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-monitord...
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-logcollector...
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-remoted...
   May 15 09:03:08 wazuh-manager-worker-0 env[14921]: Killing wazuh-syscheckd...
   May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-analysisd...
   May 15 09:03:09 wazuh-manager-worker-0 env[14921]: wazuh-maild not running...
   May 15 09:03:09 wazuh-manager-worker-0 env[14921]: Killing wazuh-execd...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-db...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-authd not running...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-agentlessd not running...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-integratord not running...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-dbd not running...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: wazuh-csyslogd not running...
   May 15 09:03:10 wazuh-manager-worker-0 env[14921]: Killing wazuh-apid...
   May 15 09:03:11 wazuh-manager-worker-0 env[14921]: Wazuh v4.8.0 Stopped
   May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished shutting down
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished shutting down.
   May 15 09:03:11 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
   -- Subject: Unit wazuh-manager.service has begun start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has begun starting up.
   May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 09:03:13 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 09:03:13 wazuh-manager-worker-0 env[15063]: Starting Wazuh v4.8.0...
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-apid...
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-csyslogd...
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-dbd...
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:17 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-integratord...
   May 15 09:03:17 wazuh-manager-worker-0 env[15063]: Started wazuh-agentlessd...
   May 15 09:03:18 wazuh-manager-worker-0 env[15063]: Started wazuh-db...
   May 15 09:03:19 wazuh-manager-worker-0 env[15063]: Started wazuh-execd...
   May 15 09:03:20 wazuh-manager-worker-0 env[15063]: Started wazuh-analysisd...
   May 15 09:03:21 wazuh-manager-worker-0 env[15063]: Started wazuh-syscheckd...
   May 15 09:03:22 wazuh-manager-worker-0 env[15063]: Started wazuh-remoted...
   May 15 09:03:23 wazuh-manager-worker-0 env[15063]: Started wazuh-logcollector...
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: Started wazuh-monitord...
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:router: INFO: Loaded router module.
   May 15 09:03:24 wazuh-manager-worker-0 env[15063]: 2024/05/15 09:03:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
   May 15 09:03:25 wazuh-manager-worker-0 env[15063]: Started wazuh-modulesd...
   May 15 09:03:26 wazuh-manager-worker-0 env[15063]: Started wazuh-clusterd...
   May 15 09:03:27 wazuh-manager-worker-0 crontab[15623]: (root) LIST (root)
   May 15 09:03:28 wazuh-manager-worker-0 env[15063]: Completed.
   May 15 09:03:28 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
   -- Subject: Unit wazuh-manager.service has finished start-up
   -- Defined-By: systemd
   -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
   --
   -- Unit wazuh-manager.service has finished starting up.
   --
   -- The start-up result is done.

Error Logs

egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
   0

egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
   0

Filebeat Output

filebeat test output
   elasticsearch: https://10.0.2.249:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.249
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.123:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.123
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2
   elasticsearch: https://10.0.2.62:9200...
     parse url... OK
     connection...
       parse host... OK
       dns lookup... OK
       addresses: 10.0.2.62
       dial up... OK
     TLS...
       security: server's certificate chain verification is enabled
       handshake... OK
       TLS version: TLSv1.3
       dial up... OK
     talk to server... OK
     version: 7.10.2

[rafabailon]

Check Wazuh Users and Processes 🟢

Agent

Amazon 🟢

ps -aux | grep wazuh
   root     11195  0.0  0.4  40768  3848 ?        Sl   May15   0:03 /var/ossec/bin/wazuh-execd
   wazuh    11207  0.0  0.8 328220  8488 ?        Sl   May15   0:16 /var/ossec/bin/wazuh-agentd
   root     11222  0.0  1.4 298576 13972 ?        SNl  May15   0:30 /var/ossec/bin/wazuh-syscheckd
   root     11238  0.0  0.5 483212  5580 ?        Sl   May15   0:11 /var/ossec/bin/wazuh-logcollector
   root     11256  0.0  1.8 751764 17992 ?        Sl   May15   0:07 /var/ossec/bin/wazuh-modulesd
   root     18065  0.0  0.0 121272   916 pts/0    S+   08:45   0:00 grep --color=auto wazuh

Centos 🟢

ps -aux | grep wazuh
   root        9753  0.0  0.3  45828  2456 ?        Sl   May15   0:02 /var/ossec/bin/wazuh-execd
   wazuh       9765  0.0  0.7 276772  6020 ?        Sl   May15   0:16 /var/ossec/bin/wazuh-agentd
   root        9780  0.0  1.2 375552 10004 ?        SNl  May15   0:36 /var/ossec/bin/wazuh-syscheckd
   root        9795  0.0  0.5 488372  4724 ?        Sl   May15   0:10 /var/ossec/bin/wazuh-logcollector
   root        9812  0.0  3.1 761852 25028 ?        Sl   May15   0:07 /var/ossec/bin/wazuh-modulesd
   root       17236  0.0  0.1 221928  1124 pts/0    S+   08:46   0:00 grep --color=auto wazuh

Debian 🟢

ps -aux | grep wazuh
   root        9771  0.0  0.2  26596  2544 ?        Sl   May15   0:03 /var/ossec/bin/wazuh-execd
   wazuh       9782  0.0  0.6 248488  6280 ?        Sl   May15   0:20 /var/ossec/bin/wazuh-agentd
   root        9796  0.0  0.8 214192  8760 ?        SNl  May15   0:29 /var/ossec/bin/wazuh-syscheckd
   root        9811  0.0  1.3 469144 13316 ?        Sl   May15   0:12 /var/ossec/bin/wazuh-logcollector
   root        9830  0.0  1.5 731556 15532 ?        Sl   May15   0:06 /var/ossec/bin/wazuh-modulesd
   root       33476  0.0  0.0   5264   712 pts/0    S+   08:46   0:00 grep wazuh

RHEL9 🟢

ps -aux | grep wazuh
   root       62250  0.0  0.1  26384  6612 ?        Sl   May15   0:02 /var/ossec/bin/wazuh-execd
   wazuh      62262  0.0  0.3 248152 12192 ?        Sl   May15   0:29 /var/ossec/bin/wazuh-agentd
   root       62277  0.0  0.4 427452 16636 ?        SNl  May15   1:15 /var/ossec/bin/wazuh-syscheckd
   root       62291  0.0  0.2 468896  7688 ?        Sl   May15   0:14 /var/ossec/bin/wazuh-logcollector
   root       62314  0.0  1.1 1026016 44284 ?       Sl   May15   0:22 /var/ossec/bin/wazuh-modulesd
   root      158408  0.0  0.0   6408  2204 pts/0    S+   08:47   0:00 grep --color=auto wazuh

Ubuntu 🟢

ps -aux | grep wazuh
   root        9671  0.0  0.2  26436  2580 ?        Sl   May15   0:04 /var/ossec/bin/wazuh-execd
   wazuh       9682  0.0  0.4 313880  4436 ?        Sl   May15   0:21 /var/ossec/bin/wazuh-agentd
   root        9696  0.0  0.4 279908  4096 ?        SNl  May15   0:34 /var/ossec/bin/wazuh-syscheckd
   root        9711  0.0  0.2 468908  2692 ?        Sl   May15   0:13 /var/ossec/bin/wazuh-logcollector
   root        9730  0.0  1.3 731348 13292 ?        Sl   May15   0:09 /var/ossec/bin/wazuh-modulesd
   root       55978  0.0  0.2   7008  2260 pts/1    S+   08:47   0:00 grep --color=auto wazuh

Windows 🟢

tasklist /svc | Select-String "wazuh"
   wazuh-agent.exe               3060 WazuhSvc

Dashboard

WazuhDashboard 🟢

ps -aux | grep wazuh-dashboard
   wazuh-d+ 19828  0.3  2.2 1039072 182636 ?      Ssl  May15   5:02 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
   root     23750  0.0  0.0 121272   964 pts/0    S+   08:49   0:00 grep --color=auto wazuh-dashboard

Indexer

IndexerBootstrap 🟢

ps -aux | grep wazuh
   wazuh-i+ 12359  1.3 57.1 7113252 4596332 ?     Ssl  May15  20:03 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-9755161661130300994 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
   root     17617  0.0  0.0 121272   932 pts/0    S+   08:50   0:00 grep --color=auto wazuh

IndexerMasterB 🟢

ps -aux | grep wazuh
   wazuh-i+ 12303  1.6 57.2 7114364 4602672 ?     Ssl  May15  23:07 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6328324595925120652 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
   root     16668  0.0  0.0 121272   928 pts/0    S+   08:51   0:00 grep --color=auto wazuh

IndexerMasterC 🟢

ps -aux | grep wazuh
   wazuh-i+ 12810  1.3 56.9 7100820 4580160 ?     Ssl  May15  19:54 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-15189950111321843980 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
   root     17073  0.0  0.0 121272  1008 pts/0    S+   08:52   0:00 grep --color=auto wazuh

WazuhDashboard 🟢

ps -aux | grep wazuh-indexer
   wazuh-i+ 14580  1.0 38.5 5593400 3101244 ?     Ssl  May15  15:48 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-10560019297269362385 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
   root     23792  0.0  0.0 121272   960 pts/1    S+   08:52   0:00 grep --color=auto wazuh-indexer

Manager

WazuhMasterEnv1 🟢

ps -aux | grep wazuh
   root      9302  0.0  0.0 121272   964 pts/0    S+   08:53   0:00 grep --color=auto wazuh
   wazuh    25420  0.1  3.0 1012880 119480 ?      Sl   May15   1:37 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    25421  0.0  1.9 297124 78224 ?        S    May15   0:12 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    25424  0.1  2.0 382980 82288 ?        S    May15   2:36 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    25427  0.0  1.4 511872 58644 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    25453  0.0  0.1  41372  4844 ?        Sl   May15   0:12 /var/ossec/bin/wazuh-integratord
   root     25474  0.2  0.2 262816  8556 ?        Sl   May15   3:34 /var/ossec/bin/wazuh-authd
   wazuh    25491  0.1  0.7 945660 31528 ?        Sl   May15   2:21 /var/ossec/bin/wazuh-db
   root     25517  0.0  0.1  41440  4180 ?        Sl   May15   0:03 /var/ossec/bin/wazuh-execd
   wazuh    25531  1.7  3.9 1308580 157904 ?      Sl   May15  24:47 /var/ossec/bin/wazuh-analysisd
   root     25545  0.0  0.3 295032 14188 ?        SNl  May15   0:35 /var/ossec/bin/wazuh-syscheckd
   wazuh    25566  0.3  0.4 1242060 17188 ?       Sl   May15   4:16 /var/ossec/bin/wazuh-remoted
   root     25601  0.0  0.1 483832  5728 ?        Sl   May15   0:11 /var/ossec/bin/wazuh-logcollector
   wazuh    25622  0.0  0.1  41412  7356 ?        Sl   May15   0:55 /var/ossec/bin/wazuh-monitord
   root     25672  0.1  3.0 697976 120048 ?       Sl   May15   1:43 /var/ossec/bin/wazuh-modulesd
   wazuh    26106  0.1  1.7 435568 68852 ?        Sl   May15   2:24 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    26110  0.0  1.3 278008 54916 ?        S    May15   0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    26111  0.0  1.3 276428 52600 ?        S    May15   0:21 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

WazuhMasterEnv2 🟢

ps -aux | grep wazuh
   root      5977  0.0  0.0 121272   976 pts/0    S+   08:53   0:00 grep --color=auto wazuh
   wazuh    24867  0.0  3.0 1013364 119128 ?      Sl   May15   1:02 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    24868  0.0  1.9 296632 77956 ?        S    May15   0:07 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    24871  0.1  2.0 383140 82204 ?        S    May15   1:52 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    24874  0.0  1.4 512892 58572 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    24899  0.0  0.1  41376  4204 ?        Sl   May15   0:11 /var/ossec/bin/wazuh-integratord
   root     24921  0.2  0.2 197280  8036 ?        Sl   May15   3:08 /var/ossec/bin/wazuh-authd
   wazuh    24938  0.1  0.6 945664 24932 ?        Sl   May15   2:01 /var/ossec/bin/wazuh-db
   root     24964  0.0  0.1 106976  4152 ?        Sl   May15   0:03 /var/ossec/bin/wazuh-execd
   wazuh    24979  1.4  3.4 1297024 134784 ?      Sl   May15  20:45 /var/ossec/bin/wazuh-analysisd
   root     24992  0.0  0.3 295020 14192 ?        SNl  May15   0:35 /var/ossec/bin/wazuh-syscheckd
   wazuh    25013  0.1  0.3 1241824 15332 ?       Sl   May15   2:29 /var/ossec/bin/wazuh-remoted
   root     25048  0.0  0.1 483840  5768 ?        Sl   May15   0:12 /var/ossec/bin/wazuh-logcollector
   wazuh    25068  0.0  0.1  41412  7604 ?        Sl   May15   0:52 /var/ossec/bin/wazuh-monitord
   root     25119  0.0  2.0 626296 80636 ?        Sl   May15   0:38 /var/ossec/bin/wazuh-modulesd
   wazuh    25553  0.0  1.4 424332 58940 ?        Sl   May15   0:33 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    25557  0.0  1.3 276420 52960 ?        S    May15   0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    25558  0.0  1.3 276420 52672 ?        S    May15   0:20 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

WazuhWorker 🟢

ps -aux | grep wazuh
   wazuh    15209  0.0  2.5 860676 101012 ?       Sl   May15   0:08 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    15210  0.0  1.4 282480 58332 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    15213  0.0  1.4 364408 58840 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    15216  0.0  1.4 511872 58644 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
   wazuh    15242  0.0  0.1  41332  4180 ?        Sl   May15   0:04 /var/ossec/bin/wazuh-integratord
   wazuh    15261  0.1  0.4 945596 18960 ?        Sl   May15   1:52 /var/ossec/bin/wazuh-db
   root     15287  0.0  0.1  41368  4088 ?        Sl   May15   0:03 /var/ossec/bin/wazuh-execd
   wazuh    15302  0.0  0.8 1296972 32116 ?       Sl   May15   0:12 /var/ossec/bin/wazuh-analysisd
   root     15314  0.0  0.3 229336 13740 ?        SNl  May15   0:33 /var/ossec/bin/wazuh-syscheckd
   wazuh    15336  0.1  0.2 774680 11080 ?        Sl   May15   2:29 /var/ossec/bin/wazuh-remoted
   root     15371  0.0  0.1 483772  5572 ?        Sl   May15   0:11 /var/ossec/bin/wazuh-logcollector
   wazuh    15391  0.0  0.1  41344  7764 ?        Sl   May15   0:04 /var/ossec/bin/wazuh-monitord
   root     15439  0.0  1.7 584296 67840 ?        Sl   May15   0:25 /var/ossec/bin/wazuh-modulesd
   wazuh    15906  0.1  1.6 577928 64736 ?        Sl   May15   2:32 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    15970  0.0  1.3 277112 54620 ?        S    May15   0:54 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   wazuh    16948  0.0  1.3 429308 53364 ?        S    May15   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
   root     26423  0.0  0.0 121272   964 pts/0    S+   08:54   0:00 grep --color=auto wazuh

[rafabailon]

Check the Status of the Indexer Cluster 🟢

curl -k -u ADMIN_USER:PASS https://indexer_IP:9200/_cat/nodes?v
   ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
   xx.x.x.xx            36          88   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-3
   xx.x.x.xxx           52          91   0    0.04    0.05     0.01 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-7
   xx.x.x.xxx            5          89   0    0.04    0.01     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-1
   xx.x.x.xxx           45          89   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-2

[rafabailon]

Check Browser's Developer Console for Errors While Browsing the App 🟡

Login/Logout Screen 🟡

• Reported in Web console errors accesing Wazuh Dashboard wazuh-dashboard-plugins#4121

login:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

wz-home:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected!

• Reported in Multiple unexpected Errors during Wazuh app session wazuh-dashboard-plugins#5821

core.entry.js:15 Detected an unhandled Promise rejection.
TypeError: Cannot read properties of undefined (reading 'split')

securityDashboards.plugin.js:15 Error: Unauthorized
    at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
    at async interceptResponse (core.entry.js:15:172919)
    at async core.entry.js:15:175399

core.entry.js:15 Detected an unhandled Promise rejection.
Error: Unauthorized

core.entry.js:15 Uncaught (in promise) Error: Unauthorized
    at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
    at async interceptResponse (core.entry.js:15:172919)
    at async core.entry.js:15:175399

• Reported in reportsDashboards error in console - compatibility OpenSearch 2.6 & 1.3 wazuh-dashboard-plugins#5332

reportsDashboards.plugin.js:24 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split')
    at checkURLParams (reportsDashboards.plugin.js:24:109539)
    at HTMLDocument.<anonymous> (reportsDashboards.plugin.js:24:109421)
    at u (osd-ui-shared-deps.js:411:26168)
    at l (osd-ui-shared-deps.js:411:26470)

• Reported in Warnings and errors when logging out of the app wazuh-dashboard-plugins#4108

/api/ism/apiCaller:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/restapiinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/configuration/account:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/auth/dashboardsinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/restapiinfo 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/auth/dashboardsinfo 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)

POST https://demo.wazuh.info/api/ism/apiCaller 401 (Unauthorized)

POST https://demo.wazuh.info/api/request 401 (Unauthorized)

Overview 🟡

• Reported in Web console errors accesing Wazuh Dashboard wazuh-dashboard-plugins#4121

wz-home#/overview/?_…&tabView=panels:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected!

Endpoints Summary 🟢

• No issues found here.

Configuration Assessment 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

Malware Detection 🟢

• Dashboard 🟢
• Events 🟢

File Integrity Monitoring 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

Threat Hunting 🟢

• Dashboard 🟢
• Events 🟢

Vulnerability Detection 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

MITRE ATT&CK 🟢

• Dashboard 🟢
• Intelligence 🟢
• Framework 🟢
• Events 🟢

VirusTotal 🟢

• Dashboard 🟢
• Events 🟢

PCI DSS 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

GDPR 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

HIPAA 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

NIST 800-53 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

TSC 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

Docker 🟢

• Dashboard 🟢
• Events 🟢

Amazon Web Services 🟡

• Dashboard 🟡

  • Reported in Multiple unexpected warning during Wazuh app session wazuh-dashboard-plugins#4092

  mapsLegacy.chunk.1.js:1 The "manifestServiceUrl" parameter is deprecated in v7.6.0.
          Consider using "tileApiUrl" and "fileApiUrl" instead.

• Events 🟢

Google Cloud 🟢

• Dashboard 🟢
• Events 🟢

Github 🟢

• Dashboard 🟢
• Panel 🟢
• Events 🟢

Office 365 🟡

• Dashboard 🟢

• Reported in Unexpected error in console in AWS module wazuh-dashboard-plugins#6022

osd-ui-shared-deps.js:364 Uncaught TypeError: Cannot read properties of null (reading 'top_left')
    at scaleBounds (tileMap.plugin.js:7:13685)
    at CoordinateMapsVisualization.updateGeohashAgg (tileMap.plugin.js:7:15150)
    at CoordinateMapsVisualization._updateData (tileMap.plugin.js:7:17884)
    at CoordinateMapsVisualization.render (mapsLegacy.plugin.js:1:60834)
    at async CoordinateMapsVisualization.render (tileMap.plugin.js:7:15901)

• Panel 🟢
• Events 🟢

Side Navbar 🟡

• Recently Viewed 🟡

  • Reported in Recently viewed button always shows empty options in the sidebar wazuh-dashboard-plugins#6318

Alerting 🟡

• Alerts 🟡

  • Reported in Configured indices are not found: [.opendistro-alerting-config] in Demo environment wazuh-dashboard-plugins#5869

  alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: '[alerting_exception] Configured indices are not found: [.opendistro-alerting-config]'}

• Monitors 🟡

  • Reported in Configured indices are not found: [.opendistro-alerting-config] in Demo environment wazuh-dashboard-plugins#5869

  alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: {…}}

• Destinations 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  alertingDashboards.chunk.3.js:1 Unable to get email groups [index_not_found_exception] no such index [.opendistro-alerting-config], with { index=".opendistro-alerting-config" & resource.id=".opendistro-alerting-config" & resource.type="index_or_alias" & index_uuid="_na_" }

[rafabailon]

Check that there are Alerts for each of the Modules Configured 🟡

Modules in ENV-1

Check Activated Modules 🟢

Check Alerts from the Activated Modules 🟡

• AWS Module

• VirusTotal Module

• Docker Listener Module

Note: Docker is not installed on the agents

• GDPR Module

• HIPAA Module

• TSC Module

Modules in ENV-2

Check Activated Modules 🟢

Check Alerts from the Activated Modules 🟡

• AWS Module

• VirusTotal Module

Reported in Reported in https://github.com/wazuh/wazuh-automation/issues/1369

• Docker Listener Module

• GDPR Module

• HIPAA Module

• TSC Module

[rafabailon]

Generate an Alert and Check it appears in Wazuh Dashboard 🟢

Attempt an Invalid SSH Login into Any Agent 🟢

$ ssh [email protected]
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
[email protected]: Permission denied (publickey,password).

Check the Alert in Wazuh Dashboard 🟢

[rafabailon]

Check the search engine works using * 🟢

Case 1: Using * 🟢

Case 2: Using aw* 🟢

Case 3: Using *squer* 🟢

Case 4: Using *shd 🟢

[juliamagan]

LGTM