Release 4.8.1 - RC 2 - E2E UX tests - Demo environment

[juliamagan]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Urgent priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by Jul 09, 2024 and notify the @wazuh/devel-devops team via Slack using the c-release channel
• Review: The @wazuh/devel-devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Jul 10, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by Jul 10, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer
Server
Dashboard		-
Agent		-

Test description

Test demo.wazuh.info environment:

• Check that there are no errors in the manager, agent, cluster, indexer, and dashboard logs.
• Check that the Wazuh daemons are running with the expected user.
• Check that the status of the indexer cluster is the expected.
• Check that there are no errors in the browser's developer console when browsing the App.
• Check that there are alerts for each of the modules configured.
• Check that no warning symbols appear in the browser's developer console when browsing the App
• Generate an alert and check that this alert appears in the dashboard (end to end)
• Check that the search engine works without specifying a field and using *

To access the demo environment, please contact @wazuh/devel-devops

Known issues

• Warnings and errors when logging out of the app wazuh-dashboard-plugins#4108
• Multiple unexpected warning during Wazuh app session wazuh-dashboard-plugins#4092
• Warnings messages when checking Wazuh-Indexer status wazuh-packages#1749
• Logcollector attempts messages when a file doesn't exist should be info until the last attempt #13253
• [Development] Windows 2012 R2 Wazuh agent can't subscribe to Windows Defender events #5214
• Reconnect time does not work when system time changed #8580
• Wazuh does not reconnect to Windows event log if the service is down at the start #8581
• ChunkLoadError, Loading chunk 4 failed. wazuh-dashboard-plugins#4406
• highlight.js is EOL wazuh-dashboard-plugins#4407
• Agent information cannot be parsed #14710
• Map rendering Uncaught TypeError: bounds is null wazuh-dashboard-plugins#4232
• Disabled plugins shouldn't appear in More menu wazuh-dashboard-plugins#4074
• Console error when I have an agent selected and environment change wazuh-dashboard-plugins#5745
• OpenSearch modifies log files permissions wazuh-packages#2139
• SUSE OVAL feeds download are too slow #18593
• Multiple unexpected Errors during Wazuh app session wazuh-dashboard-plugins#5821
• https://github.com/wazuh/wazuh-automation/issues/1113
• Does not show events in the 'Docker Listener', 'VirusTotal' and 'System Auditing' Modules when they are enabled wazuh-dashboard-plugins#5749
• The search with (*) does not return all the expected results. wazuh-dashboard-plugins#5750
• https://github.com/wazuh/wazuh-dashboard-plugins/4121
• https://github.com/wazuh/wazuh-dashboard-plugins/5332
• https://github.com/wazuh/wazuh-dashboard-plugins/6022
• https://github.com/wazuh/wazuh-automation/issues/1369
• https://github.com/wazuh/wazuh-dashboard-plugins/6023
• Unexpected Canvas2D warning in HIPAA module wazuh-dashboard-plugins#6182
• The page freezes and shows a notable delay in the response of the elements wazuh-dashboard-plugins#6216
• Premature IndexerConnector warnings generated #21829

Conclusions 🟡

Summarize the errors detected (Known Issues included). Illustrate using the table below, removing current examples:

Status	Test	Failure type	Notes
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Error Logs	Known issue: #13253
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Error Logs	Known issue: wazuh/wazuh-packages#2685
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Error Logs	Known issue: wazuh/wazuh-packages#2094
🟡	Check Agent, Dashboard, Indexer, and Manager Logs	Error Logs	Known issue: #17596
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#4121
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#5821
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#5332
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#4108
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#4092
🟡	Check Browser's Developer Console for Errors While Browsing the App	Error in Dev's Console	Known issue: wazuh/wazuh-dashboard-plugins#6022
🟡	Check that there are Alerts for each of the Modules Configured	Enhancement/Confusing Error	Known issue: https://github.com/wazuh/wazuh-automation/issues/1369

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
• Did you face any challenges not covered by the guideline?
• Suggestions for improvement:

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• @juliamagan
• @wazuh/devel-devops

[rafabailon]

Available Machines

Agents

• Amazon
• Centos
• Debian
• RHEL9
• Ubuntu
• Windows

Dashboard

• WazuhDashboard

Indexers

• IndexerBootstrap
• IndexerMasterB
• IndexerMasterC
• WazuhDashboard

Managers

• WazuhMasterEnv1
• WazuhMasterEnv2
• WazuhWorker

[rafabailon]

Check Agent, Dashboard and Manager Logs 🟡

Agent Logs

Amazon 🟢

System information

[root@ip-xx-x-x-xx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Agent Version

[root@ip-xx-x-x-xx bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="agent"

Agent Status

[root@ip-xx-x-x-xx bin]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:45:12 UTC; 4 days ago
  Process: 9586 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 9719 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-agent.service
           ├─11189 /var/ossec/bin/wazuh-execd
           ├─11201 /var/ossec/bin/wazuh-agentd
           ├─11216 /var/ossec/bin/wazuh-syscheckd
           ├─11232 /var/ossec/bin/wazuh-logcollector
           └─11250 /var/ossec/bin/wazuh-modulesd

Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Starting Wazuh v4.8.1...
Jul 05 13:45:06 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-execd...
Jul 05 13:45:07 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-agentd...
Jul 05 13:45:08 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-syscheckd...
Jul 05 13:45:09 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-logcollector...
Jul 05 13:45:10 ip-10-0-1-24.us-west-1.compute.internal crontab[9914]: (root) LIST (root)
Jul 05 13:45:10 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-modulesd...
Jul 05 13:45:12 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Completed.
Jul 05 13:45:12 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Module Status

[root@ip-xx-x-x-xx bin]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service Status

[root@ip-xx-x-x-xx bin]# journalctl -xe -u wazuh-agent.service
Jul 05 13:44:57 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done.
Jul 05 13:45:01 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Stopping Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has begun shutting down.
Jul 05 13:45:01 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Killing wazuh-modulesd...
Jul 05 13:45:04 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Killing wazuh-logcollector...
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Killing wazuh-syscheckd...
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Killing wazuh-agentd...
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Killing wazuh-execd...
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9586]: Wazuh v4.8.1 Stopped
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished shutting down.
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
-- Subject: Unit wazuh-agent.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has begun starting up.
Jul 05 13:45:05 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Starting Wazuh v4.8.1...
Jul 05 13:45:06 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-execd...
Jul 05 13:45:07 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-agentd...
Jul 05 13:45:08 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-syscheckd...
Jul 05 13:45:09 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-logcollector...
Jul 05 13:45:10 ip-10-0-1-24.us-west-1.compute.internal crontab[9914]: (root) LIST (root)
Jul 05 13:45:10 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Started wazuh-modulesd...
Jul 05 13:45:12 ip-10-0-1-24.us-west-1.compute.internal env[9719]: Completed.
Jul 05 13:45:12 ip-10-0-1-24.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
-- Subject: Unit wazuh-agent.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-agent.service has finished starting up.
--
-- The start-up result is done.

Error Logs

[root@ip-xx-x-x-xx bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0

Centos 🟢

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
CentOS Linux release 8.4.2105
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
CentOS Linux release 8.4.2105
CentOS Linux release 8.4.2105

Agent Version

[root@ip-xx-x-x-xxx bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="agent"

Agent Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:46:54 UTC; 4 days ago
  Process: 7736 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 7883 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 32 (limit: 4668)
   Memory: 267.6M
   CGroup: /system.slice/wazuh-agent.service
           ├─9187 /var/ossec/bin/wazuh-execd
           ├─9200 /var/ossec/bin/wazuh-agentd
           ├─9215 /var/ossec/bin/wazuh-syscheckd
           ├─9231 /var/ossec/bin/wazuh-logcollector
           └─9248 /var/ossec/bin/wazuh-modulesd

Module Status

[root@ip-xx-x-x-xxx bin]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-agent.service
~
-- Logs begin at Fri 2024-07-05 13:13:02 UTC, end at Wed 2024-07-10 12:07:55 UTC. --
-- No entries --

Error Logs

[root@ip-xx-x-x-xxx bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0

Debian 🟢

System information

root@ip-xx-x-x-xxx:/usr/bin# cat /etc/*release
ID="ec2"
VERSION="20220503-998"
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Agent Version

root@ip-xx-x-x-xxx:/usr/bin# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="agent"

Agent Status

root@ip-xx-x-x-xxx:/usr/bin# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
     Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-07-05 13:45:26 UTC; 4 days ago
      Tasks: 32 (limit: 1123)
     Memory: 294.2M
        CPU: 7min 49.789s
     CGroup: /system.slice/wazuh-agent.service
             ├─8217 /var/ossec/bin/wazuh-execd
             ├─8228 /var/ossec/bin/wazuh-agentd
             ├─8241 /var/ossec/bin/wazuh-syscheckd
             ├─8254 /var/ossec/bin/wazuh-logcollector
             └─8271 /var/ossec/bin/wazuh-modulesd

Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: Starting Wazuh agent...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: Starting Wazuh v4.8.1...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-execd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-agentd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-syscheckd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-logcollector already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-modulesd already running...
Jul 05 13:45:26 ip-10-0-1-243 env[6465]: Completed.
Jul 05 13:45:26 ip-10-0-1-243 systemd[1]: Started Wazuh agent.

Module Status

root@ip-xx-x-x-xxx:/usr/bin# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service Status

root@ip-xx-x-x-xxx:/usr/bin# journalctl -xe -u wazuh-agent.service
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 3451 and the job result is done.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Consumed 15.553s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6161 (wazuh-execd) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6176 (wazuh-agentd) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6194 (wazuh-syscheckd) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6213 (wazuh-logcollec) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6233 (wazuh-modulesd) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: wazuh-agent.service: Found left-over process 6461 (dpkg-query) in control group while starting unit. Ignoring.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jul 05 13:45:24 ip-10-0-1-243 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 3451.
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: Starting Wazuh v4.8.1...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-execd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-agentd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-syscheckd already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-logcollector already running...
Jul 05 13:45:24 ip-10-0-1-243 env[6465]: wazuh-modulesd already running...
Jul 05 13:45:26 ip-10-0-1-243 env[6465]: Completed.
Jul 05 13:45:26 ip-10-0-1-243 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 3451.

Error Logs

root@ip-10-0-1-243:/usr/bin# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0

RHEL9 🟢

System information

[root@ip-xx-x-x-xx bin]# cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Red Hat Enterprise Linux release 9.2 (Plow)
Red Hat Enterprise Linux release 9.2 (Plow)

Agent Version

[root@ip-xx-x-x-xx bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="agent"

Agent Status

[root@ip-xx-x-x-xx bin]# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
     Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-07-05 14:25:29 UTC; 4 days ago
    Process: 61168 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
      Tasks: 54 (limit: 22632)
     Memory: 831.1M
        CPU: 50min 3.814s
     CGroup: /system.slice/wazuh-agent.service
             ├─61195 /var/ossec/bin/wazuh-execd
             ├─61207 /var/ossec/bin/wazuh-agentd
             ├─61222 /var/ossec/bin/wazuh-syscheckd
             ├─61236 /var/ossec/bin/wazuh-logcollector
             ├─61245 /var/ossec/bin/wazuh-modulesd
             ├─61256 python3 wodles/docker/DockerListener
             ├─61262 /usr/bin/osqueryd --config_path=/etc/osquery/osquery.conf
             └─61276 /usr/bin/osqueryd

Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Starting Wazuh v4.8.1...
Jul 05 14:25:24 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-execd...
Jul 05 14:25:25 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-agentd...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-syscheckd...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-logcollector...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal osqueryd[61262]: osqueryd started [version=4.4.0]
Jul 05 14:25:27 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-modulesd...
Jul 05 14:25:29 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Completed.
Jul 05 14:25:29 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: Started Wazuh agent.

Module Status

[root@ip-xx-x-x-xx bin]# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service Status

[root@ip-xx-x-x-xx bin]# journalctl -xe -u wazuh-agent.service
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal env[61100]: Wazuh v4.8.1 Stopped
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 58517 (osqueryd) remains running after unit stopped.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61129 (wazuh-modulesd) remains running after unit stopped.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Unit process 61130 (wazuh-modulesd) remains running after unit stopped.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 26992 and the job result is done.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: wazuh-agent.service: Consumed 41.532s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 26992.
Jul 05 14:25:23 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Starting Wazuh v4.8.1...
Jul 05 14:25:24 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-execd...
Jul 05 14:25:25 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-agentd...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-syscheckd...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-logcollector...
Jul 05 14:25:26 ip-10-0-1-70.us-west-1.compute.internal osqueryd[61262]: osqueryd started [version=4.4.0]
Jul 05 14:25:27 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Started wazuh-modulesd...
Jul 05 14:25:29 ip-10-0-1-70.us-west-1.compute.internal env[61168]: Completed.
Jul 05 14:25:29 ip-10-0-1-70.us-west-1.compute.internal systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 26992.

Error Logs

[root@ip-xx-x-x-xx bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0

Ubuntu 🟢

System information

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Agent Version

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="agent"

Agent Status

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# systemctl status wazuh-agent -l
● wazuh-agent.service - Wazuh agent
     Loaded: loaded (/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-07-05 13:46:28 UTC; 4 days ago
      Tasks: 32 (limit: 1116)
     Memory: 110.7M
        CPU: 8min 8.507s
     CGroup: /system.slice/wazuh-agent.service
             ├─9745 /var/ossec/bin/wazuh-execd
             ├─9756 /var/ossec/bin/wazuh-agentd
             ├─9769 /var/ossec/bin/wazuh-syscheckd
             ├─9782 /var/ossec/bin/wazuh-logcollector
             └─9799 /var/ossec/bin/wazuh-modulesd

Jul 05 13:46:21 ip-10-0-1-38 systemd[1]: Starting Wazuh agent...
Jul 05 13:46:21 ip-10-0-1-38 env[8702]: Starting Wazuh v4.8.1...
Jul 05 13:46:22 ip-10-0-1-38 env[8702]: Started wazuh-execd...
Jul 05 13:46:23 ip-10-0-1-38 env[8702]: Started wazuh-agentd...
Jul 05 13:46:24 ip-10-0-1-38 env[8702]: Started wazuh-syscheckd...
Jul 05 13:46:25 ip-10-0-1-38 env[8702]: Started wazuh-logcollector...
Jul 05 13:46:26 ip-10-0-1-38 env[8702]: Started wazuh-modulesd...
Jul 05 13:46:28 ip-10-0-1-38 env[8702]: Completed.
Jul 05 13:46:28 ip-10-0-1-38 systemd[1]: Started Wazuh agent.

Module Status

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# /var/ossec/bin/wazuh-control status
wazuh-modulesd is running...
wazuh-logcollector is running...
wazuh-syscheckd is running...
wazuh-agentd is running...
wazuh-execd is running...

Service Status

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# journalctl -xe -u wazuh-agent.service
Jul 05 13:46:19 ip-10-0-1-38 env[8026]: Killing wazuh-logcollector...
Jul 05 13:46:19 ip-10-0-1-38 env[8026]: Killing wazuh-syscheckd...
Jul 05 13:46:20 ip-10-0-1-38 env[8026]: Killing wazuh-agentd...
Jul 05 13:46:20 ip-10-0-1-38 env[8026]: Killing wazuh-execd...
Jul 05 13:46:21 ip-10-0-1-38 env[8026]: Wazuh v4.8.1 Stopped
Jul 05 13:46:21 ip-10-0-1-38 systemd[1]: wazuh-agent.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-agent.service has successfully entered the 'dead' state.
Jul 05 13:46:21 ip-10-0-1-38 systemd[1]: Stopped Wazuh agent.
░░ Subject: A stop job for unit wazuh-agent.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-agent.service has finished.
░░
░░ The job identifier is 6224 and the job result is done.
Jul 05 13:46:21 ip-10-0-1-38 systemd[1]: wazuh-agent.service: Consumed 14.967s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-agent.service completed and consumed the indicated resources.
Jul 05 13:46:21 ip-10-0-1-38 systemd[1]: Starting Wazuh agent...
░░ Subject: A start job for unit wazuh-agent.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-agent.service has begun execution.
░░
░░ The job identifier is 6224.
Jul 05 13:46:21 ip-10-0-1-38 env[8702]: Starting Wazuh v4.8.1...
Jul 05 13:46:22 ip-10-0-1-38 env[8702]: Started wazuh-execd...
Jul 05 13:46:23 ip-10-0-1-38 env[8702]: Started wazuh-agentd...
Jul 05 13:46:24 ip-10-0-1-38 env[8702]: Started wazuh-syscheckd...
Jul 05 13:46:25 ip-10-0-1-38 env[8702]: Started wazuh-logcollector...
Jul 05 13:46:26 ip-10-0-1-38 env[8702]: Started wazuh-modulesd...
Jul 05 13:46:28 ip-10-0-1-38 env[8702]: Completed.
Jul 05 13:46:28 ip-10-0-1-38 systemd[1]: Started Wazuh agent.
░░ Subject: A start job for unit wazuh-agent.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-agent.service has finished successfully.
░░
░░ The job identifier is 6224.

Error Logs

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0

Windows 🟡

System information

PS C:\Windows\system32> systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
OS Name:                   Microsoft Windows Server 2019 Datacenter
OS Version:                10.0.17763 N/A Build 17763

Agent Version

PS C:\Windows\system32> cd 'C:\Program Files (x86)\ossec-agent\'
PS C:\Program Files (x86)\ossec-agent> (Get-Command .\wazuh-agent.exe).FileVersionInfo

ProductVersion   FileVersion      FileName
--------------   -----------      --------
v4.8.1           v4.8.1           C:\Program Files (x86)\ossec-agent\wazuh-agent.exe

Agent Status

PS C:\Program Files (x86)\ossec-agent> NET START wazuh
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Error Logs

PS C:\Program Files (x86)\ossec-agent> Get-Content "C:\Program Files (x86)\ossec-agent\ossec.log" | Select-String -Pattern "ERR|WARN|CRIT|FAT"

2024/07/10 00:01:00 wazuh-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex240710.log' due to [(2)-(No such file or directory)].

Reported in #13253

Dashboard Logs

WazuhDashboard 🟢

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Dashboard Version

[root@ip-xx-x-x-xxx bin]# cat /usr/share/wazuh-dashboard/plugins/wazuh/package.json
{
  "name": "wazuh",
  "version": "4.8.1",
  "revision": "02",
  "pluginPlatform": {
    "version": "2.10.0"
  },
  "description": "Wazuh dashboard",
  "keywords": [
    "opensearch_dashboards",
    "wazuh",
    "ossec"
  ],
  "node_build": "10.23.1",
  "author": "Wazuh, Inc",
  "license": "GPL-2.0",
  "repository": {
    "type": "git",
    "url": "https://github.com/wazuh/wazuh-dashboard-plugins.git"
  },
  "bugs": {
    "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues"
  },
  "homepage": "https://www.wazuh.com/",
  "scripts": {
    "lint": "eslint {public,server,common}/**/*.{js,jsx,ts,tsx,json}",
    "lint:public": "eslint public/**/*.{js,jsx,ts,tsx,json}",
    "lint:server": "eslint server/**/*.{js,jsx,ts,tsx,json}",
    "lint:common": "eslint common/**/*.{js,jsx,ts,tsx,json}",
    "lint:fix": "eslint --fix '{public,server,common}/**/*.{js,jsx,ts,tsx,json}'",
    "format": "prettier --write '{public,server,common}/**/*.{js,jsx,ts,tsx,css,md,json}' --config ./.prettierrc",
    "kbn": "node ../../scripts/kbn",
    "es": "node ../../scripts/es",
    "start": "plugin-helpers start",
    "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION",
    "build:runner": "node scripts/runner build",
    "plugin-helpers": "node ../../scripts/plugin_helpers",
    "test:ui:runner": "node ../../scripts/functional_test_runner.js",
    "test:server": "plugin-helpers test:server",
    "test:browser": "plugin-helpers test:browser",
    "test:jest": "node scripts/jest --runInBand",
    "test:jest:runner": "node scripts/runner test",
    "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration",
    "prebuild": "node scripts/generate-build-version"
  },
  "dependencies": {
    "angular-animate": "1.8.3",
    "angular-material": "1.2.5",
    "axios": "^1.6.1",
    "install": "^0.13.0",
    "js2xmlparser": "^5.0.0",
    "json2csv": "^4.1.2",
    "jwt-decode": "^3.1.2",
    "loglevel": "^1.7.1",
    "markdown-it-link-attributes": "^4.0.1",
    "md5": "^2.3.0",
    "needle": "^3.2.0",
    "node-cron": "^1.1.2",
    "pdfmake": "0.2.7",
    "querystring-browser": "1.0.4",
    "react-codemirror": "^1.0.0",
    "react-cookie": "^4.0.3",
    "read-last-lines": "^1.7.2",
    "timsort": "^0.3.0",
    "typescript": "^5.0.4",
    "winston": "3.9.0",
    "dompurify": "^3.1.3",
    "jsdom": "16.7.0"
  },
  "devDependencies": {
    "@types/node-cron": "^2.0.3",
    "@typescript-eslint/eslint-plugin": "^6.2.1",
    "@typescript-eslint/parser": "^6.2.1",
    "eslint": "^8.46.0",
    "eslint-config-prettier": "^8.5.0",
    "eslint-import-resolver-typescript": "3.5.5",
    "eslint-plugin-async-await": "^0.0.0",
    "eslint-plugin-cypress": "^2.12.1",
    "eslint-plugin-filenames-simple": "^0.8.0",
    "eslint-plugin-import": "^2.28.0",
    "eslint-plugin-prettier": "^4.2.1",
    "eslint-plugin-react": "^7.31.8",
    "eslint-plugin-react-hooks": "^4.6.0",
    "prettier": "^2.7.1",
    "redux-mock-store": "^1.5.4",
    "swagger-client": "^3.19.11"
  },
  "opensearchDashboards": {
    "version": "2.10.0"
  }
}

Dashboard Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-dashboard -l
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:51:37 UTC; 4 days ago
 Main PID: 19864 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─19864 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Jul 10 11:34:00 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:00Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 4ms - 9.0B"}
Jul 10 11:34:01 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:01Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 3ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 2ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /app/login 200 19ms - 9.0B"}

Dashboard Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-dashboard.service --no-pager
Jul 10 11:34:00 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:00Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 4ms - 9.0B"}
Jul 10 11:34:01 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:01Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 3ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 2ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
Jul 10 11:34:02 ip-10-0-0-194.us-west-1.compute.internal opensearch-dashboards[19864]: {"type":"response","@timestamp":"2024-07-10T11:34:02Z","tags":[],"pid":19864,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"10.0.0.194:5601","connection":"close","user-agent":"python-requests/2.26.0","accept-encoding":"gzip, deflate","accept":"*/*"},"remoteAddress":"10.0.0.194","userAgent":"python-requests/2.26.0"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /app/login 200 19ms - 9.0B"}

Error Logs

[root@ip-xx-x-x-xxx bin]# egrep -i "err|warn" /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | wc -l
0

Manager Logs

WazuhMasterEnv1 🟢

System information

[root@wazuh-manager-master-0 bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Manager Version

[root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="server"

Agent Status

[root@wazuh-manager-master-0 bin]# systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 18:12:33 UTC; 4 days ago
  Process: 31156 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 31312 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─31371 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─31372 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─31375 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─31378 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─31404 /var/ossec/bin/wazuh-integratord
           ├─31425 /var/ossec/bin/wazuh-authd
           ├─31442 /var/ossec/bin/wazuh-db
           ├─31468 /var/ossec/bin/wazuh-execd
           ├─31483 /var/ossec/bin/wazuh-analysisd
           ├─31495 /var/ossec/bin/wazuh-syscheckd
           ├─31516 /var/ossec/bin/wazuh-remoted
           ├─31552 /var/ossec/bin/wazuh-logcollector
           ├─31572 /var/ossec/bin/wazuh-monitord
           ├─31625 /var/ossec/bin/wazuh-modulesd
           ├─32066 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
           ├─32107 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
           └─32108 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:28 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 18:12:29 wazuh-manager-master-0 env[31312]: Started wazuh-modulesd...
Jul 05 18:12:31 wazuh-manager-master-0 crontab[32067]: (root) LIST (root)
Jul 05 18:12:31 wazuh-manager-master-0 env[31312]: Started wazuh-clusterd...
Jul 05 18:12:33 wazuh-manager-master-0 env[31312]: Completed.
Jul 05 18:12:33 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
Jul 06 18:12:29 wazuh-manager-master-0 crontab[16275]: (root) LIST (root)
Jul 09 06:12:28 wazuh-manager-master-0 crontab[25451]: (root) LIST (root)
Jul 10 06:12:28 wazuh-manager-master-0 crontab[9702]: (root) LIST (root)

Module Status

[root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Service Status

[root@wazuh-manager-master-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:54 UTC, end at Wed 2024-07-10 12:53:15 UTC. --
Jul 05 13:37:08 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Jul 05 18:12:16 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:16 wazuh-modulesd: INFO: At module 'azure-logs': No request tag defined. Setting it randomly...
Jul 05 18:12:16 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:16 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 18:12:16 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:16 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 18:12:17 wazuh-manager-master-0 env[31312]: Starting Wazuh v4.8.1...
Jul 05 18:12:20 wazuh-manager-master-0 env[31312]: Started wazuh-apid...
Jul 05 18:12:20 wazuh-manager-master-0 env[31312]: Started wazuh-csyslogd...
Jul 05 18:12:20 wazuh-manager-master-0 env[31312]: Started wazuh-dbd...
Jul 05 18:12:20 wazuh-manager-master-0 env[31312]: Started wazuh-integratord...
Jul 05 18:12:20 wazuh-manager-master-0 env[31312]: Started wazuh-agentlessd...
Jul 05 18:12:21 wazuh-manager-master-0 env[31312]: Started wazuh-authd...
Jul 05 18:12:22 wazuh-manager-master-0 env[31312]: Started wazuh-db...
Jul 05 18:12:23 wazuh-manager-master-0 env[31312]: Started wazuh-execd...
Jul 05 18:12:24 wazuh-manager-master-0 env[31312]: Started wazuh-analysisd...
Jul 05 18:12:25 wazuh-manager-master-0 env[31312]: Started wazuh-syscheckd...
Jul 05 18:12:26 wazuh-manager-master-0 env[31312]: Started wazuh-remoted...
Jul 05 18:12:27 wazuh-manager-master-0 env[31312]: Started wazuh-logcollector...
Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: Started wazuh-monitord...
Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:28 wazuh-modulesd: INFO: At module 'azure-logs': No request tag defined. Setting it randomly...
Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:28 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 18:12:28 wazuh-manager-master-0 env[31312]: 2024/07/05 18:12:28 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 18:12:29 wazuh-manager-master-0 env[31312]: Started wazuh-modulesd...
Jul 05 18:12:31 wazuh-manager-master-0 crontab[32067]: (root) LIST (root)
Jul 05 18:12:31 wazuh-manager-master-0 env[31312]: Started wazuh-clusterd...
Jul 05 18:12:33 wazuh-manager-master-0 env[31312]: Completed.
Jul 05 18:12:33 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
Jul 06 18:12:29 wazuh-manager-master-0 crontab[16275]: (root) LIST (root)
Jul 09 06:12:28 wazuh-manager-master-0 crontab[25451]: (root) LIST (root)
Jul 10 06:12:28 wazuh-manager-master-0 crontab[9702]: (root) LIST (root)

Error Logs

[root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0
[root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
0

Filebeat Output

[root@wazuh-manager-master-0 bin]# filebeat test output
elasticsearch: https://10.0.2.206:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.206
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.105:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.105
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.225:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.225
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

WazuhMasterEnv2 🟢

System information

[root@wazuh-manager-master-0 bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Manager Version

[root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="server"

Agent Status

[root@wazuh-manager-master-0 bin]# systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since Fri 2024-07-05 13:39:55 UTC; 4 days ago
  Process: 15095 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 15302 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

Jul 05 13:39:49 wazuh-manager-master-0 env[15302]: Started wazuh-remoted...
Jul 05 13:39:50 wazuh-manager-master-0 env[15302]: Started wazuh-logcollector...
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: Started wazuh-monitord...
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:51 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:39:52 wazuh-manager-master-0 env[15302]: Started wazuh-modulesd...
Jul 05 13:39:53 wazuh-manager-master-0 env[15302]: Started wazuh-clusterd...
Jul 05 13:39:54 wazuh-manager-master-0 crontab[15887]: (root) LIST (root)
Jul 05 13:39:55 wazuh-manager-master-0 env[15302]: Completed.
Jul 05 13:39:55 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.

Module Status

[root@wazuh-manager-master-0 bin]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Service Status

[root@wazuh-manager-master-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:54 UTC, end at Wed 2024-07-10 12:56:03 UTC. --
Jul 05 13:37:09 wazuh-manager-master-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Jul 05 13:39:38 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:38 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:39:38 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:38 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:39:39 wazuh-manager-master-0 env[15302]: Starting Wazuh v4.8.1...
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: Started wazuh-apid...
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: Started wazuh-csyslogd...
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: Started wazuh-dbd...
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:42 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: Started wazuh-integratord...
Jul 05 13:39:42 wazuh-manager-master-0 env[15302]: Started wazuh-agentlessd...
Jul 05 13:39:43 wazuh-manager-master-0 env[15302]: Started wazuh-authd...
Jul 05 13:39:44 wazuh-manager-master-0 env[15302]: Started wazuh-db...
Jul 05 13:39:45 wazuh-manager-master-0 env[15302]: Started wazuh-execd...
Jul 05 13:39:46 wazuh-manager-master-0 env[15302]: Started wazuh-analysisd...
Jul 05 13:39:47 wazuh-manager-master-0 env[15302]: Started wazuh-syscheckd...
Jul 05 13:39:49 wazuh-manager-master-0 env[15302]: Started wazuh-remoted...
Jul 05 13:39:50 wazuh-manager-master-0 env[15302]: Started wazuh-logcollector...
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: Started wazuh-monitord...
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:51 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:39:51 wazuh-manager-master-0 env[15302]: 2024/07/05 13:39:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:39:52 wazuh-manager-master-0 env[15302]: Started wazuh-modulesd...
Jul 05 13:39:53 wazuh-manager-master-0 env[15302]: Started wazuh-clusterd...
Jul 05 13:39:54 wazuh-manager-master-0 crontab[15887]: (root) LIST (root)
Jul 05 13:39:55 wazuh-manager-master-0 env[15302]: Completed.
Jul 05 13:39:55 wazuh-manager-master-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Error Logs

[root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0
[root@wazuh-manager-master-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
0

Filebeat Output

[root@wazuh-manager-master-0 bin]# filebeat test output
elasticsearch: https://10.0.2.206:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.206
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.105:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.105
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.225:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.225
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

WazuhWorker 🟢

System information

[root@wazuh-manager-worker-0 bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Manager Version

[root@wazuh-manager-worker-0 bin]# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.8.1"
WAZUH_REVISION="40815"
WAZUH_TYPE="server"

Agent Status

[root@wazuh-manager-worker-0 bin]# systemctl status wazuh-manager -l
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (exited) since Fri 2024-07-05 13:44:07 UTC; 4 days ago
  Process: 14841 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 14967 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)

Jul 05 13:43:59 wazuh-manager-worker-0 env[14967]: Started wazuh-syscheckd...
Jul 05 13:44:00 wazuh-manager-worker-0 env[14967]: Started wazuh-remoted...
Jul 05 13:44:02 wazuh-manager-worker-0 env[14967]: Started wazuh-logcollector...
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: Started wazuh-monitord...
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:44:03 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:44:03 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:44:04 wazuh-manager-worker-0 env[14967]: Started wazuh-modulesd...
Jul 05 13:44:05 wazuh-manager-worker-0 env[14967]: Started wazuh-clusterd...
Jul 05 13:44:07 wazuh-manager-worker-0 env[14967]: Completed.
Jul 05 13:44:07 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.

Module Status

[root@wazuh-manager-worker-0 bin]# /var/ossec/bin/wazuh-control status
wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd not running...
wazuh-agentlessd not running...
wazuh-integratord is running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Service Status

[root@wazuh-manager-worker-0 bin]# journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:54 UTC, end at Wed 2024-07-10 12:58:00 UTC. --
Jul 05 13:41:55 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-clusterd...
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-modulesd...
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-monitord...
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-logcollector...
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-remoted...
Jul 05 13:43:47 wazuh-manager-worker-0 env[14841]: Killing wazuh-syscheckd...
Jul 05 13:43:48 wazuh-manager-worker-0 env[14841]: Killing wazuh-analysisd...
Jul 05 13:43:48 wazuh-manager-worker-0 env[14841]: wazuh-maild not running...
Jul 05 13:43:48 wazuh-manager-worker-0 env[14841]: Killing wazuh-execd...
Jul 05 13:43:48 wazuh-manager-worker-0 env[14841]: Killing wazuh-db...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: wazuh-authd not running...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: wazuh-agentlessd not running...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: wazuh-integratord not running...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: wazuh-dbd not running...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: wazuh-csyslogd not running...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: Killing wazuh-apid...
Jul 05 13:43:49 wazuh-manager-worker-0 env[14841]: Wazuh v4.8.1 Stopped
Jul 05 13:43:49 wazuh-manager-worker-0 systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
Jul 05 13:43:49 wazuh-manager-worker-0 systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Jul 05 13:43:51 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:43:51 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:43:51 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:43:51 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:43:52 wazuh-manager-worker-0 env[14967]: Starting Wazuh v4.8.1...
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: Started wazuh-apid...
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: Started wazuh-csyslogd...
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: Started wazuh-dbd...
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:43:55 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: Started wazuh-integratord...
Jul 05 13:43:55 wazuh-manager-worker-0 env[14967]: Started wazuh-agentlessd...
Jul 05 13:43:56 wazuh-manager-worker-0 env[14967]: Started wazuh-db...
Jul 05 13:43:57 wazuh-manager-worker-0 env[14967]: Started wazuh-execd...
Jul 05 13:43:58 wazuh-manager-worker-0 env[14967]: Started wazuh-analysisd...
Jul 05 13:43:59 wazuh-manager-worker-0 env[14967]: Started wazuh-syscheckd...
Jul 05 13:44:00 wazuh-manager-worker-0 env[14967]: Started wazuh-remoted...
Jul 05 13:44:02 wazuh-manager-worker-0 env[14967]: Started wazuh-logcollector...
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: Started wazuh-monitord...
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:44:03 wazuh-modulesd:router: INFO: Loaded router module.
Jul 05 13:44:03 wazuh-manager-worker-0 env[14967]: 2024/07/05 13:44:03 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Jul 05 13:44:04 wazuh-manager-worker-0 env[14967]: Started wazuh-modulesd...
Jul 05 13:44:05 wazuh-manager-worker-0 env[14967]: Started wazuh-clusterd...
Jul 05 13:44:07 wazuh-manager-worker-0 env[14967]: Completed.
Jul 05 13:44:07 wazuh-manager-worker-0 systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Error Logs

[root@wazuh-manager-worker-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/ossec.log |  wc -l
0
[root@wazuh-manager-worker-0 bin]# egrep -i "ERROR|WARNING" /var/ossec/logs/cluster.log  | wc -l
0

Filebeat Output

[root@wazuh-manager-worker-0 bin]# filebeat test output
elasticsearch: https://10.0.2.206:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.206
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.105:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.105
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://10.0.2.225:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.2.225
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

[rafabailon]

Check Indexer Logs 🟡

Indexer Logs

IndexerBootstrap 🟡

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Agent Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:27:47 UTC; 4 days ago
     Docs: https://documentation.wazuh.com
 Main PID: 12316 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─12316 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-4418879510418513755 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:53 UTC, end at Wed 2024-07-10 12:36:31 UTC. --
Jul 05 13:26:10 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.Jul 05 13:26:13 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: A terminally deprecated method in java.lang.System has been calledJul 05 13:26:13 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Jul 05 13:26:13 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchJul 05 13:26:13 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: System::setSecurityManager will be removed in a future releaseJul 05 13:26:15 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:26:15 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:26:15 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:26:15 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[10581]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:26:33 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 05 13:27:24 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Jul 05 13:27:24 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Jul 05 13:27:24 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Jul 05 13:27:27 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:27:27 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:27:27 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jul 05 13:27:27 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:27:29 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:27:29 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:27:29 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:27:29 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:27:47 ip-10-0-2-206.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 06 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 07 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.indices.IndicesService.withTempIndexService(IndicesService.java:784)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexWithTemporaryService(MetadataCreateIndexService.java:480)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequestWithV1Templates(MetadataCreateIndexService.java:585)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:442)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:449)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:355)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.indices.IndicesService.withTempIndexService(IndicesService.java:784)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexWithTemporaryService(MetadataCreateIndexService.java:480)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequestWithV1Templates(MetadataCreateIndexService.java:585)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:442)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:449)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:355)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 08 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 09 00:00:00 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1870)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1412)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.metadata.MetadataUpdateSettingsService$1.execute(MetadataUpdateSettingsService.java:256)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:01 ip-10-0-2-206.us-west-1.compute.internal systemd-entrypoint[12316]: at java.base/java.lang.Thread.run(Thread.java:833)

Reported in wazuh/wazuh-packages#2685

Error Logs

[root@ip-10-0-2-206 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
2

IndexerMasterB 🟡

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Agent Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:28:41 UTC; 4 days ago
     Docs: https://documentation.wazuh.com
 Main PID: 12324 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─12324 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6104056666757817461 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:59 UTC, end at Wed 2024-07-10 12:37:55 UTC. --
Jul 05 13:26:10 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.Jul 05 13:26:13 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: A terminally deprecated method in java.lang.System has been calledJul 05 13:26:13 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Jul 05 13:26:13 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchJul 05 13:26:13 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: System::setSecurityManager will be removed in a future releaseJul 05 13:26:15 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:26:15 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:26:15 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:26:15 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[10431]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:26:33 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 05 13:28:18 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Jul 05 13:28:18 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Jul 05 13:28:18 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Jul 05 13:28:21 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:28:21 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:28:21 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jul 05 13:28:21 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:28:23 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:28:23 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:28:23 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:28:23 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:28:41 ip-10-0-2-225.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 06 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-2-225.us-west-1.compute.internal systemd-entrypoint[12324]: at java.base/java.lang.Thread.run(Thread.java:833)

Reported in wazuh/wazuh-packages#2685

Error Logs

[root@ip-10-0-2-225 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0

IndexerMasterC 🟡

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Agent Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:28:16 UTC; 4 days ago
     Docs: https://documentation.wazuh.com
 Main PID: 12168 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─12168 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-11688530339183442527 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:54 UTC, end at Wed 2024-07-10 12:45:39 UTC. --
Jul 05 13:26:13 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.Jul 05 13:26:15 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: A terminally deprecated method in java.lang.System has been calledJul 05 13:26:15 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Jul 05 13:26:15 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchJul 05 13:26:15 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: System::setSecurityManager will be removed in a future releaseJul 05 13:26:17 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:26:17 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:26:17 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:26:17 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[10434]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:26:37 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 05 13:27:51 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Jul 05 13:27:51 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Jul 05 13:27:51 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Jul 05 13:27:54 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:27:54 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:27:54 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jul 05 13:27:54 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:27:57 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:27:57 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:27:57 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:27:57 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:28:16 ip-10-0-2-105.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 06 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-2-105.us-west-1.compute.internal systemd-entrypoint[12168]: at java.base/java.lang.Thread.run(Thread.java:833)

Reported in wazuh/wazuh-packages#2685

Error Logs

[root@ip-10-0-2-105 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0

WazuhDashboard 🟡

System information

[root@ip-xx-x-x-xxx bin]# cat /etc/*release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Agent Status

[root@ip-xx-x-x-xxx bin]# systemctl status wazuh-indexer -l
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-07-05 13:34:55 UTC; 4 days ago
     Docs: https://documentation.wazuh.com
 Main PID: 14546 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─14546 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-14842540090460365950 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet

Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)

Service Status

[root@ip-xx-x-x-xxx bin]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at Fri 2024-07-05 13:12:58 UTC, end at Wed 2024-07-10 12:50:47 UTC. --
Jul 05 13:31:16 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.Jul 05 13:31:18 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: A terminally deprecated method in java.lang.System has been calledJul 05 13:31:18 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)Jul 05 13:31:18 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearchJul 05 13:31:18 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: System::setSecurityManager will be removed in a future releaseJul 05 13:31:20 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:31:20 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:31:20 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:31:20 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[10410]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:31:38 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
---- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 05 13:34:29 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Stopping Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun shutting down.
Jul 05 13:34:29 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Stopped Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished shutting down.
Jul 05 13:34:29 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
Jul 05 13:34:33 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:34:33 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:34:33 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jul 05 13:34:33 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:34:36 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: A terminally deprecated method in java.lang.System has been called
Jul 05 13:34:36 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Jul 05 13:34:36 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jul 05 13:34:36 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: WARNING: System::setSecurityManager will be removed in a future release
Jul 05 13:34:55 ip-10-0-0-194.us-west-1.compute.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 06 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 07 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 08 00:00:00 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.alerting.util.destinationmigration.DestinationMigrationCoordinator.clusterChanged(DestinationMigrationCoordinator.kt:48)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListener(ClusterApplierService.java:625)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateListeners(ClusterApplierService.java:612)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:577)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 08 00:00:01 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 09 00:00:06 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1980)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1946)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1283)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.plugins.PluginsService.onIndexModule(PluginsService.java:308)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:838)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:729)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:209)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:556)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:291)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:606)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:593)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:561)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:484)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:186)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Jul 10 00:00:03 ip-10-0-0-194.us-west-1.compute.internal systemd-entrypoint[14546]: at java.base/java.lang.Thread.run(Thread.java:833)

Reported in wazuh/wazuh-packages#2685

Error Logs

[root@ip-10-0-0-194 bin]# egrep -i "ERROR|WARNING" /var/log/wazuh-indexer/wazuh.log | wc -l
0

[rafabailon]

Check Wazuh Users and Processes 🟢

Agent

Amazon 🟢

[root@ip-xx-x-x-xx bin]# ps -aux | grep wazuh
root     11189  0.0  0.3  40768  3444 ?        Sl   Jul05   0:16 /var/ossec/bin/wazuh-execd
wazuh    11201  0.0  0.5 262688  5360 ?        Sl   Jul05   1:26 /var/ossec/bin/wazuh-agentd
root     11216  0.0  0.9 233012  9120 ?        SNl  Jul05   2:27 /var/ossec/bin/wazuh-syscheckd
root     11232  0.0  0.4 483212  4680 ?        Sl   Jul05   1:02 /var/ossec/bin/wazuh-logcollector
root     11250  0.0  1.2 751764 12112 ?        Sl   Jul05   0:35 /var/ossec/bin/wazuh-modulesd
root     28974  0.0  0.0 121272   920 pts/0    S+   13:16   0:00 grep --color=auto wazuh

Centos 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh
root        9187  0.0  0.2  45828  2204 ?        Sl   Jul05   0:11 /var/ossec/bin/wazuh-execd
wazuh       9200  0.0  0.4 276776  3952 ?        Sl   Jul05   2:32 /var/ossec/bin/wazuh-agentd
root        9215  0.0  1.1 244476  9384 ?        SNl  Jul05   2:53 /var/ossec/bin/wazuh-syscheckd
root        9231  0.0  0.4 488372  3576 ?        Sl   Jul05   0:56 /var/ossec/bin/wazuh-logcollector
root        9248  0.0  2.8 746032 22708 ?        Sl   Jul05   0:37 /var/ossec/bin/wazuh-modulesd
root       97689  0.0  0.1 221928  1020 pts/0    S+   13:17   0:00 grep --color=auto wazuh

Debian 🟢

root@ip-xx-x-x-xxx:/usr/bin# ps -aux | grep wazuh
root        8217  0.0  0.1  26596  1720 ?        Sl   Jul05   0:16 /var/ossec/bin/wazuh-execd
wazuh       8228  0.0  0.7 248564  7364 ?        Sl   Jul05   1:58 /var/ossec/bin/wazuh-agentd
root        8241  0.0  0.5 214344  5708 ?        SNl  Jul05   2:27 /var/ossec/bin/wazuh-syscheckd
root        8254  0.0  0.1 469144  1856 ?        Sl   Jul05   1:10 /var/ossec/bin/wazuh-logcollector
root        8271  0.0  1.6 666020 16164 ?        Sl   Jul05   0:34 /var/ossec/bin/wazuh-modulesd
root      102479  0.0  0.0   5264   712 pts/0    S+   13:18   0:00 grep wazuh

RHEL9 🟢

[root@ip-xx-x-x-xx bin]# ps -aux | grep wazuh
root       61195  0.0  0.1  26384  5104 ?        Sl   Jul05   0:11 /var/ossec/bin/wazuh-execd
wazuh      61207  0.0  0.1 248780  7296 ?        Sl   Jul05   2:39 /var/ossec/bin/wazuh-agentd
root       61222  0.0  0.3 558428 12836 ?        SNl  Jul05   4:21 /var/ossec/bin/wazuh-syscheckd
root       61236  0.0  0.2 468896  8412 ?        Sl   Jul05   1:25 /var/ossec/bin/wazuh-logcollector
root       61245  0.0  1.1 1026020 43200 ?       Sl   Jul05   1:55 /var/ossec/bin/wazuh-modulesd
root      560716  0.0  0.0   6408  2204 pts/0    S+   13:18   0:00 grep --color=auto wazuh

Ubuntu 🟢

root@ip-xx-x-x-xx:/var/snap/amazon-ssm-agent/8871# ps -aux | grep wazuh
root        9745  0.0  0.2  26436  2500 ?        Sl   Jul05   0:21 /var/ossec/bin/wazuh-execd
wazuh       9756  0.0  0.4 248364  4500 ?        Sl   Jul05   2:06 /var/ossec/bin/wazuh-agentd
root        9769  0.0  0.6 214460  6412 ?        SNl  Jul05   2:45 /var/ossec/bin/wazuh-syscheckd
root        9782  0.0  0.2 468908  2736 ?        Sl   Jul05   1:08 /var/ossec/bin/wazuh-logcollector
root        9799  0.0  1.3 665812 13268 ?        Sl   Jul05   0:44 /var/ossec/bin/wazuh-modulesd
root      146270  0.0  0.2   7008  2228 pts/1    S+   13:19   0:00 grep --color=auto wazuh

Windows 🟢

PS C:\Windows\system32> tasklist /svc | Select-String "wazuh"

wazuh-agent.exe               2212 WazuhSvc

Dashboard

WazuhDashboard 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh-dashboard
wazuh-d+ 19864  0.1  2.4 1057284 196656 ?      Ssl  Jul05  12:38 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
root     26433  0.0  0.0 121272   936 pts/0    S+   13:21   0:00 grep --color=auto wazuh-dashboard

Indexer

IndexerBootstrap 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh
wazuh-i+ 12316  1.8 57.4 7291452 4624264 ?     Ssl  Jul05 132:28 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-4418879510418513755 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     20096  0.0  0.0 121272   936 pts/0    S+   13:21   0:00 grep --color=auto wazuh

IndexerMasterB 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh
wazuh-i+ 12324  1.6 57.3 7198736 4611872 ?     Ssl  Jul05 117:57 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-6104056666757817461 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     16800  0.0  0.0 121272   924 pts/0    S+   13:22   0:00 grep --color=auto wazuh

IndexerMasterC 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh
wazuh-i+ 12168  1.6 57.2 7198260 4607684 ?     Ssl  Jul05 117:09 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms3928m -Xmx3928m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-11688530339183442527 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=2059403264 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     16665  0.0  0.0 121272   968 pts/0    S+   13:23   0:00 grep --color=auto wazuh

WazuhDashboard 🟢

[root@ip-xx-x-x-xxx bin]# ps -aux | grep wazuh-indexer
wazuh-i+ 14546  0.8 38.8 5782720 3121720 ?     Ssl  Jul05  61:13 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2560m -Xmx2560m -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/opensearch-14842540090460365950 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy -XX:MaxDirectMemorySize=1342177280 -Dopensearch.path.home=/usr/share/wazuh-indexer -Dopensearch.path.conf=/etc/wazuh-indexer -Dopensearch.distribution.type=rpm -Dopensearch.bundled_jdk=true -cp /usr/share/wazuh-indexer/lib/* org.opensearch.bootstrap.OpenSearch -p /run/wazuh-indexer/wazuh-indexer.pid --quiet
root     26468  0.0  0.0 121272   960 pts/1    S+   13:23   0:00 grep --color=auto wazuh-indexer

Manager

WazuhMasterEnv1 🟢

[root@wazuh-manager-master-0 bin]# ps -aux | grep wazuh
root     15175  0.0  0.0 121272   960 pts/0    S+   13:24   0:00 grep --color=auto wazuh
wazuh    31371  0.0  3.0 1166908 119156 ?      Sl   Jul05   3:35 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    31372  0.0  1.8 291468 72608 ?        S    Jul05   0:09 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    31375  0.0  2.0 386976 82848 ?        S    Jul05   6:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    31378  0.0  1.4 586552 59320 ?        S    Jul05   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    31404  0.0  0.1  41372  4828 ?        Sl   Jul05   0:31 /var/ossec/bin/wazuh-integratord
root     31425  0.2  0.1 271008  7888 ?        Sl   Jul05  17:45 /var/ossec/bin/wazuh-authd
wazuh    31442  0.1  0.7 974472 31544 ?        Sl   Jul05   9:57 /var/ossec/bin/wazuh-db
root     31468  0.0  0.1  41440  4148 ?        Sl   Jul05   0:13 /var/ossec/bin/wazuh-execd
wazuh    31483  0.3  3.6 1297136 143420 ?      Sl   Jul05  24:34 /var/ossec/bin/wazuh-analysisd
root     31495  0.0  0.3 299120 14064 ?        SNl  Jul05   2:34 /var/ossec/bin/wazuh-syscheckd
wazuh    31516  0.2  0.4 1176652 16312 ?       Sl   Jul05  20:12 /var/ossec/bin/wazuh-remoted
root     31552  0.0  0.1 483840  5828 ?        Sl   Jul05   0:49 /var/ossec/bin/wazuh-logcollector
wazuh    31572  0.0  0.1  41412  7648 ?        Sl   Jul05   2:44 /var/ossec/bin/wazuh-monitord
root     31625  0.1  6.0 1023488 240636 ?      Sl   Jul05  12:23 /var/ossec/bin/wazuh-modulesd
wazuh    32066  0.1  1.6 439664 65536 ?        Sl   Jul05  10:42 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    32107  0.0  1.3 277444 53552 ?        S    Jul05   1:39 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    32108  0.0  1.3 277576 53832 ?        S    Jul05   1:40 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

WazuhMasterEnv2 🟢

[root@wazuh-manager-master-0 bin]# ps -aux | grep wazuh
root      6091  0.0  0.0 121272   920 pts/0    S+   13:24   0:00 grep --color=auto wazuh
wazuh    24936  0.0  2.8 1144380 113920 ?      Sl   Jul05   3:13 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24937  0.0  1.8 294776 74292 ?        S    Jul05   0:10 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24940  0.0  2.0 383020 81332 ?        S    Jul05   6:13 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24943  0.0  1.4 512824 58876 ?        S    Jul05   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    24969  0.0  0.0  41376  3740 ?        Sl   Jul05   0:43 /var/ossec/bin/wazuh-integratord
root     24990  0.2  0.1 197280  6364 ?        Sl   Jul05  16:52 /var/ossec/bin/wazuh-authd
wazuh    25007  0.1  0.5 945800 21944 ?        Sl   Jul05  10:15 /var/ossec/bin/wazuh-db
root     25033  0.0  0.0  41440  3844 ?        Sl   Jul05   0:15 /var/ossec/bin/wazuh-execd
wazuh    25047  0.5  3.1 1297184 125508 ?      Sl   Jul05  37:26 /var/ossec/bin/wazuh-analysisd
root     25060  0.0  0.3 294992 12816 ?        SNl  Jul05   2:45 /var/ossec/bin/wazuh-syscheckd
wazuh    25082  0.1  0.3 1233472 13184 ?       Sl   Jul05  12:43 /var/ossec/bin/wazuh-remoted
root     25117  0.0  0.1 483840  5432 ?        Sl   Jul05   0:59 /var/ossec/bin/wazuh-logcollector
wazuh    25138  0.0  0.1  41408  7292 ?        Sl   Jul05   2:30 /var/ossec/bin/wazuh-monitord
root     25188  0.7  4.3 1181704 173624 ?      Sl   Jul05  52:38 /var/ossec/bin/wazuh-modulesd
wazuh    25622  0.0  1.4 425516 57432 ?        Sl   Jul05   2:39 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    25626  0.0  1.3 277460 53276 ?        S    Jul05   1:39 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    25627  0.0  1.3 277460 53020 ?        S    Jul05   1:39 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

WazuhWorker 🟢

[root@wazuh-manager-worker-0 bin]# ps -aux | grep wazuh
root      4655  0.0  0.0 121272   960 pts/0    S+   13:25   0:00 grep --color=auto wazuh
wazuh    18910  0.0  2.5 861640 100292 ?       Sl   Jul05   0:07 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18911  0.0  1.4 283432 59204 ?        S    Jul05   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18914  0.0  1.5 365360 59380 ?        S    Jul05   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18917  0.0  1.5 512824 59448 ?        S    Jul05   0:00 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
wazuh    18943  0.0  0.1  41332  4184 ?        Sl   Jul05   0:21 /var/ossec/bin/wazuh-integratord
wazuh    18962  0.1  0.4 945660 18668 ?        Sl   Jul05   8:38 /var/ossec/bin/wazuh-db
root     18988  0.0  0.0  41376  3928 ?        Sl   Jul05   0:15 /var/ossec/bin/wazuh-execd
wazuh    19002  0.0  0.9 1296972 37136 ?       Sl   Jul05   0:55 /var/ossec/bin/wazuh-analysisd
root     19015  0.0  0.3 229332 13436 ?        SNl  Jul05   2:32 /var/ossec/bin/wazuh-syscheckd
wazuh    19037  0.1  0.2 774684 10484 ?        Sl   Jul05  12:33 /var/ossec/bin/wazuh-remoted
root     19073  0.0  0.1 483772  5472 ?        Sl   Jul05   0:55 /var/ossec/bin/wazuh-logcollector
wazuh    19093  0.0  0.1  41340  7484 ?        Sl   Jul05   0:22 /var/ossec/bin/wazuh-monitord
root     19139  0.5  3.8 1115128 150564 ?      Sl   Jul05  37:28 /var/ossec/bin/wazuh-modulesd
wazuh    19558  0.1  1.5 578924 61828 ?        Sl   Jul05  12:41 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    19645  0.0  1.4 278100 55612 ?        S    Jul05   4:34 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py
wazuh    20602  0.0  1.3 430300 54308 ?        S    Jul05   0:01 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clusterd.py

[rafabailon]

Check the Status of the Indexer Cluster 🟢

[root@ip-xx-x-x-xxx bin]# curl -k -u admin:pass https://xx.x.x.xxx:9200/_cat/nodes?v
ip         heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
xx.x.x.xxx            6          94   0    0.04    0.01     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-2
xx.x.x.xxx           57          94   0    0.00    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-3
xx.x.x.xxx           22          88   0    0.02    0.01     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client -               node-7
xx.x.x.xxx           30          88   0    0.01    0.00     0.00 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1

[rafabailon]

Check Browser's Developer Console for Errors While Browsing the App 🟡

Login/Logout Screen 🟡

• Reported in Web console errors accesing Wazuh Dashboard wazuh-dashboard-plugins#4121

login:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

wz-home:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected!

• Reported in Multiple unexpected Errors during Wazuh app session wazuh-dashboard-plugins#5821

core.entry.js:15 Detected an unhandled Promise rejection.
TypeError: Cannot read properties of undefined (reading 'split')

securityDashboards.plugin.js:15 Error: Unauthorized
    at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
    at async interceptResponse (core.entry.js:15:172919)
    at async core.entry.js:15:175399

core.entry.js:15 Detected an unhandled Promise rejection.
Error: Unauthorized

core.entry.js:15 Uncaught (in promise) Error: Unauthorized
    at fetch_Fetch.fetchResponse (core.entry.js:15:177501)
    at async interceptResponse (core.entry.js:15:172919)
    at async core.entry.js:15:175399

• Reported in reportsDashboards error in console - compatibility OpenSearch 2.6 & 1.3 wazuh-dashboard-plugins#5332

reportsDashboards.plugin.js:24 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'split')
    at checkURLParams (reportsDashboards.plugin.js:24:109539)
    at HTMLDocument.<anonymous> (reportsDashboards.plugin.js:24:109421)
    at u (osd-ui-shared-deps.js:411:26168)
    at l (osd-ui-shared-deps.js:411:26470)

• Reported in Warnings and errors when logging out of the app wazuh-dashboard-plugins#4108

/api/ism/apiCaller:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/restapiinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/configuration/account:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

/api/v1/auth/dashboardsinfo:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/restapiinfo 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/auth/dashboardsinfo 401 (Unauthorized)

GET https://demo.wazuh.info/api/v1/configuration/account 401 (Unauthorized)

POST https://demo.wazuh.info/api/ism/apiCaller 401 (Unauthorized)

POST https://demo.wazuh.info/api/request 401 (Unauthorized)

Overview 🟡

• Reported in Web console errors accesing Wazuh Dashboard wazuh-dashboard-plugins#4121

wz-home#/overview/?_…&tabView=panels:363 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-75XtnrpDA0UHDMcl7S8lvswryIOd0RqgacRh0AMOgdk='), or a nonce ('nonce-...') is required to enable inline execution.

bootstrap.js:43 ^ A single error about an inline script not firing due to content security policy is expected!

Endpoints Summary 🟢

• No issues found here.

Configuration Assessment 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

Malware Detection 🟢

• Dashboard 🟢
• Events 🟢

File Integrity Monitoring 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

Threat Hunting 🟢

• Dashboard 🟢
• Events 🟢

Vulnerability Detection 🟢

• Dashboard 🟢
• Inventory 🟢
• Events 🟢

MITRE ATT&CK 🟢

• Dashboard 🟢
• Intelligence 🟢
• Framework 🟢
• Events 🟢

VirusTotal 🟢

• Dashboard 🟢
• Events 🟢

PCI DSS 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

GDPR 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

HIPAA 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

NIST 800-53 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

TSC 🟡

• Dashboard 🟢

• Controls 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  [email protected]:1 EuiButtonIcon requires aria-label or aria-labelledby to be specified because icon-only
        buttons are screen-reader-inaccessible without them.

• Events 🟢

Docker 🟢

• Dashboard 🟢
• Events 🟢

Amazon Web Services 🟡

• Dashboard 🟡

  • Reported in Multiple unexpected warning during Wazuh app session wazuh-dashboard-plugins#4092

  mapsLegacy.chunk.1.js:1 The "manifestServiceUrl" parameter is deprecated in v7.6.0.
          Consider using "tileApiUrl" and "fileApiUrl" instead.

• Events 🟢

Google Cloud 🟢

• Dashboard 🟢
• Events 🟢

Github 🟢

• Dashboard 🟢
• Panel 🟢
• Events 🟢

Office 365 🟡

• Dashboard 🟢

• Reported in Unexpected error in console in AWS module wazuh-dashboard-plugins#6022

osd-ui-shared-deps.js:364 Uncaught TypeError: Cannot read properties of null (reading 'top_left')
    at scaleBounds (tileMap.plugin.js:7:13685)
    at CoordinateMapsVisualization.updateGeohashAgg (tileMap.plugin.js:7:15150)
    at CoordinateMapsVisualization._updateData (tileMap.plugin.js:7:17884)
    at CoordinateMapsVisualization.render (mapsLegacy.plugin.js:1:60834)
    at async CoordinateMapsVisualization.render (tileMap.plugin.js:7:15901)

• Panel 🟢
• Events 🟢

Side Navbar 🟡

• Recently Viewed 🟡

  • Reported in Recently viewed button always shows empty options in the sidebar wazuh-dashboard-plugins#6318

Alerting 🟡

• Alerts 🟡

  • Reported in Configured indices are not found: [.opendistro-alerting-config] in Demo environment wazuh-dashboard-plugins#5869

  alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: '[alerting_exception] Configured indices are not found: [.opendistro-alerting-config]'}

• Monitors 🟡

  • Reported in Configured indices are not found: [.opendistro-alerting-config] in Demo environment wazuh-dashboard-plugins#5869

  alertingDashboards.chunk.3.js:1 error getting monitors: {ok: false, resp: {…}}

• Destinations 🟡

  • Reported in Multiple New unexpected console Errors during Wazuh app session wazuh-dashboard-plugins#6320

  alertingDashboards.chunk.3.js:1 Unable to get email groups [index_not_found_exception] no such index [.opendistro-alerting-config], with { index=".opendistro-alerting-config" & resource.id=".opendistro-alerting-config" & resource.type="index_or_alias" & index_uuid="_na_" }

[rafabailon]

Check that there are Alerts for each of the Modules Configured 🟡

Modules in Wazuh-1

Check Activated Modules 🟢

Check Alerts from the Activated Modules 🟡

• AWS Module

• VirusTotal Module

• Docker Listener Module

I have installed Docker following the Wazuh documentation and no logs have appeared.

Note: Docker is not installed on the agents
Documentation: Monitoring Docker events

• GDPR Module

• HIPAA Module

• TSC Module

Modules in Wazuh-2

Check Activated Modules 🟢

Check Alerts from the Activated Modules 🟡

• AWS Module

• VirusTotal Module

Reported in Reported in https://github.com/wazuh/wazuh-automation/issues/1369

• Docker Listener Module

I have installed Docker following the Wazuh documentation and only the logs in the screenshot have appeared.

Note: Docker is not installed on the agents
Documentation: Monitoring Docker events

• GDPR Module

• HIPAA Module

• TSC Module

[rafabailon]

Check the search engine works using * 🟢

Case 1: Using * 🟢

Case 2: Using aw* 🟢

Case 3: Using *squer* 🟢

Case 4: Using *shd 🟢

[rafabailon]

Generate an Alert and Check it appears in Wazuh Dashboard 🟢

Attempt an Invalid SSH Login into Any Agent 🟢

$ ssh [email protected]
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
[email protected]: Permission denied (publickey,password).

Check the Alert in Wazuh Dashboard 🟢

{
  "_index": "wazuh-alerts-4.x-wazuh1-2024.07.10",
  "_id": "2VcXnZABtRoc-K27wVfF",
  "_version": 1,
  "_score": null,
  "_source": {
    "predecoder": {
      "hostname": "ip-10-0-1-243",
      "program_name": "sshd",
      "timestamp": "Jul 10 14:41:33"
    },
    "cluster": {
      "node": "master",
      "name": "wazuh1"
    },
    "input": {
      "type": "log"
    },
    "agent": {
      "ip": "10.0.1.243",
      "name": "Debian",
      "id": "001"
    },
    "manager": {
      "name": "wazuh-manager-master-0"
    },
    "rule": {
      "mail": false,
      "level": 10,
      "pci_dss": [
        "10.2.4",
        "10.2.5"
      ],
      "hipaa": [
        "164.312.b"
      ],
      "tsc": [
        "CC6.1",
        "CC6.8",
        "CC7.2",
        "CC7.3"
      ],
      "description": "syslog: User missed the password more than one time",
      "groups": [
        "syslog",
        "access_control",
        "authentication_failed"
      ],
      "nist_800_53": [
        "AU.14",
        "AC.7"
      ],
      "gdpr": [
        "IV_35.7.d",
        "IV_32.2"
      ],
      "firedtimes": 1,
      "mitre": {
        "technique": [
          "Brute Force"
        ],
        "id": [
          "T1110"
        ],
        "tactic": [
          "Credential Access"
        ]
      },
      "id": "2502",
      "gpg13": [
        "7.8"
      ]
    },
    "location": "/var/log/auth.log",
    "decoder": {
      "name": "sshd"
    },
    "id": "1720622495.95092702",
    "full_log": "Jul 10 14:41:33 ip-10-0-1-243 sshd[113731]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.144.179.136 ",
    "timestamp": "2024-07-10T14:41:35.029+0000"
  },
  "fields": {
    "timestamp": [
      "2024-07-10T14:41:35.029Z"
    ]
  },
  "highlight": {
    "cluster.name": [
      "@opensearch-dashboards-highlighted-field@wazuh1@/opensearch-dashboards-highlighted-field@"
    ]
  },
  "sort": [
    1720622495029
  ]
}

[rafabailon]

Update

ETA moved while I wait for the review from @wazuh/devel-devops

[davidcr01]

LGTM, please @rafabailon notice that the Wazuh environments env-1 and env-2 were changed to wazuh-1 and wazuh-2 respectively. Please, update this in this comment in next stages!