-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.3.6 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #14289
Comments
Environment installation 🟢Each component was installed using the Initial configuration🟢 wazuh-install.sh curl -sO https://packages-dev.wazuh.com/4.3/wazuh-install.sh 🟢 config.yml curl -sO https://packages-dev.wazuh.com/4.3/config.yml [root@localhost ~]# cat config.yml
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: 192.168.56.20
# - name: node-2
# ip: <indexer-node-ip>
# - name: node-3
# ip: <indexer-node-ip>
# Wazuh server nodes
# Use node_type only with more than one Wazuh manager
server:
- name: wazuh-1
ip: 192.168.56.20
# node_type: master
# - name: wazuh-2
# ip: <wazuh-manager-ip>
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: 192.168.56.20 🟢 bash wazuh-install.sh --generate-config-files [root@localhost ~]# bash wazuh-install.sh --generate-config-files
18/07/2022 17:43:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 17:43:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 17:43:03 INFO: --- Configuration files ---
18/07/2022 17:43:03 INFO: Generating configuration files.
18/07/2022 17:43:03 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 🟢 Wazuh-install-file.tar generated [root@localhost ~]# ls -l
total 152
-rw------- 1 root root 10765 Jul 18 17:43 wazuh-install-files.tar
-rw-r--r-- 1 root root 142837 Jul 18 17:38 wazuh-install.sh Wazuh indexer🟢 Wazuh indexer installation [root@localhost ~]# bash wazuh-install.sh --wazuh-indexer node-1
18/07/2022 18:07:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 18:07:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 18:07:14 INFO: Wazuh development repository added.
18/07/2022 18:07:14 INFO: --- Wazuh indexer ---
18/07/2022 18:07:14 INFO: Starting Wazuh indexer installation.
18/07/2022 18:10:26 INFO: Wazuh indexer installation finished.
18/07/2022 18:10:26 INFO: Wazuh indexer post-install configuration finished.
18/07/2022 18:10:26 INFO: Starting service wazuh-indexer.
18/07/2022 18:10:50 INFO: wazuh-indexer service started.
18/07/2022 18:10:50 INFO: Initializing Wazuh indexer cluster security settings.
18/07/2022 18:10:51 INFO: Wazuh indexer cluster initialized.
18/07/2022 18:10:52 INFO: Installation finished. [root@localhost ~]# bash wazuh-install.sh --start-cluster
18/07/2022 18:10:59 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 18:10:59 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 18:11:11 INFO: Wazuh indexer cluster security configuration initialized.
18/07/2022 18:11:31 INFO: Wazuh indexer cluster started. Indexer status [root@localhost ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-07-18 18:10:50 UTC; 3min 43s ago
Docs: https://documentation.wazuh.com
Main PID: 32494 (java)
CGroup: /system.slice/wazuh-indexer.service
└─32494 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=...
Jul 18 18:10:27 localhost systemd[1]: Starting Wazuh-indexer...
Jul 18 18:10:46 localhost systemd-entrypoint[32494]: WARNING: An illegal reflective access operation has occurred
Jul 18 18:10:46 localhost systemd-entrypoint[32494]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr...le.cause
Jul 18 18:10:46 localhost systemd-entrypoint[32494]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicTh...leSchema
Jul 18 18:10:46 localhost systemd-entrypoint[32494]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Jul 18 18:10:46 localhost systemd-entrypoint[32494]: WARNING: All illegal access operations will be denied in a future release
Jul 18 18:10:50 localhost systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full. Wazuh server🟢 Server and filebeat installation [root@localhost ~]# bash wazuh-install.sh --wazuh-server wazuh-1
18/07/2022 18:18:03 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 18:18:03 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 18:18:06 INFO: Wazuh development repository added.
18/07/2022 18:18:07 INFO: --- Wazuh server ---
18/07/2022 18:18:07 INFO: Starting the Wazuh manager installation.
18/07/2022 18:19:36 INFO: Wazuh manager installation finished.
18/07/2022 18:19:36 INFO: Starting service wazuh-manager.
18/07/2022 18:19:51 INFO: wazuh-manager service started.
18/07/2022 18:19:51 INFO: Starting Filebeat installation.
18/07/2022 18:20:13 INFO: Filebeat installation finished.
18/07/2022 18:20:15 INFO: Filebeat post-install configuration finished.
18/07/2022 18:20:23 INFO: Starting service filebeat.
18/07/2022 18:20:23 INFO: filebeat service started.
18/07/2022 18:20:23 INFO: Installation finished. Server status [root@localhost ~]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-07-18 18:19:51 UTC; 4min 3s ago
CGroup: /system.slice/wazuh-manager.service
├─2462 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─2504 /var/ossec/bin/wazuh-authd
├─2527 /var/ossec/bin/wazuh-db
├─2553 /var/ossec/bin/wazuh-execd
├─2556 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─2559 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─2574 /var/ossec/bin/wazuh-analysisd
├─2624 /var/ossec/bin/wazuh-syscheckd
├─2642 /var/ossec/bin/wazuh-remoted
├─2674 /var/ossec/bin/wazuh-logcollector
├─2700 /var/ossec/bin/wazuh-monitord
└─2716 /var/ossec/bin/wazuh-modulesd
Jul 18 18:19:43 localhost env[2406]: Started wazuh-execd...
Jul 18 18:19:44 localhost env[2406]: Started wazuh-analysisd...
Jul 18 18:19:45 localhost env[2406]: Started wazuh-syscheckd...
Jul 18 18:19:46 localhost env[2406]: Started wazuh-remoted...
Jul 18 18:19:47 localhost env[2406]: Started wazuh-logcollector...
Jul 18 18:19:48 localhost env[2406]: Started wazuh-monitord...
Jul 18 18:19:49 localhost crontab[2807]: (root) LIST (root)
Jul 18 18:19:49 localhost env[2406]: Started wazuh-modulesd...
Jul 18 18:19:51 localhost env[2406]: Completed.
Jul 18 18:19:51 localhost systemd[1]: Started Wazuh manager. Filebeat status [root@localhost ~]# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-07-18 18:20:21 UTC; 4min 6s ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 4040 (filebeat)
CGroup: /system.slice/filebeat.service
└─4040 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/file...
Jul 18 18:20:21 localhost systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch.. Wazuh dashboard🟢 Wazuh dashboard installation [root@localhost ~]# bash wazuh-install.sh --wazuh-dashboard dashboard
18/07/2022 18:25:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 18:25:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 18:25:04 INFO: Wazuh development repository added.
18/07/2022 18:25:04 INFO: --- Wazuh dashboard ----
18/07/2022 18:25:04 INFO: Starting Wazuh dashboard installation.
18/07/2022 18:29:55 INFO: Wazuh dashboard installation finished.
18/07/2022 18:29:55 INFO: Wazuh dashboard post-install configuration finished.
18/07/2022 18:29:55 INFO: Starting service wazuh-dashboard.
18/07/2022 18:29:57 INFO: wazuh-dashboard service started.
18/07/2022 18:30:32 INFO: Initializing Wazuh dashboard web application.
18/07/2022 18:30:33 INFO: Wazuh dashboard web application initialized.
18/07/2022 18:30:33 INFO: --- Summary ---
18/07/2022 18:30:33 INFO: You can access the web interface https://192.168.56.20
User: admin
Password: Wb3w9m4S94SZ6FUO.Thi3EPkbEDesPEd
18/07/2022 18:30:33 INFO: Installation finished. Wazuh dashboard status [root@localhost ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-07-18 18:30:12 UTC; 5min ago
Main PID: 4779 (node)
CGroup: /system.slice/wazuh-dashboard.service
└─4779 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dash...
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"put","sta...99\", \"
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"get","sta...ium\";v=
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"post","st...e Chrome
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"put","sta...99\", \"
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"get","sta... Chrome\
Jul 18 18:34:54 localhost opensearch-dashboards[4779]: {"type":"response","@timestamp":"2022-07-18T18:34:54Z","tags":[],"pid":4779,"method":"get","sta...Google C
Jul 18 18:35:00 localhost opensearch-dashboards[4779]: {"type":"log","@timestamp":"2022-07-18T18:35:00Z","tags":["error","opensearch","data"],"pid":47... Error"}
Jul 18 18:35:00 localhost opensearch-dashboards[4779]: {"type":"log","@timestamp":"2022-07-18T18:35:00Z","tags":["error","plugins","wazuh","cron-sched... check"}
Jul 18 18:35:00 localhost opensearch-dashboards[4779]: {"type":"log","@timestamp":"2022-07-18T18:35:00Z","tags":["error","opensearch","data"],"pid":47... Error"}
Jul 18 18:35:00 localhost opensearch-dashboards[4779]: {"type":"log","@timestamp":"2022-07-18T18:35:00Z","tags":["error","plugins","wazuh","cron-sched... check"}
Hint: Some lines were ellipsized, use -l to show in full. |
Wazuh indexer package 🟢Package SPECs 🟢[root@localhost ~]# rpm -qa | grep wazuh-indexer
wazuh-indexer-4.3.6-1.x86_64
[root@localhost ~]# rpm -qi wazuh-indexer-4.3.6-1.x86_64
Name : wazuh-indexer
Version : 4.3.6
Release : 1
Architecture: x86_64
Install Date: Mon 18 Jul 2022 06:10:23 PM UTC
Group : System Environment/Daemons
Size : 644012892
License : GPL
Signature : RSA/SHA256, Fri 15 Jul 2022 08:14:43 PM UTC, Key ID 96b3ee5f29111145
Source RPM : wazuh-indexer-4.3.6-1.src.rpm
Build Date : Fri 15 Jul 2022 07:39:46 PM UTC
Build Host : ip-172-31-80-24.ec2.internal
Relocations : (not relocatable)
Packager : Wazuh, Inc <[info@wazuh.com](mailto:info@wazuh.com)>
Vendor : Wazuh, Inc <[info@wazuh.com](mailto:info@wazuh.com)>
URL : https://www.wazuh.com/
Summary : Wazuh indexer is a search and analytics engine for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
Description :
Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform. This Wazuh central component indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html Package size 🟢Installed size: 614 M [root@localhost lib]# rpm -qa --queryformat '%{SIZE} %{NAME} \n' | grep indexer
644012892 wazuh-indexer Package metadata (description) 🟢Summary : Wazuh indexer is a search and analytics engine for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
Description :
Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform. This Wazuh central component indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html Package digital signature 🟢[root@localhost vagrant]# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH && rpm -Kv /var/cache/yum/x86_64/2/wazuh/packages/wazuh-indexer-4.3.6-1.x86_64.rpm
/var/cache/yum/x86_64/2/wazuh/packages/wazuh-indexer-4.3.6-1.x86_64.rpm:
EncabezadoV3 RSA/SHA256 Signature, ID de clave 29111145: OK
Resumen SHA1 del encabezado: OK (aec3cf1f06dfe517c20ff1969bc3f9359ea65f1d)
V3 RSA/SHA256 Signature, ID de clave 29111145: OK
Resumen MD5: OK (8756cb17be970d8e63827958c5b2431f) |
Wazuh indexer installed files location, size and permissions 🟢 |
Wazuh indexer installation footprint 🟢No files with changed ownership could be found. [root@localhost vagrant]# find /etc -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /usr -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /var -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /bin -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /etc -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /usr -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /var -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# find /bin -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@localhost vagrant]# |
Wazuh indexer installed service 🟢The service was correctly installed, enabled and started. [root@localhost vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since lun 2022-07-18 18:02:29 UTC; 2h 56min ago
Docs: https://documentation.wazuh.com
Main PID: 32246 (java)
CGroup: /system.slice/wazuh-indexer.service
└─32246 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.h...
jul 18 18:02:21 localhost systemd[1]: Starting Wazuh-indexer...
jul 18 18:02:28 localhost systemd-entrypoint[32246]: WARNING: An illegal reflective access operation has occurred
jul 18 18:02:28 localhost systemd-entrypoint[32246]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearc...owable.cause
jul 18 18:02:28 localhost systemd-entrypoint[32246]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
jul 18 18:02:28 localhost systemd-entrypoint[32246]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
jul 18 18:02:28 localhost systemd-entrypoint[32246]: WARNING: All illegal access operations will be denied in a future release
jul 18 18:02:29 localhost systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full. [root@localhost vagrant]# systemctl is-enabled wazuh-indexer
enabled [root@localhost vagrant]# systemctl cat wazuh-indexer.service
# /usr/lib/systemd/system/wazuh-indexer.service
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target
[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer
WorkingDirectory=/usr/share/wazuh-indexer
User=wazuh-indexer
Group=wazuh-indexer
ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet
# StandardOutput is configured to redirect to journalctl since
(...) |
Wazuh indexer logs when installed 🟢No error was reported. [root@localhost vagrant]# cat /var/log/wazuh-install.log
18/07/2022 21:34:40 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 21:34:40 INFO: Verbose logging redirected to /var/log/wazuh-install.log
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
18/07/2022 21:34:42 INFO: Wazuh development repository added.
18/07/2022 21:34:42 INFO: --- Wazuh indexer ---
18/07/2022 21:34:42 INFO: Starting Wazuh indexer installation.
Complementos cargados:langpacks, priorities, update-motd
Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete wazuh-indexer.x86_64 0:4.3.6-1 debe ser instalado
--> Resolución de dependencias finalizada
Dependencias resueltas
================================================================================
Package Arquitectura Versión Repositorio Tamaño
================================================================================
Instalando:
wazuh-indexer x86_64 4.3.6-1 wazuh 361 M
Resumen de la transacción
================================================================================
Instalar 1 Paquete
Tamaño total: 361 M
Tamaño instalado: 614 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Instalando : wazuh-indexer-4.3.6-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Comprobando : wazuh-indexer-4.3.6-1.x86_64 1/1
Instalado:
wazuh-indexer.x86_64 0:4.3.6-1
¡Listo!
18/07/2022 21:35:08 INFO: Wazuh indexer installation finished.
18/07/2022 21:35:08 INFO: Wazuh indexer post-install configuration finished.
18/07/2022 21:35:08 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
18/07/2022 21:35:18 INFO: wazuh-indexer service started.
18/07/2022 21:35:18 INFO: Initializing Wazuh indexer cluster security settings.
18/07/2022 21:35:19 INFO: Wazuh indexer cluster initialized.
18/07/2022 21:35:19 INFO: Installation finished. |
|
|
Wazuh indexer cluster node communication and configuration 🟢ConfigurationToo long output. curl -u admin:ivOjiIl0uuo0vPb9fhTD.GkWlR70325U -k https://192.168.56.200:9200/_nodes?pretty Endpoint response[root@localhost vagrant]# curl -u admin:ivOjiIl0uuo0vPb9fhTD.GkWlR70325U -k https://192.168.56.200:9200/_nodes?pretty
{
"_nodes" : {
"total" : 1,
"successful" : 1,
"failed" : 0
},
"cluster_name" : "wazuh-indexer-cluster",
"nodes" : {
"68YGItRPRcmrGx_r0K2KDA" : {
"name" : "node-1",
"transport_address" : "192.168.56.200:9300",
"host" : "192.168.56.200",
"ip" : "192.168.56.200",
"version" : "1.2.4",
"build_type" : "rpm",
"build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f",
"total_indexing_buffer" : 206779187,
"roles" : [
"data",
"ingest",
"master",
"remote_cluster_client"
],
"attributes" : {
"shard_indexing_pressure_enabled" : "true"
},
"settings" : {
"cluster" : {
"initial_master_nodes" : "node-1",
"name" : "wazuh-indexer-cluster",
"routing" : {
"allocation" : {
"disk" : {
"threshold_enabled" : "false"
}
}
}
},
"node" : {
"pidfile" : "/run/wazuh-indexer/wazuh-indexer.pid",
"data" : "true",
"max_local_storage_nodes" : "3",
"name" : "node-1",
"attr" : {
"shard_indexing_pressure_enabled" : "true"
},
"ingest" : "true",
"master" : "true"
},
"path" : {
"data" : [
"/var/lib/wazuh-indexer"
],
"logs" : "/var/log/wazuh-indexer",
"home" : "/usr/share/wazuh-indexer"
},
"client" : {
"type" : "node"
},
"http" : {
"compression" : "false",
"type" : "org.opensearch.security.http.SecurityHttpServerTransport",
"type.default" : "netty4"
},
"transport" : {
"type" : "org.opensearch.security.ssl.http.netty.SecuritySSLNettyTransport",
"type.default" : "netty4"
},
"compatibility" : {
"override_main_response_version" : "true"
},
"network" : {
"host" : "192.168.56.200"
}
},
"os" : {
"refresh_interval_in_millis" : 1000,
"name" : "Linux",
"pretty_name" : "Amazon Linux 2",
"arch" : "amd64",
"version" : "4.14.285-215.501.amzn2.x86_64",
"available_processors" : 2,
"allocated_processors" : 2
},
"process" : {
"refresh_interval_in_millis" : 1000,
"id" : 16669,
"mlockall" : false
},
"jvm" : {
"pid" : 16669,
"version" : "15.0.1",
"vm_name" : "OpenJDK 64-Bit Server VM",
"vm_version" : "15.0.1+9",
"vm_vendor" : "AdoptOpenJDK",
"bundled_jdk" : true,
"using_bundled_jdk" : true,
"start_time_in_millis" : 1658180110354,
"mem" : {
"heap_init_in_bytes" : 2067791872,
"heap_max_in_bytes" : 2067791872,
"non_heap_init_in_bytes" : 7667712,
"non_heap_max_in_bytes" : 0,
"direct_max_in_bytes" : 0
},
"gc_collectors" : [
"G1 Young Generation",
"G1 Old Generation"
],
"memory_pools" : [
"CodeHeap 'non-nmethods'",
"Metaspace",
"CodeHeap 'profiled nmethods'",
"Compressed Class Space",
"G1 Eden Space",
"G1 Old Gen",
"G1 Survivor Space",
"CodeHeap 'non-profiled nmethods'"
],
"using_compressed_ordinary_object_pointers" : "true",
"input_arguments" : [
"-Xshare:auto",
"-Dopensearch.networkaddress.cache.ttl=60",
"-Dopensearch.networkaddress.cache.negative.ttl=10",
"-XX:+AlwaysPreTouch",
"-Xss1m",
"-Djava.awt.headless=true",
"-Dfile.encoding=UTF-8",
"-Djna.nosys=true",
"-XX:-OmitStackTraceInFastThrow",
"-XX:+ShowCodeDetailsInExceptionMessages",
"-Dio.netty.noUnsafe=true",
"-Dio.netty.noKeySetOptimization=true",
"-Dio.netty.recycler.maxCapacityPerThread=0",
"-Dio.netty.allocator.numDirectArenas=0",
"-Dlog4j.shutdownHookEnabled=false",
"-Dlog4j2.disable.jmx=true",
"-Djava.locale.providers=SPI,COMPAT",
"-Xms1971m",
"-Xmx1971m",
"-XX:+UseG1GC",
"-XX:G1ReservePercent=25",
"-XX:InitiatingHeapOccupancyPercent=30",
"-Djava.io.tmpdir=/tmp/opensearch-2112469652619000946",
"-XX:+HeapDumpOnOutOfMemoryError",
"-XX:HeapDumpPath=data",
"-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log",
"-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m",
"-XX:MaxDirectMemorySize=1033895936",
"-Dopensearch.path.home=/usr/share/wazuh-indexer",
"-Dopensearch.path.conf=/etc/wazuh-indexer",
"-Dopensearch.distribution.type=rpm",
"-Dopensearch.bundled_jdk=true"
]
},
"thread_pool" : {
"force_merge" : {
"type" : "fixed",
"size" : 1,
"queue_size" : -1
},
"fetch_shard_started" : {
"type" : "scaling",
"core" : 1,
"max" : 4,
"keep_alive" : "5m",
"queue_size" : -1
},
"listener" : {
"type" : "fixed",
"size" : 1,
"queue_size" : -1
},
"training" : {
"type" : "fixed",
"size" : 1,
"queue_size" : 1
},
"sql-worker" : {
"type" : "fixed",
"size" : 2,
"queue_size" : 1000
},
"search" : {
"type" : "fixed_auto_queue_size",
"size" : 4,
"queue_size" : 1000
},
"opensearch_asynchronous_search_generic" : {
"type" : "scaling",
"core" : 1,
"max" : 4,
"keep_alive" : "30m",
"queue_size" : -1
},
"flush" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "5m",
"queue_size" : -1
},
"fetch_shard_store" : {
"type" : "scaling",
"core" : 1,
"max" : 4,
"keep_alive" : "5m",
"queue_size" : -1
},
"get" : {
"type" : "fixed",
"size" : 2,
"queue_size" : 1000
},
"system_read" : {
"type" : "fixed",
"size" : 1,
"queue_size" : 2000
},
"open_distro_job_scheduler" : {
"type" : "fixed",
"size" : 2,
"queue_size" : 200
},
"write" : {
"type" : "fixed",
"size" : 2,
"queue_size" : 10000
},
"replication_follower" : {
"type" : "scaling",
"core" : 1,
"max" : 10,
"keep_alive" : "1m",
"queue_size" : -1
},
"refresh" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "5m",
"queue_size" : -1
},
"replication_leader" : {
"type" : "fixed",
"size" : 4,
"queue_size" : 1000
},
"system_write" : {
"type" : "fixed",
"size" : 1,
"queue_size" : 1000
},
"generic" : {
"type" : "scaling",
"core" : 4,
"max" : 128,
"keep_alive" : "30s",
"queue_size" : -1
},
"warmer" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "5m",
"queue_size" : -1
},
"management" : {
"type" : "scaling",
"core" : 1,
"max" : 5,
"keep_alive" : "5m",
"queue_size" : -1
},
"analyze" : {
"type" : "fixed",
"size" : 1,
"queue_size" : 16
},
"ad-threadpool" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "10m",
"queue_size" : -1
},
"snapshot" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "5m",
"queue_size" : -1
},
"search_throttled" : {
"type" : "fixed_auto_queue_size",
"size" : 1,
"queue_size" : 100
},
"ad-batch-task-threadpool" : {
"type" : "scaling",
"core" : 1,
"max" : 1,
"keep_alive" : "10m",
"queue_size" : -1
}
},
"transport" : {
"bound_address" : [
"192.168.56.200:9300"
],
"publish_address" : "192.168.56.200:9300",
"profiles" : { }
},
"http" : {
"bound_address" : [
"192.168.56.200:9200"
],
"publish_address" : "192.168.56.200:9200",
"max_content_length_in_bytes" : 104857600
},
"plugins" : [
{
"name" : "opensearch-alerting",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Amazon OpenSearch alerting plugin",
"classname" : "org.opensearch.alerting.AlertingPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"lang-painless"
],
"has_native_controller" : false
},
{
"name" : "opensearch-anomaly-detection",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch anomaly detector plugin",
"classname" : "org.opensearch.ad.AnomalyDetectorPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"lang-painless",
"opensearch-job-scheduler"
],
"has_native_controller" : false
},
{
"name" : "opensearch-asynchronous-search",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Provides support for asynchronous search",
"classname" : "org.opensearch.search.asynchronous.plugin.AsynchronousSearchPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-cross-cluster-replication",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch Cross Cluster Replication Plugin",
"classname" : "org.opensearch.replication.ReplicationPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-index-management",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch Index Management Plugin",
"classname" : "org.opensearch.indexmanagement.IndexManagementPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"opensearch-job-scheduler"
],
"has_native_controller" : false
},
{
"name" : "opensearch-job-scheduler",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch Job Scheduler plugin",
"classname" : "org.opensearch.jobscheduler.JobSchedulerPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-knn",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch k-NN plugin",
"classname" : "org.opensearch.knn.plugin.KNNPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"lang-painless"
],
"has_native_controller" : false
},
{
"name" : "opensearch-observability",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch Plugin for OpenSearch Dashboards Observability",
"classname" : "org.opensearch.observability.ObservabilityPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-performance-analyzer",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch Performance Analyzer Plugin",
"classname" : "org.opensearch.performanceanalyzer.PerformanceAnalyzerPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-reports-scheduler",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Scheduler for Dashboards Reports Plugin",
"classname" : "org.opensearch.reportsscheduler.ReportsSchedulerPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"opensearch-job-scheduler"
],
"has_native_controller" : false
},
{
"name" : "opensearch-security",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Provide access control related features for OpenSearch 1.0.0",
"classname" : "org.opensearch.security.OpenSearchSecurityPlugin",
"custom_foldername" : null,
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-sql",
"version" : "1.2.4.0",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "OpenSearch SQL",
"classname" : "org.opensearch.sql.plugin.SQLPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
}
],
"modules" : [
{
"name" : "aggs-matrix-stats",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Adds aggregations whose input are a list of numeric fields and output includes a matrix.",
"classname" : "org.opensearch.search.aggregations.matrix.MatrixAggregationPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "analysis-common",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Adds \"built in\" analyzers to OpenSearch.",
"classname" : "org.opensearch.analysis.common.CommonAnalysisPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"lang-painless"
],
"has_native_controller" : false
},
{
"name" : "geo",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Placeholder plugin for geospatial features in OpenSearch. only registers geo_shape field mapper for now",
"classname" : "org.opensearch.geo.GeoPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "ingest-common",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Module for ingest processors that do not require additional security permissions or have large dependencies and resources",
"classname" : "org.opensearch.ingest.common.IngestCommonPlugin",
"custom_foldername" : "",
"extended_plugins" : [
"lang-painless"
],
"has_native_controller" : false
},
{
"name" : "ingest-geoip",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Ingest processor that uses looksup geo data based on ip adresses using the Maxmind geo database",
"classname" : "org.opensearch.ingest.geoip.IngestGeoIpPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "ingest-user-agent",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Ingest processor that extracts information from a user agent",
"classname" : "org.opensearch.ingest.useragent.IngestUserAgentPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "lang-expression",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Lucene expressions integration for OpenSearch",
"classname" : "org.opensearch.script.expression.ExpressionPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "lang-mustache",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Mustache scripting integration for OpenSearch",
"classname" : "org.opensearch.script.mustache.MustachePlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "lang-painless",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "An easy, safe and fast scripting language for OpenSearch",
"classname" : "org.opensearch.painless.PainlessPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "mapper-extras",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Adds advanced field mappers",
"classname" : "org.opensearch.index.mapper.MapperExtrasPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "opensearch-dashboards",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Plugin exposing APIs for OpenSearch Dashboards system indices",
"classname" : "org.opensearch.dashboards.OpenSearchDashboardsPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "parent-join",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "This module adds the support parent-child queries and aggregations",
"classname" : "org.opensearch.join.ParentJoinPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "percolator",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Percolator module adds capability to index queries and query these queries by specifying documents",
"classname" : "org.opensearch.percolator.PercolatorPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "rank-eval",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "The Rank Eval module adds APIs to evaluate ranking quality.",
"classname" : "org.opensearch.index.rankeval.RankEvalPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "reindex",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "The Reindex module adds APIs to reindex from one index to another or update documents in place.",
"classname" : "org.opensearch.index.reindex.ReindexPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "repository-url",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Module for URL repository",
"classname" : "org.opensearch.plugin.repository.url.URLRepositoryPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "systemd",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Integrates OpenSearch with systemd",
"classname" : "org.opensearch.systemd.SystemdPlugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
},
{
"name" : "transport-netty4",
"version" : "1.2.4",
"opensearch_version" : "1.2.4",
"java_version" : "1.8",
"description" : "Netty 4 based transport implementation",
"classname" : "org.opensearch.transport.Netty4Plugin",
"custom_foldername" : "",
"extended_plugins" : [ ],
"has_native_controller" : false
}
],
"ingest" : {
"processors" : [
{
"type" : "append"
},
{
"type" : "bytes"
},
{
"type" : "convert"
},
{
"type" : "csv"
},
{
"type" : "date"
},
{
"type" : "date_index_name"
},
{
"type" : "dissect"
},
{
"type" : "dot_expander"
},
{
"type" : "drop"
},
{
"type" : "fail"
},
{
"type" : "foreach"
},
{
"type" : "geoip"
},
{
"type" : "grok"
},
{
"type" : "gsub"
},
{
"type" : "html_strip"
},
{
"type" : "join"
},
{
"type" : "json"
},
{
"type" : "kv"
},
{
"type" : "lowercase"
},
{
"type" : "pipeline"
},
{
"type" : "remove"
},
{
"type" : "rename"
},
{
"type" : "script"
},
{
"type" : "set"
},
{
"type" : "sort"
},
{
"type" : "split"
},
{
"type" : "trim"
},
{
"type" : "uppercase"
},
{
"type" : "urldecode"
},
{
"type" : "user_agent"
}
]
},
"aggregations" : {
"adjacency_matrix" : {
"types" : [
"other"
]
},
"auto_date_histogram" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"avg" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"cardinality" : {
"types" : [
"boolean",
"bytes",
"date",
"geopoint",
"ip",
"numeric",
"range"
]
},
"children" : {
"types" : [
"other"
]
},
"composite" : {
"types" : [
"other"
]
},
"date_histogram" : {
"types" : [
"boolean",
"date",
"numeric",
"range"
]
},
"date_range" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"diversified_sampler" : {
"types" : [
"boolean",
"bytes",
"date",
"numeric"
]
},
"extended_stats" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"filter" : {
"types" : [
"other"
]
},
"filters" : {
"types" : [
"other"
]
},
"geo_bounds" : {
"types" : [
"geopoint"
]
},
"geo_centroid" : {
"types" : [
"geopoint"
]
},
"geo_distance" : {
"types" : [
"geopoint"
]
},
"geohash_grid" : {
"types" : [
"geopoint"
]
},
"geotile_grid" : {
"types" : [
"geopoint"
]
},
"global" : {
"types" : [
"other"
]
},
"histogram" : {
"types" : [
"boolean",
"date",
"numeric",
"range"
]
},
"ip_range" : {
"types" : [
"ip"
]
},
"matrix_stats" : {
"types" : [
"other"
]
},
"max" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"median_absolute_deviation" : {
"types" : [
"numeric"
]
},
"min" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"missing" : {
"types" : [
"boolean",
"bytes",
"date",
"geopoint",
"ip",
"numeric",
"range"
]
},
"nested" : {
"types" : [
"other"
]
},
"parent" : {
"types" : [
"other"
]
},
"percentile_ranks" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"percentiles" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"range" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"rare_terms" : {
"types" : [
"boolean",
"bytes",
"date",
"ip",
"numeric"
]
},
"reverse_nested" : {
"types" : [
"other"
]
},
"sampler" : {
"types" : [
"other"
]
},
"scripted_metric" : {
"types" : [
"other"
]
},
"significant_terms" : {
"types" : [
"boolean",
"bytes",
"date",
"ip",
"numeric"
]
},
"significant_text" : {
"types" : [
"other"
]
},
"stats" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"sum" : {
"types" : [
"boolean",
"date",
"numeric"
]
},
"terms" : {
"types" : [
"boolean",
"bytes",
"date",
"ip",
"numeric"
]
},
"top_hits" : {
"types" : [
"other"
]
},
"value_count" : {
"types" : [
"boolean",
"bytes",
"date",
"geopoint",
"ip",
"numeric",
"range"
]
},
"variable_width_histogram" : {
"types" : [
"numeric"
]
},
"weighted_avg" : {
"types" : [
"numeric"
]
}
}
}
}
} Nodes state[root@localhost vagrant]# curl -u admin:ivOjiIl0uuo0vPb9fhTD.GkWlR70325U -k https://192.168.56.200:9200/_cluster/state/nodes?pretty
{
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "2jSR4ZHySveQc2V4WRtImQ",
"nodes" : {
"68YGItRPRcmrGx_r0K2KDA" : {
"name" : "node-1",
"ephemeral_id" : "VsqdHHxlR1qksQpHsu5bMQ",
"transport_address" : "192.168.56.200:9300",
"attributes" : {
"shard_indexing_pressure_enabled" : "true"
}
}
}
} |
Wazuh indexer cluster status 🟢[root@localhost vagrant]# curl -u admin:ivOjiIl0uuo0vPb9fhTD.GkWlR70325U -k https://192.168.56.200:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-indexer-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"active_primary_shards" : 5,
"active_shards" : 5,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
} |
Wazuh indexer packages uninstallation procedure 🟢[root@localhost vagrant]# bash wazuh-install.sh -u
18/07/2022 21:32:20 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
18/07/2022 21:32:20 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/07/2022 21:32:21 INFO: Removing Wazuh manager.
18/07/2022 21:32:31 INFO: Wazuh manager removed.
18/07/2022 21:32:31 INFO: Removing Wazuh indexer.
18/07/2022 21:32:31 INFO: Wazuh indexer removed.
18/07/2022 21:32:31 INFO: Removing Filebeat.
18/07/2022 21:32:32 INFO: Filebeat removed.
18/07/2022 21:32:32 INFO: Removing Wazuh dashboard.
18/07/2022 21:32:35 INFO: Wazuh dashboard removed. [root@localhost vagrant]# systemctl status wazuh-indexer
Unit wazuh-indexer.service could not be found. [root@localhost vagrant]# rpm -qa | grep wazuh
[root@localhost vagrant]# |
After last merge, all the test was repeated with correct results. Below are the new evidence for the test that failed in the previous package.Wazuh indexer templates and indices created 🟢Created indices[root@localhost vagrant]# curl -u admin:F7avp8QaKi58j6EZhoMuknrZHSo?Zh7x -k https://192.168.56.200:9200/_cat/indices?pretty
green open wazuh-alerts-4.x-2022.07.19 erNLnkr-Sf6jC8ZRt0atSg 3 0 212 0 575kb 575kb
green open .kibana_1 iQsESedQRMeHqM9lLSVScQ 1 0 4 7 58.1kb 58.1kb
green open wazuh-statistics-2022.29w A9MoW6NFRFGd0JRJsHEEhw 1 0 2 0 22.8kb 22.8kb
green open .opendistro_security uLPeT-gaTEKGeOpMrRMvTg 1 0 9 8 91.1kb 91.1kb
green open wazuh-monitoring-2022.29w afG4pnXiTByvmQ97_Nss9A 1 0 0 0 208b 208b Created templates[root@localhost vagrant]# curl -u admin:F7avp8QaKi58j6EZhoMuknrZHSo?Zh7x -k https://192.168.56.200:9200/_cat/templates?pretty
wazuh [wazuh-alerts-4.x-*, wazuh-archives-4.x-*] 0 1
wazuh-statistics [wazuh-statistics-*] 0
wazuh-agent [wazuh-monitoring-*] 0 Wazuh indexer configuration 🟢
|
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
Test information
Environment
Test description
Best effort to test Wazuh indexer package. Think critically and at least review/test:
Test report procedure
All test results must have one of the following statuses:
Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.
An extended report of the test results must be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.
Conclusions
All tests have been executed and the results can be found here.
Auditors validation
The definition of done for this one is the validation of the conclusions and the test results from all auditors.
All checks from below must be accepted in order to close this issue.
The text was updated successfully, but these errors were encountered: