Release 4.8.0 - RC2 - Installation assistant

[CarlosALgit]

Installation assistant information

Main release candidate issue	#23405
Version	4.8.0
Release candidate	RC 2
Tag	https://github.com/wazuh/wazuh/tree/v4.8.0-rc2
Previous Installation assistant	#23251

---

Description

• Test installation assistant with the -a option in the following OSs:
  • Amazon Linux 2.
  • RHEL 9.
  • Ubuntu 22.04.
• Test installation assistant with the -dw option (Offline installation)

---

Checks

Status	OS	Check	Issues
🟢	AL 2	Installed packages
🟢	AL 2	Install logs
🟡	AL 2	Wazuh indexer logs	Related: wazuh/wazuh-packages#1511 (comment) Related: wazuh/wazuh-indexer#167
🟡	AL 2	Wazuh manager logs	Related: #21829
🟢	AL 2	Wazuh dashboard logs
🟢	AL 2	Wazuh dashboard
🟢	RHEL 9	Installed packages
🟢	RHEL 9	Install logs
🟡	RHEL 9	Wazuh indexer logs	Related: wazuh/wazuh-packages#1511 (comment) Related: wazuh/wazuh-indexer#167
🟡	RHEL 9	Wazuh manager logs	Related: #21829
🟡	RHEL 9	Wazuh dashboard logs	Related: wazuh/wazuh-dashboard-plugins#6312
🟢	RHEL 9	Wazuh dashboard
🟢	Ubuntu 22.04	Installed packages
🟢	Ubuntu 22.04	Install logs
🟡	Ubuntu 22.04	Wazuh indexer logs	Related: wazuh/wazuh-packages#1511 (comment). Related issue: wazuh/wazuh-indexer#71 Related: wazuh/wazuh-indexer#167
🟡	Ubuntu 22.04	Wazuh manager logs	Related: #21829
🟢	Ubuntu 22.04	Wazuh dashboard logs
🟢	Ubuntu 22.04	Wazuh dashboard
🟢	AL 2	Installed packages - Offline
🟢	AL 2	Install logs - Offline
🟡	AL 2	Wazuh indexer logs - Offline	Related: wazuh/wazuh-packages#1511 (comment) Related: wazuh/wazuh-indexer#167
🟡	AL 2	Wazuh manager logs - Offline	Related: #21829
🟢	AL 2	Wazuh dashboard logs - Offline
🟢	AL 2	Wazuh dashboard - Offline

---

Checks legend:

• Installed packages: the installed packages must match the ones specified in the documentation. If additional packages are installed by the installation assistant, the reason must be justified.
• Install logs: check that there are no errors in the WIA logs.
• Wazuh indexer logs: check that there are no errors in the indexer logs.
• Wazuh manager logs: check that there are no errors in the manager logs.
• Wazuh dashboard logs: check that there are no errors in the dashboard logs.

---

Status legend:
⚫ - Pending/In progress
⚪ - Skipped
🔴 - Rejected
🟡 - Known issue
🟢 - Approved

---

Conclusion

Some issues were found and they were reported.

Auditor's validation

In order to close and proceed with the release or the next candidate version, the following auditors must give the black light to this RC.

• @davidjiglesias
• @teddytpc1

[CarlosALgit]

Environment

Amazon Linux 2

cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

Ubuntu 22

cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

RHEL 9

cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"

Amazon Linux 2 - Offline

cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

[CarlosALgit]

Install Logs

Amazon Linux 2 🟢

Logs on the console:

[root@ip-172-31-40-54 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && bash ./wazuh-install.sh -a
16/05/2024 08:36:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:36:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:36:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:36:51 INFO: Wazuh web interface port will be 443.
16/05/2024 08:36:54 INFO: Wazuh development repository added.
16/05/2024 08:36:54 INFO: --- Configuration files ---
16/05/2024 08:36:54 INFO: Generating configuration files.
16/05/2024 08:36:54 INFO: Generating the root certificate.
16/05/2024 08:36:54 INFO: Generating Admin certificates.
16/05/2024 08:36:54 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:36:54 INFO: Generating Filebeat certificates.
16/05/2024 08:36:55 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:36:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:36:55 INFO: --- Wazuh indexer ---
16/05/2024 08:36:55 INFO: Starting Wazuh indexer installation.
16/05/2024 08:38:36 INFO: Wazuh indexer installation finished.
16/05/2024 08:38:37 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:38:37 INFO: Starting service wazuh-indexer.
16/05/2024 08:38:59 INFO: wazuh-indexer service started.
16/05/2024 08:38:59 INFO: Initializing Wazuh indexer cluster security settings.
16/05/2024 08:39:09 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:39:09 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:39:09 INFO: --- Wazuh server ---
16/05/2024 08:39:09 INFO: Starting the Wazuh manager installation.
16/05/2024 08:39:48 INFO: Wazuh manager installation finished.
16/05/2024 08:39:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:39:48 INFO: Starting service wazuh-manager.
16/05/2024 08:40:07 INFO: wazuh-manager service started.
16/05/2024 08:40:07 INFO: Starting Filebeat installation.
16/05/2024 08:40:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10)
16/05/2024 08:40:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (2/10)
16/05/2024 08:41:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (3/10)
16/05/2024 08:41:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (4/10)
16/05/2024 08:42:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (5/10)
16/05/2024 08:42:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (6/10)
16/05/2024 08:43:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (7/10)
16/05/2024 08:43:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (8/10)
16/05/2024 08:44:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (9/10)
16/05/2024 08:44:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (10/10)
16/05/2024 08:45:23 INFO: Filebeat installation finished.
16/05/2024 08:45:24 INFO: Filebeat post-install configuration finished.
16/05/2024 08:45:24 INFO: Starting service filebeat.
16/05/2024 08:45:25 INFO: filebeat service started.
16/05/2024 08:45:25 INFO: --- Wazuh dashboard ---
16/05/2024 08:45:25 INFO: Starting Wazuh dashboard installation.
16/05/2024 08:46:28 INFO: Wazuh dashboard installation finished.
16/05/2024 08:46:28 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:46:28 INFO: Starting service wazuh-dashboard.
16/05/2024 08:46:29 INFO: wazuh-dashboard service started.
16/05/2024 08:46:51 INFO: Updating the internal users.
16/05/2024 08:46:57 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/05/2024 08:47:58 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:47:58 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/05/2024 08:48:15 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/05/2024 08:48:30 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:48:30 INFO: --- Summary ---
16/05/2024 08:48:30 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: O5?TXV8rmNuc3.SvJSlOdsuMe5qPLGjS
16/05/2024 08:48:30 INFO: Installation finished.

Logs in wazuh-install.log:

[root@ip-172-31-40-54 ec2-user]# cat /var/log/wazuh-install.log
16/05/2024 08:36:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:36:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:36:46 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:36:51 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
16/05/2024 08:36:54 INFO: Wazuh development repository added.
16/05/2024 08:36:54 INFO: --- Configuration files ---
16/05/2024 08:36:54 INFO: Generating configuration files.
16/05/2024 08:36:54 INFO: Generating the root certificate.
16/05/2024 08:36:54 INFO: Generating Admin certificates.
16/05/2024 08:36:54 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:36:54 INFO: Generating Filebeat certificates.
16/05/2024 08:36:55 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:36:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:36:55 INFO: --- Wazuh indexer ---
16/05/2024 08:36:55 INFO: Starting Wazuh indexer installation.
Complementos cargados:extras_suggestions, langpacks, priorities, update-motd
Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete wazuh-indexer.x86_64 0:4.8.0-1 debe ser instalado
--> Resolución de dependencias finalizada

Dependencias resueltas

================================================================================
 Package                Arquitectura    Versión            Repositorio    Tamaño
================================================================================
Instalando:
 wazuh-indexer          x86_64          4.8.0-1            wazuh          743 M

Resumen de la transacción
================================================================================
Instalar  1 Paquete

Tamaño total de la descarga: 743 M
Tamaño instalado: 1.0 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Instalando    : wazuh-indexer-4.8.0-1.x86_64                              1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Comprobando   : wazuh-indexer-4.8.0-1.x86_64                              1/1

Instalado:
  wazuh-indexer.x86_64 0:4.8.0-1

¡Listo!
16/05/2024 08:38:36 INFO: Wazuh indexer installation finished.
16/05/2024 08:38:37 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:38:37 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
16/05/2024 08:38:59 INFO: wazuh-indexer service started.
16/05/2024 08:38:59 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/05/2024 08:39:09 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:39:09 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:39:09 INFO: --- Wazuh server ---
16/05/2024 08:39:09 INFO: Starting the Wazuh manager installation.
Complementos cargados:extras_suggestions, langpacks, priorities, update-motd
Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete wazuh-manager.x86_64 0:4.8.0-1 debe ser instalado
--> Resolución de dependencias finalizada

Dependencias resueltas

================================================================================
 Package                Arquitectura    Versión            Repositorio    Tamaño
================================================================================
Instalando:
 wazuh-manager          x86_64          4.8.0-1            wazuh          297 M

Resumen de la transacción
================================================================================
Instalar  1 Paquete

Tamaño total de la descarga: 297 M
Tamaño instalado: 885 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Instalando    : wazuh-manager-4.8.0-1.x86_64                              1/1
  Comprobando   : wazuh-manager-4.8.0-1.x86_64                              1/1

Instalado:
  wazuh-manager.x86_64 0:4.8.0-1

¡Listo!
16/05/2024 08:39:48 INFO: Wazuh manager installation finished.
16/05/2024 08:39:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:39:48 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
16/05/2024 08:40:07 INFO: wazuh-manager service started.
16/05/2024 08:40:07 INFO: Starting Filebeat installation.
16/05/2024 08:40:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (1/10)
16/05/2024 08:40:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (2/10)
16/05/2024 08:41:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (3/10)
16/05/2024 08:41:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (4/10)
16/05/2024 08:42:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (5/10)
16/05/2024 08:42:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (6/10)
16/05/2024 08:43:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (7/10)
16/05/2024 08:43:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (8/10)
16/05/2024 08:44:18 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (9/10)
16/05/2024 08:44:48 INFO: Another process is using YUM. Waiting for it to release the lock. Next retry in 30 seconds (10/10)
16/05/2024 08:45:23 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/05/2024 08:45:24 INFO: Filebeat post-install configuration finished.
16/05/2024 08:45:24 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
16/05/2024 08:45:25 INFO: filebeat service started.
16/05/2024 08:45:25 INFO: --- Wazuh dashboard ---
16/05/2024 08:45:25 INFO: Starting Wazuh dashboard installation.
Complementos cargados:extras_suggestions, langpacks, priorities, update-motd
Resolviendo dependencias
--> Ejecutando prueba de transacción
---> Paquete wazuh-dashboard.x86_64 0:4.8.0-1 debe ser instalado
--> Resolución de dependencias finalizada

Dependencias resueltas

================================================================================
 Package                  Arquitectura    Versión          Repositorio    Tamaño
================================================================================
Instalando:
 wazuh-dashboard          x86_64          4.8.0-1          wazuh          273 M

Resumen de la transacción
================================================================================
Instalar  1 Paquete

Tamaño total de la descarga: 273 M
Tamaño instalado: 902 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Instalando    : wazuh-dashboard-4.8.0-1.x86_64                            1/1
  Comprobando   : wazuh-dashboard-4.8.0-1.x86_64                            1/1

Instalado:
  wazuh-dashboard.x86_64 0:4.8.0-1

¡Listo!
16/05/2024 08:46:28 INFO: Wazuh dashboard installation finished.
16/05/2024 08:46:28 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:46:28 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
16/05/2024 08:46:29 INFO: wazuh-dashboard service started.
16/05/2024 08:46:51 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/05/2024 08:46:57 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/05/2024 08:47:58 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:47:58 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/05/2024 08:48:15 INFO: Wazuh dashboard web application not yet initialized. Waiting...
16/05/2024 08:48:30 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:48:30 INFO: Installation finished.

Ubuntu 22 🟢

Logs on the console:

root@ip-172-31-47-61:/home/ubuntu# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && bash ./wazuh-install.sh -a
16/05/2024 08:37:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:37:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:37:13 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:37:34 INFO: Wazuh web interface port will be 443.
16/05/2024 08:37:40 INFO: --- Dependencies ----
16/05/2024 08:37:40 INFO: Installing apt-transport-https.
16/05/2024 08:37:52 INFO: Wazuh development repository added.
16/05/2024 08:37:52 INFO: --- Configuration files ---
16/05/2024 08:37:52 INFO: Generating configuration files.
16/05/2024 08:37:52 INFO: Generating the root certificate.
16/05/2024 08:37:53 INFO: Generating Admin certificates.
16/05/2024 08:37:53 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:37:54 INFO: Generating Filebeat certificates.
16/05/2024 08:37:54 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:37:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:37:55 INFO: --- Wazuh indexer ---
16/05/2024 08:37:55 INFO: Starting Wazuh indexer installation.
16/05/2024 08:39:41 INFO: Wazuh indexer installation finished.
16/05/2024 08:39:41 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:39:41 INFO: Starting service wazuh-indexer.
16/05/2024 08:40:05 INFO: wazuh-indexer service started.
16/05/2024 08:40:05 INFO: Initializing Wazuh indexer cluster security settings.
16/05/2024 08:40:16 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:40:16 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:40:16 INFO: --- Wazuh server ---
16/05/2024 08:40:16 INFO: Starting the Wazuh manager installation.
16/05/2024 08:41:48 INFO: Wazuh manager installation finished.
16/05/2024 08:41:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:41:48 INFO: Starting service wazuh-manager.
16/05/2024 08:42:10 INFO: wazuh-manager service started.
16/05/2024 08:42:10 INFO: Starting Filebeat installation.
16/05/2024 08:42:29 INFO: Filebeat installation finished.
16/05/2024 08:42:30 INFO: Filebeat post-install configuration finished.
16/05/2024 08:42:30 INFO: Starting service filebeat.
16/05/2024 08:42:32 INFO: filebeat service started.
16/05/2024 08:42:32 INFO: --- Wazuh dashboard ---
16/05/2024 08:42:32 INFO: Starting Wazuh dashboard installation.
16/05/2024 08:45:18 INFO: Wazuh dashboard installation finished.
16/05/2024 08:45:19 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:45:19 INFO: Starting service wazuh-dashboard.
16/05/2024 08:45:19 INFO: wazuh-dashboard service started.
16/05/2024 08:45:21 INFO: Updating the internal users.
16/05/2024 08:45:29 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/05/2024 08:46:38 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:46:40 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:46:40 INFO: --- Summary ---
16/05/2024 08:46:40 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: i7noelQ*e5L5fWyq+i?Kg?5f7ImpZnXs
16/05/2024 08:46:40 INFO: Installation finished.

Logs in wazuh-install.log:

root@ip-172-31-47-61:/home/ubuntu# cat /var/log/wazuh-install.log
16/05/2024 08:37:13 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:37:13 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:37:13 INFO: Verifying that your system meets the recommended minimum hardware requirements.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB]
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1467 kB]
Get:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:9 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:10 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:11 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:12 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1678 kB]
Get:13 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [311 kB]
Get:14 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [16.1 kB]
Get:15 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1923 kB]
Get:16 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [327 kB]
Get:17 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 c-n-f Metadata [520 B]
Get:18 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1074 kB]
Get:19 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [246 kB]
Get:20 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB]
Get:21 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [42.7 kB]
Get:22 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.4 kB]
Get:23 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B]
Get:24 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB]
Get:25 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.0 kB]
Get:26 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:27 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:28 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [27.2 kB]
Get:29 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.2 kB]
Get:30 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B]
Get:31 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Get:32 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [252 kB]
Get:33 http://security.ubuntu.com/ubuntu jammy-security/main amd64 c-n-f Metadata [11.4 kB]
Get:34 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1866 kB]
Get:35 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [317 kB]
Get:36 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 c-n-f Metadata [520 B]
Get:37 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [852 kB]
Get:38 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [164 kB]
Get:39 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB]
Get:40 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB]
Get:41 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7588 B]
Get:42 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B]
Fetched 31.5 MB in 5s (5881 kB/s)
Reading package lists...
16/05/2024 08:37:34 INFO: Wazuh web interface port will be 443.
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists...
16/05/2024 08:37:40 INFO: --- Dependencies ----
16/05/2024 08:37:40 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 194 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-up NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1usly unselected package apt-transport-https.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [37.8 kB]
Fetched 55.1 kB in 1s (53.0 kB/s)
Reading package lists...
16/05/2024 08:37:52 INFO: Wazuh development repository added.
16/05/2024 08:37:52 INFO: --- Configuration files ---
16/05/2024 08:37:52 INFO: Generating configuration files.
16/05/2024 08:37:52 INFO: Generating the root certificate.
16/05/2024 08:37:53 INFO: Generating Admin certificates.
16/05/2024 08:37:53 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:37:54 INFO: Generating Filebeat certificates.
16/05/2024 08:37:54 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:37:55 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:37:55 INFO: --- Wazuh indexer ---
16/05/2024 08:37:55 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 194 not upgraded. Need to get 759 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1 package wazuh-indexer.
16/05/2024 08:39:41 INFO: Wazuh indexer installation finished.
16/05/2024 08:39:41 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:39:41 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
16/05/2024 08:40:05 INFO: wazuh-indexer service started.
16/05/2024 08:40:05 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/05/2024 08:40:16 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:40:16 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:40:16 INFO: --- Wazuh server ---
16/05/2024 08:40:16 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 194 not upgraded. Need to get 316 MB of archives. After this operation, 916 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1ing previously unselected package wazuh-manager.
16/05/2024 08:41:48 INFO: Wazuh manager installation finished.
16/05/2024 08:41:48 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:41:48 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
16/05/2024 08:42:10 INFO: wazuh-manager service started.
16/05/2024 08:42:10 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 194 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1filebeat.
16/05/2024 08:42:29 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/05/2024 08:42:30 INFO: Filebeat post-install configuration finished.
16/05/2024 08:42:30 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
16/05/2024 08:42:32 INFO: filebeat service started.
16/05/2024 08:42:32 INFO: --- Wazuh dashboard ---
16/05/2024 08:42:32 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 194 not upgraded. Need to get 186 MB of archives. After this operation, 987 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/mai NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.19.0-1025-aws NEEDRESTART-KEXP: 5.19.0-1025-aws NEEDRESTART-KSTA: 1ed package wazuh-dashboard.
16/05/2024 08:45:18 INFO: Wazuh dashboard installation finished.
16/05/2024 08:45:19 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:45:19 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/05/2024 08:45:19 INFO: wazuh-dashboard service started.
16/05/2024 08:45:21 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/05/2024 08:45:29 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/05/2024 08:46:38 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:46:40 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:46:40 INFO: Installation finished.

RHEL 9 🟢

Logs on the console:

[root@ip-172-31-33-80 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && bash ./wazuh-install.sh -a
16/05/2024 08:37:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:37:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:37:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:37:11 INFO: --- Dependencies ---
16/05/2024 08:37:11 INFO: Installing lsof.
16/05/2024 08:37:28 INFO: Wazuh web interface port will be 443.
16/05/2024 08:37:30 INFO: Wazuh development repository added.
16/05/2024 08:37:30 INFO: --- Configuration files ---
16/05/2024 08:37:30 INFO: Generating configuration files.
16/05/2024 08:37:31 INFO: Generating the root certificate.
16/05/2024 08:37:31 INFO: Generating Admin certificates.
16/05/2024 08:37:32 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:37:32 INFO: Generating Filebeat certificates.
16/05/2024 08:37:32 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:37:33 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:37:34 INFO: --- Wazuh indexer ---
16/05/2024 08:37:34 INFO: Starting Wazuh indexer installation.
16/05/2024 08:41:02 INFO: Wazuh indexer installation finished.
16/05/2024 08:41:02 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:41:02 INFO: Starting service wazuh-indexer.
16/05/2024 08:41:25 INFO: wazuh-indexer service started.
16/05/2024 08:41:25 INFO: Initializing Wazuh indexer cluster security settings.
16/05/2024 08:41:36 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:41:36 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:41:36 INFO: --- Wazuh server ---
16/05/2024 08:41:36 INFO: Starting the Wazuh manager installation.
16/05/2024 08:42:55 INFO: Wazuh manager installation finished.
16/05/2024 08:42:55 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:42:55 INFO: Starting service wazuh-manager.
16/05/2024 08:43:13 INFO: wazuh-manager service started.
16/05/2024 08:43:13 INFO: Starting Filebeat installation.
16/05/2024 08:46:17 INFO: Filebeat installation finished.
16/05/2024 08:46:18 INFO: Filebeat post-install configuration finished.
16/05/2024 08:46:18 INFO: Starting service filebeat.
16/05/2024 08:46:18 INFO: filebeat service started.
16/05/2024 08:46:18 INFO: --- Wazuh dashboard ---
16/05/2024 08:46:18 INFO: Starting Wazuh dashboard installation.
16/05/2024 08:48:38 INFO: Wazuh dashboard installation finished.
16/05/2024 08:48:38 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:48:38 INFO: Starting service wazuh-dashboard.
16/05/2024 08:48:39 INFO: wazuh-dashboard service started.
16/05/2024 08:48:43 INFO: Updating the internal users.
16/05/2024 08:48:52 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
16/05/2024 08:50:01 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:50:02 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:50:02 INFO: --- Summary ---
16/05/2024 08:50:02 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: AO9AZBedV.s?lGYUss*1yal.Lu?WRFjY
16/05/2024 08:50:02 INFO: --- Dependencies ---
16/05/2024 08:50:02 INFO: Removing lsof.
16/05/2024 08:50:05 INFO: Installation finished.

Logs in wazuh-install.log:

[root@ip-172-31-33-80 ec2-user]# cat /var/log/wazuh-install.log
16/05/2024 08:37:01 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:37:01 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:37:04 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:37:11 INFO: --- Dependencies ---
16/05/2024 08:37:11 INFO: Installing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 24 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 29 MB/s | 8.1 MB 00:00 Last metadata expiration check: 0:00:02 ago on Thu 16 May 2024 08:37:19 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 3.2 MB/s | 239 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.2 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 2.9 MB/s | 336 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. CentOS Stream 9 - AppStream 24 MB/s | 19 MB 00:00 CentOS Stream 9 - BaseOS 29 MB/s | 8.1 MB 00:00 Last metadata expiration check: 0:00:02 ago on Thu 16 May 2024 08:37:19 AM UTC. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lsof x86_64 4.94.0-3.el9 baseos 239 k Installing dependencies: libtirpc x86_64 1.3.3-8.el9_4 rhel-9-baseos-rhui-rpms 96 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 336 k Installed size: 826 k Downloading Packages: (1/2): lsof-4.94.0-3.el9.x86_64.rpm 3.2 MB/s | 239 kB 00:00 (2/2): libtirpc-1.3.3-8.el9_4.x86_64.rpm 1.2 MB/s | 96 kB 00:00 -------------------------------------------------------------------------------- Total 2.9 MB/s | 336 kB 00:00 CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Installing : lsof-4.94.0-3.el9.x86_64 2/2 Running scriptlet: lsof-4.94.0-3.el9.x86_64 2/2 Verifying : lsof-4.94.0-3.el9.x86_64 1/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Installed products updated. Installed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

38 files removed
16/05/2024 08:37:28 INFO: Wazuh web interface port will be 443.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
16/05/2024 08:37:30 INFO: Wazuh development repository added.
16/05/2024 08:37:30 INFO: --- Configuration files ---
16/05/2024 08:37:30 INFO: Generating configuration files.
16/05/2024 08:37:31 INFO: Generating the root certificate.
16/05/2024 08:37:31 INFO: Generating Admin certificates.
16/05/2024 08:37:32 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:37:32 INFO: Generating Filebeat certificates.
16/05/2024 08:37:32 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:37:33 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
16/05/2024 08:37:34 INFO: --- Wazuh indexer ---
16/05/2024 08:37:34 INFO: Starting Wazuh indexer installation.
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 for x86_64 - AppStre  66 MB/s |  35 MB     00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS   32 MB/s |  21 MB     00:00
Red Hat Enterprise Linux 9 Client Configuration  26 kB/s | 2.6 kB     00:00
EL-9 - Wazuh                                     15 MB/s |  25 MB     00:01
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-indexer          x86_64          4.8.0-1            wazuh          743 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 743 M
Installed size: 1.0 G
Downloading Packages:
wazuh-indexer-4.8.0-1.x86_64.rpm                7.7 MB/s | 743 MB     01:36
--------------------------------------------------------------------------------
Total                                           7.7 MB/s | 743 MB     01:36
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Running scriptlet: wazuh-indexer-4.8.0-1.x86_64                           1/1
  Installing       : wazuh-indexer-4.8.0-1.x86_64                           1/1
  Running scriptlet: wazuh-indexer-4.8.0-1.x86_64                           1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.8.0-1.x86_64                           1/1
Installed products updated.

Installed:
  wazuh-indexer-4.8.0-1.x86_64

Complete!
16/05/2024 08:41:02 INFO: Wazuh indexer installation finished.
16/05/2024 08:41:02 INFO: Wazuh indexer post-install configuration finished.
16/05/2024 08:41:02 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
16/05/2024 08:41:25 INFO: wazuh-indexer service started.
16/05/2024 08:41:25 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
16/05/2024 08:41:36 INFO: Wazuh indexer cluster security configuration initialized.
16/05/2024 08:41:36 INFO: Wazuh indexer cluster initialized.
16/05/2024 08:41:36 INFO: --- Wazuh server ---
16/05/2024 08:41:36 INFO: Starting the Wazuh manager installation.
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:03:45 ago on Thu 16 May 2024 08:37:52 AM UTC.
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-manager          x86_64          4.8.0-1            wazuh          297 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 297 M
Installed size: 885 M
Downloading Packages:
wazuh-manager-4.8.0-1.x86_64.rpm                 41 MB/s | 297 MB     00:07
--------------------------------------------------------------------------------
Total                                            41 MB/s | 297 MB     00:07
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Running scriptlet: wazuh-manager-4.8.0-1.x86_64                           1/1
  Installing       : wazuh-manager-4.8.0-1.x86_64                           1/1
  Running scriptlet: wazuh-manager-4.8.0-1.x86_64                           1/1
  Verifying        : wazuh-manager-4.8.0-1.x86_64                           1/1
Installed products updated.

Installed:
  wazuh-manager-4.8.0-1.x86_64

Complete!
16/05/2024 08:42:55 INFO: Wazuh manager installation finished.
16/05/2024 08:42:55 INFO: Wazuh manager vulnerability detection configuration finished.
16/05/2024 08:42:55 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
16/05/2024 08:43:13 INFO: wazuh-manager service started.
16/05/2024 08:43:13 INFO: Starting Filebeat installation.

Installed:
  filebeat-7.10.2-1.x86_64

16/05/2024 08:46:17 INFO: Filebeat installation finished.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/fields.yml
wazuh/_meta/config.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
16/05/2024 08:46:18 INFO: Filebeat post-install configuration finished.
16/05/2024 08:46:18 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
16/05/2024 08:46:18 INFO: filebeat service started.
16/05/2024 08:46:18 INFO: --- Wazuh dashboard ---
16/05/2024 08:46:18 INFO: Starting Wazuh dashboard installation.
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:03:22 ago on Thu 16 May 2024 08:42:57 AM UTC.
Dependencies resolved.
================================================================================
 Package                  Architecture    Version          Repository      Size
================================================================================
Installing:
 wazuh-dashboard          x86_64          4.8.0-1          wazuh          273 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 273 M
Installed size: 902 M
Downloading Packages:
wazuh-dashboard-4.8.0-1.x86_64.rpm               46 MB/s | 273 MB     00:05
--------------------------------------------------------------------------------
Total                                            46 MB/s | 273 MB     00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64                         1/1
  Installing       : wazuh-dashboard-4.8.0-1.x86_64                         1/1
  Running scriptlet: wazuh-dashboard-4.8.0-1.x86_64                         1/1
  Verifying        : wazuh-dashboard-4.8.0-1.x86_64                         1/1
Installed products updated.

Installed:
  wazuh-dashboard-4.8.0-1.x86_64

Complete!
16/05/2024 08:48:38 INFO: Wazuh dashboard installation finished.
16/05/2024 08:48:38 INFO: Wazuh dashboard post-install configuration finished.
16/05/2024 08:48:38 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
16/05/2024 08:48:39 INFO: wazuh-dashboard service started.
16/05/2024 08:48:43 INFO: Updating the internal users.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
16/05/2024 08:48:52 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
Successfully updated the keystore
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ec2-user
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
16/05/2024 08:50:01 INFO: Initializing Wazuh dashboard web application.
16/05/2024 08:50:02 INFO: Wazuh dashboard web application initialized.
16/05/2024 08:50:02 INFO: --- Dependencies ---
16/05/2024 08:50:02 INFO: Removing lsof.
Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: lsof x86_64 4.94.0-3.el9 @baseos 624 k Removing unused dependencies: libtirpc x86_64 1.3.3-8.el9_4 @rhel-9-baseos-rhui-rpms 202 k Transaction Summary ================================================================================ Remove 2 Packages Freed space: 826 k Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erasing : lsof-4.94.0-3.el9.x86_64 1/2 Erasing : libtirpc-1.3.3-8.el9_4.x86_64 2/2 Running scriptlet: libtirpc-1.3.3-8.el9_4.x86_64 2/2 Verifying : libtirpc-1.3.3-8.el9_4.x86_64 1/2 Verifying : lsof-4.94.0-3.el9.x86_64 2/2 Installed products updated. Removed: libtirpc-1.3.3-8.el9_4.x86_64 lsof-4.94.0-3.el9.x86_64 Complete!
16/05/2024 08:50:05 INFO: Installation finished.

Amazon Linux 2 - Offline 🟢

Logs on the console:

[root@ip-172-31-47-84 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh
[root@ip-172-31-47-84 ec2-user]# chmod 744 wazuh-install.sh
[root@ip-172-31-47-84 ec2-user]# ./wazuh-install.sh -dw rpm
16/05/2024 08:42:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:42:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:42:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:42:17 INFO: --- Download Packages ---
16/05/2024 08:42:17 INFO: Starting Wazuh packages download.
16/05/2024 08:42:17 INFO: Downloading Wazuh rpm packages for x86_64.
16/05/2024 08:42:20 INFO: The manager package was downloaded.
16/05/2024 08:42:21 INFO: The filebeat package was downloaded.
16/05/2024 08:42:23 INFO: The indexer package was downloaded.
16/05/2024 08:42:29 INFO: The dashboard package was downloaded.
16/05/2024 08:42:29 INFO: The packages are in wazuh-offline/wazuh-packages
16/05/2024 08:42:29 INFO: Downloading configuration files and assets.
16/05/2024 08:42:29 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
16/05/2024 08:42:29 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
16/05/2024 08:42:29 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
16/05/2024 08:42:30 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
16/05/2024 08:42:30 INFO: The configuration files and assets are in wazuh-offline.tar.gz
16/05/2024 08:43:37 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html

[root@ip-172-31-47-84 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
[root@ip-172-31-47-84 ec2-user]# sed -i -e '0,/<indexer-node-ip>/ s/<indexer-node-ip>/127.0.0.1/' config.yml
[root@ip-172-31-47-84 ec2-user]# sed -i -e '0,/<wazuh-manager-ip>/ s/<wazuh-manager-ip>/127.0.0.1/' config.yml
[root@ip-172-31-47-84 ec2-user]# sed -i -e '0,/<dashboard-node-ip>/ s/<dashboard-node-ip>/127.0.0.1/' config.yml
[root@ip-172-31-47-84 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh
[root@ip-172-31-47-84 ec2-user]# chmod 744 wazuh-certs-tool.sh
[root@ip-172-31-47-84 ec2-user]# ./wazuh-certs-tool.sh --all
16/05/2024 08:57:26 INFO: Generating the root certificate.
16/05/2024 08:57:26 INFO: Generating Admin certificates.
16/05/2024 08:57:26 INFO: Admin certificates created.
16/05/2024 08:57:26 INFO: Generating Wazuh indexer certificates.
16/05/2024 08:57:26 INFO: Wazuh indexer certificates created.
16/05/2024 08:57:26 INFO: Generating Filebeat certificates.
16/05/2024 08:57:26 INFO: Wazuh Filebeat certificates created.
16/05/2024 08:57:26 INFO: Generating Wazuh dashboard certificates.
16/05/2024 08:57:26 INFO: Wazuh dashboard certificates created.

[root@ip-172-31-47-84 ec2-user]# tar xf wazuh-offline.tar.gz
[root@ip-172-31-47-84 ec2-user]# ls -l wazuh-offline/wazuh-packages/
total 1365388
-rw------- 1 root root  21808122 may 16 08:42 filebeat-oss-7.10.2-x86_64.rpm
-rw------- 1 root root 286054108 may 16 08:42 wazuh-dashboard-4.8.0-1.x86_64.rpm
-rw------- 1 root root 778825176 may 16 08:42 wazuh-indexer-4.8.0-1.x86_64.rpm
-rw------- 1 root root 311462592 may 16 08:42 wazuh-manager-4.8.0-1.x86_64.rpm

[root@ip-172-31-47-84 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-47-84 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-indexer*.rpm
Preparando...                         ################################# [100%]
Actualizando / instalando...
   1:wazuh-indexer-4.8.0-1            ################################# [100%]

[root@ip-172-31-47-84 ec2-user]# NODE_NAME=node-1
[root@ip-172-31-47-84 ec2-user]# mkdir /etc/wazuh-indexer/certs
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@ip-172-31-47-84 ec2-user]# mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-47-84 ec2-user]# mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-47-84 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-47-84 ec2-user]# chmod 500 /etc/wazuh-indexer/certs
[root@ip-172-31-47-84 ec2-user]# chmod 400 /etc/wazuh-indexer/certs/*
[root@ip-172-31-47-84 ec2-user]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@ip-172-31-47-84 ec2-user]# nano /etc/wazuh-indexer/opensearch.yml
[root@ip-172-31-47-84 ec2-user]# systemctl daemon-reload
[root@ip-172-31-47-84 ec2-user]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@ip-172-31-47-84 ec2-user]# systemctl start wazuh-indexer

[root@ip-172-31-47-84 ec2-user]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success

[root@ip-172-31-47-84 ec2-user]# curl -XGET https://localhost:9200 -u admin:admin -k
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "2UBDfU8pTCeBLoKk57kl9A",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

[root@ip-172-31-47-84 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-47-84 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-manager*.rpm
Preparando...                         ################################# [100%]
Actualizando / instalando...
   1:wazuh-manager-4.8.0-1            ################################# [100%]
[root@ip-172-31-47-84 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@ip-172-31-47-84 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@ip-172-31-47-84 ec2-user]# systemctl daemon-reload
[root@ip-172-31-47-84 ec2-user]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@ip-172-31-47-84 ec2-user]# systemctl start wazuh-manager

[root@ip-172-31-47-84 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/filebeat*.rpm
Preparando...                         ################################# [100%]
Actualizando / instalando...
   1:filebeat-7.10.2-1                ################################# [100%]
[root@ip-172-31-47-84 ec2-user]# cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\
> cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\
> chmod go+r /etc/filebeat/wazuh-template.json
cp: ¿sobreescribir «/etc/filebeat/filebeat.yml»? (s/n) s
[root@ip-172-31-47-84 ec2-user]# nano /etc/filebeat/filebeat.yml
[root@ip-172-31-47-84 ec2-user]# filebeat keystore create
Created filebeat keystore
[root@ip-172-31-47-84 ec2-user]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@ip-172-31-47-84 ec2-user]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore

[root@ip-172-31-47-84 ec2-user]# tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.4.tar.gz -C /usr/share/filebeat/module
[root@ip-172-31-47-84 ec2-user]# NODE_NAME=wazuh-1
[root@ip-172-31-47-84 ec2-user]# mkdir /etc/filebeat/certs
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@ip-172-31-47-84 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/
[root@ip-172-31-47-84 ec2-user]# chmod 500 /etc/filebeat/certs
[root@ip-172-31-47-84 ec2-user]# chmod 400 /etc/filebeat/certs/*
[root@ip-172-31-47-84 ec2-user]# chown -R root:root /etc/filebeat/certs
[root@ip-172-31-47-84 ec2-user]# systemctl daemon-reload
[root@ip-172-31-47-84 ec2-user]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@ip-172-31-47-84 ec2-user]# systemctl start filebeat

[root@ip-172-31-47-84 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2


[root@ip-172-31-47-84 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-47-84 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-dashboard*.rpm
Preparando...                         ################################# [100%]
Actualizando / instalando...
   1:wazuh-dashboard-4.8.0-1          ################################# [100%]
[root@ip-172-31-47-84 ec2-user]# NODE_NAME=dashboard
[root@ip-172-31-47-84 ec2-user]# mkdir /etc/wazuh-dashboard/certs
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@ip-172-31-47-84 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@ip-172-31-47-84 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/
[root@ip-172-31-47-84 ec2-user]# chmod 500 /etc/wazuh-dashboard/certs
[root@ip-172-31-47-84 ec2-user]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@ip-172-31-47-84 ec2-user]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@ip-172-31-47-84 ec2-user]# systemctl daemon-reload
[root@ip-172-31-47-84 ec2-user]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@ip-172-31-47-84 ec2-user]# systemctl start wazuh-dashboard

Logs in wazuh-install.log

[root@ip-172-31-47-84 ec2-user]# cat /var/log/wazuh-install.log
16/05/2024 08:42:10 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
16/05/2024 08:42:10 INFO: Verbose logging redirected to /var/log/wazuh-install.log
16/05/2024 08:42:12 INFO: Verifying that your system meets the recommended minimum hardware requirements.
16/05/2024 08:42:17 INFO: --- Download Packages ---
16/05/2024 08:42:17 INFO: Starting Wazuh packages download.
16/05/2024 08:42:17 INFO: Downloading Wazuh rpm packages for x86_64.
16/05/2024 08:42:20 INFO: The manager package was downloaded.
16/05/2024 08:42:21 INFO: The filebeat package was downloaded.
16/05/2024 08:42:23 INFO: The indexer package was downloaded.
16/05/2024 08:42:29 INFO: The dashboard package was downloaded.
16/05/2024 08:42:29 INFO: The packages are in wazuh-offline/wazuh-packages
16/05/2024 08:42:29 INFO: Downloading configuration files and assets.
16/05/2024 08:42:29 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
16/05/2024 08:42:29 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
16/05/2024 08:42:29 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
16/05/2024 08:42:30 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
16/05/2024 08:42:30 INFO: The configuration files and assets are in wazuh-offline.tar.gz
16/05/2024 08:43:37 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html

[CarlosALgit]

Installed packages 🟢

Amazon Linux 2 🟢

[root@ip-172-31-40-54 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.8.0-1.x86_64                jue 16 may 2024 08:46:20 UTC
filebeat-7.10.2-1.x86_64                      jue 16 may 2024 08:40:15 UTC
wazuh-manager-4.8.0-1.x86_64                  jue 16 may 2024 08:39:44 UTC
wazuh-indexer-4.8.0-1.x86_64                  jue 16 may 2024 08:38:21 UTC
gpg-pubkey-29111145-591cd381                  jue 16 may 2024 08:36:53 UTC

The gpg package is installed as part of the dependencies of the Installation Assistant. It's used to import the Wazuh GPG keys.

Ubuntu 22 🟢

root@ip-172-31-47-61:/home/ubuntu# grep " install " /var/log/dpkg.log | tail
2024-05-16 08:37:42 install apt-transport-https:all <none> 2.4.12
2024-05-16 08:38:18 install wazuh-indexer:amd64 <none> 4.8.0-1
2024-05-16 08:40:24 install wazuh-manager:amd64 <none> 4.8.0-1
2024-05-16 08:42:14 install filebeat:amd64 <none> 7.10.2
2024-05-16 08:42:42 install wazuh-dashboard:amd64 <none> 4.8.0-1

The apt-transport-https package is installed as part of the dependencias of the Installation Assistant. It's used to download packages from repositories that use HTTPS protocol via APT.

RHEL 9 🟢

[root@ip-172-31-33-80 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.8.0-1.x86_64                Thu 16 May 2024 08:48:19 AM UTC
filebeat-7.10.2-1.x86_64                      Thu 16 May 2024 08:43:18 AM UTC
wazuh-manager-4.8.0-1.x86_64                  Thu 16 May 2024 08:42:24 AM UTC
wazuh-indexer-4.8.0-1.x86_64                  Thu 16 May 2024 08:40:55 AM UTC
gpg-pubkey-29111145-591cd381                  Thu 16 May 2024 08:37:30 AM UTC
gpg-pubkey-8483c65d-5ccc5b19                  Thu 16 May 2024 08:37:25 AM UTC

The gpg package is installed as part of the dependencies of the Installation Assistant. It's used to import the Wazuh GPG keys.

Amazon Linux 2 - Offline 🟢

[root@ip-172-31-47-84 ec2-user]# rpm -qa --last | head -n 20
wazuh-dashboard-4.8.0-1.x86_64                jue 16 may 2024 09:25:43 UTC
filebeat-7.10.2-1.x86_64                      jue 16 may 2024 09:21:00 UTC
wazuh-manager-4.8.0-1.x86_64                  jue 16 may 2024 09:18:26 UTC
wazuh-indexer-4.8.0-1.x86_64                  jue 16 may 2024 09:00:54 UTC
gpg-pubkey-29111145-591cd381                  jue 16 may 2024 08:59:50 UTC

The gpg package is installed as part of the dependencies of the Installation Assistant. It's used to import the Wazuh GPG keys.

[CarlosALgit]

Wazuh Indexer logs 🟡

Amazon Linux 2 🟡

Agent status

[root@ip-172-31-40-54 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 08:38:59 UTC; 1h 13min ago
     Docs: https://documentation.wazuh.com
 Main PID: 8621 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─8621 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss...

may 16 08:38:37 ip-172-31-40-54.ec2.internal systemd[1]: Starting Wazuh-indexer...
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/sh...10.0.jar)
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager will be removed in a future release
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/shar...10.0.jar)
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager will be removed in a future release
may 16 08:38:59 ip-172-31-40-54.ec2.internal systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

Service status

[root@ip-172-31-40-54 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 09:52:18 UTC. --
may 16 08:38:37 ip-172-31-40-54.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
may 16 08:38:40 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager will be removed in a future release
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
may 16 08:38:42 ip-172-31-40-54.ec2.internal systemd-entrypoint[8621]: WARNING: System::setSecurityManager will be removed in a future release
may 16 08:38:59 ip-172-31-40-54.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167

[root@ip-172-31-40-54 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-05-16T08:38:42,193][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3928m, -Xmx3928m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-4246343044412585584, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2059403264, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-05-16T08:38:54,047][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-05-16T08:38:54,101][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-05-16T08:38:54,105][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-05-16T08:38:55,523][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-05-16T08:38:57,761][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-05-16T08:38:59,450][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-05-16T08:38:59,533][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,538][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,539][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,539][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,539][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,539][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,540][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,540][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,540][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,540][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:38:59,950][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-05-16T08:47:35,645][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:55212
[2024-05-16T08:47:38,162][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:55220
[2024-05-16T08:47:43,691][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:60010
[2024-05-16T08:47:45,143][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:60024
[2024-05-16T08:47:47,972][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:60024

Ubuntu 22 🟡

Agent status

root@ip-172-31-47-61:/home/ubuntu# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-05-16 08:40:05 UTC; 1h 18min ago
       Docs: https://documentation.wazuh.com
   Main PID: 4513 (java)
      Tasks: 73 (limit: 9425)
     Memory: 4.3G
        CPU: 2min 11.105s
     CGroup: /system.slice/wazuh-indexer.service
             └─4513 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss>

May 16 08:39:42 ip-172-31-47-61 systemd[1]: Starting Wazuh-indexer...
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/op>
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/open>
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:40:05 ip-172-31-47-61 systemd[1]: Started Wazuh-indexer.

Service status

root@ip-172-31-47-61:/home/ubuntu# journalctl -xe -u wazuh-indexer.service --no-pager
May 16 08:39:42 ip-172-31-47-61 systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 2051.
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 16 08:39:45 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 16 08:39:47 ip-172-31-47-61 systemd-entrypoint[4513]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:40:05 ip-172-31-47-61 systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 2051.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167

🟡 Related issue: wazuh/wazuh-indexer#71 Fail to read queue capacity via reflection

root@ip-172-31-47-61:/home/ubuntu# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-05-16T08:39:47,605][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3934m, -Xmx3934m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-3263262230539286340, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=2062548992, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-05-16T08:39:59,596][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-05-16T08:39:59,652][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-05-16T08:39:59,655][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-05-16T08:40:01,251][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-05-16T08:40:02,466][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,481][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,482][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,482][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,483][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,483][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,483][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,484][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,485][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,494][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,494][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,495][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,496][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,497][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,502][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,503][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,512][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,512][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,513][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,513][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,513][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,514][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,514][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,517][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,518][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,518][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,519][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,519][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,519][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,520][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,520][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,520][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,521][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:02,521][WARN ][o.o.p.c.ThreadPoolMetricsCollector] [node-1] Fail to read queue capacity via reflection
[2024-05-16T08:40:03,233][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-05-16T08:40:05,011][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-05-16T08:40:05,379][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-05-16T08:40:06,141][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,142][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,142][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,142][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,143][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,143][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,143][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,143][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,144][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:40:06,144][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:46:14,246][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:50828
[2024-05-16T08:46:16,813][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:37542
[2024-05-16T08:46:22,124][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:37562
[2024-05-16T08:46:23,529][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:37572
[2024-05-16T08:46:26,242][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:37572

RHEL 9 🟡

Agent status

[root@ip-172-31-33-80 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-05-16 08:41:25 UTC; 1h 26min ago
       Docs: https://documentation.wazuh.com
   Main PID: 16123 (java)
      Tasks: 69 (limit: 48194)
     Memory: 4.1G
        CPU: 1min 42.577s
     CGroup: /system.slice/wazuh-indexer.service
             └─16123 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xs>

May 16 08:41:03 ip-172-31-33-80.ec2.internal systemd[1]: Starting Wazuh-indexer...
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh->
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-in>
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:41:25 ip-172-31-33-80.ec2.internal systemd[1]: Started Wazuh-indexer.

Service status

[root@ip-172-31-33-80 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
May 16 08:41:03 ip-172-31-33-80.ec2.internal systemd[1]: Starting Wazuh-indexer...
░░ Subject: A start job for unit wazuh-indexer.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has begun execution.
░░
░░ The job identifier is 2734.
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 16 08:41:05 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: A terminally deprecated method in java.lang.System has been called
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 16 08:41:08 ip-172-31-33-80.ec2.internal systemd-entrypoint[16123]: WARNING: System::setSecurityManager will be removed in a future release
May 16 08:41:25 ip-172-31-33-80.ec2.internal systemd[1]: Started Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-indexer.service has finished successfully.
░░
░░ The job identifier is 2734.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167

[root@ip-172-31-33-80 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-05-16T08:41:08,084][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms3804m, -Xmx3804m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-14642444537461104821, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=1994391552, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-05-16T08:41:19,841][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-05-16T08:41:19,891][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-05-16T08:41:19,894][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-05-16T08:41:21,406][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-05-16T08:41:23,456][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-05-16T08:41:25,369][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-05-16T08:41:25,866][ERROR][o.o.s.a.BackendRegistry  ] [node-1] Not yet initialized (you may need to run securityadmin)
[2024-05-16T08:41:26,439][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,440][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,440][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,440][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,441][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,445][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,445][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,445][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,446][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:41:26,446][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T08:49:37,389][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:37488
[2024-05-16T08:49:39,964][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:40020
[2024-05-16T08:49:45,361][WARN ][o.o.s.a.BackendRegistry  ] [node-1] Authentication finally failed for admin from 127.0.0.1:40044

Amazon Linux 2 - Offline 🟡

Agent status

[root@ip-172-31-47-84 ec2-user]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 09:08:24 UTC; 1h 2min ago
     Docs: https://documentation.wazuh.com
 Main PID: 8750 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─8750 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss...

may 16 09:08:03 ip-172-31-47-84.ec2.internal systemd[1]: Starting Wazuh-indexer...
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/sh...10.0.jar)
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager will be removed in a future release
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/shar...10.0.jar)
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager will be removed in a future release
may 16 09:08:24 ip-172-31-47-84.ec2.internal systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

Service status

[root@ip-172-31-47-84 ec2-user]# journalctl -xe -u wazuh-indexer.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 10:10:55 UTC. --
may 16 09:08:03 ip-172-31-47-84.ec2.internal systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has begun starting up.
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
may 16 09:08:05 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager will be removed in a future release
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: A terminally deprecated method in java.lang.System has been called
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
may 16 09:08:07 ip-172-31-47-84.ec2.internal systemd-entrypoint[8750]: WARNING: System::setSecurityManager will be removed in a future release
may 16 09:08:24 ip-172-31-47-84.ec2.internal systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-indexer.service has finished starting up.
--
-- The start-up result is done.

Errors

🟡 Normal errors of uninitialized indexes. Related: wazuh/wazuh-packages#1511 (comment)
🟡 Failure no such index. Related: wazuh/wazuh-indexer#167

[root@ip-172-31-47-84 ec2-user]# cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-05-16T09:08:07,646][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8604767006469785124, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-05-16T09:08:18,751][WARN ][o.o.s.c.Salt             ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-05-16T09:08:18,803][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2024-05-16T09:08:18,810][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2024-05-16T09:08:20,374][WARN ][o.o.s.p.SQLPlugin        ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-05-16T09:08:22,575][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-05-16T09:08:24,160][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2024-05-16T09:08:24,244][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,244][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,245][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,253][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,253][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,253][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,254][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,254][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,254][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:24,255][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,260][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,261][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,261][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,262][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,262][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,262][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,262][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,262][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,263][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:37,263][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,266][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,266][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,267][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,267][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,267][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,267][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,267][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,268][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,268][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:08:50,268][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,269][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,270][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,270][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,270][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,270][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,271][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,271][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,271][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,271][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:03,272][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,273][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,273][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,273][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,274][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,274][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,274][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,274][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,275][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,275][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:16,275][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,276][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,277][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,277][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,277][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,277][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,277][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,278][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,278][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,278][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:29,278][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,280][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,280][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,280][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,280][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,280][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,281][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,281][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,281][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,281][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:42,281][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,282][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,283][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,283][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,283][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,283][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,284][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,284][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,284][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,284][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:09:55,284][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,286][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,287][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,287][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,287][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,287][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,288][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:08,288][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,289][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,290][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,291][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,291][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:21,291][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,292][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,293][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,294][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,295][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:34,295][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,296][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,297][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,298][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,298][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,298][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:10:47,298][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,299][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,300][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,301][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:00,301][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,302][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,302][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,303][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,303][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,303][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,303][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,303][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,304][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,304][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:13,304][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,305][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,305][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,305][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,306][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,306][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,306][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,306][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,306][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,307][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:26,307][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,308][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,308][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,309][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,310][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:39,310][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,311][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,311][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,312][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,313][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:11:52,313][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,314][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,315][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,315][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,315][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,315][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,315][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,316][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,316][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,316][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:05,316][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,317][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,317][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:18,318][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,319][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,320][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,320][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,320][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,320][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,320][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,321][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,321][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,321][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:31,321][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,322][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,323][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,324][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:44,324][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,325][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,325][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,325][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:12:57,326][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,328][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,328][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,328][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,328][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,328][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,329][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,329][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,329][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,329][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:10,329][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,331][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,331][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,331][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,331][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,331][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,332][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,332][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,332][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,332][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:23,332][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,333][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,334][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,335][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:36,335][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,336][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,336][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,336][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:13:49,337][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,339][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,340][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,340][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:02,340][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,341][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:15,342][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,342][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,343][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:28,344][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,345][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:41,346][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,347][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,348][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,349][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:14:54,349][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,350][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:07,351][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,352][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,353][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,353][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,353][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:20,353][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,354][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,355][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,355][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,355][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:33,355][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,356][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,356][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,356][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,356][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:46,357][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,358][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,358][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,358][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,358][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:15:59,359][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:12,360][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,361][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:25,362][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,363][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2024-05-16T09:16:38,364][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)

[CarlosALgit]

Wazuh Manager logs 🟡

Amazon Linux 2 🟡

Agent status

[root@ip-172-31-40-54 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 08:47:37 UTC; 1h 36min ago
   CGroup: /system.slice/wazuh-manager.service
           ├─13272 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─13273 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─13276 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─13279 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─13323 /var/ossec/bin/wazuh-authd
           ├─13340 /var/ossec/bin/wazuh-db
           ├─13366 /var/ossec/bin/wazuh-execd
           ├─13390 /var/ossec/bin/wazuh-analysisd
           ├─13403 /var/ossec/bin/wazuh-syscheckd
           ├─13451 /var/ossec/bin/wazuh-remoted
           ├─13486 /var/ossec/bin/wazuh-logcollector
           ├─13506 /var/ossec/bin/wazuh-monitord
           └─13530 /var/ossec/bin/wazuh-modulesd

may 16 08:47:31 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-syscheckd...
may 16 08:47:32 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-remoted...
may 16 08:47:33 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-logcollector...
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-monitord...
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:34 wazuh-modulesd:router: INFO: Loaded router module.
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:34 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 08:47:35 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-modulesd...
may 16 08:47:37 ip-172-31-40-54.ec2.internal env[13212]: Completed.
may 16 08:47:37 ip-172-31-40-54.ec2.internal systemd[1]: Started Wazuh manager.
may 16 08:47:42 ip-172-31-40-54.ec2.internal crontab[14068]: (root) LIST (root)

Service status

[root@ip-172-31-40-54 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 10:22:29 UTC. --
may 16 08:39:49 ip-172-31-40-54.ec2.internal systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
may 16 08:39:50 ip-172-31-40-54.ec2.internal env[9993]: 2024/05/16 08:39:50 wazuh-modulesd:router: INFO: Loaded router module.
may 16 08:39:50 ip-172-31-40-54.ec2.internal env[9993]: 2024/05/16 08:39:50 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 08:39:51 ip-172-31-40-54.ec2.internal env[9993]: Starting Wazuh v4.8.0...
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-apid...
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-csyslogd...
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-dbd...
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: 2024/05/16 08:39:55 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-integratord...
may 16 08:39:55 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-agentlessd...
may 16 08:39:56 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-authd...
may 16 08:39:57 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-db...
may 16 08:39:58 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-execd...
may 16 08:39:59 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-analysisd...
may 16 08:40:00 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-syscheckd...
may 16 08:40:01 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-remoted...
may 16 08:40:02 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-logcollector...
may 16 08:40:04 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-monitord...
may 16 08:40:04 ip-172-31-40-54.ec2.internal env[9993]: 2024/05/16 08:40:04 wazuh-modulesd:router: INFO: Loaded router module.
may 16 08:40:04 ip-172-31-40-54.ec2.internal env[9993]: 2024/05/16 08:40:04 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 08:40:05 ip-172-31-40-54.ec2.internal env[9993]: Started wazuh-modulesd...
may 16 08:40:07 ip-172-31-40-54.ec2.internal env[9993]: Completed.
may 16 08:40:07 ip-172-31-40-54.ec2.internal systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
may 16 08:40:07 ip-172-31-40-54.ec2.internal crontab[10583]: (root) LIST (root)
may 16 08:47:12 ip-172-31-40-54.ec2.internal systemd[1]: Stopping Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun shutting down.
may 16 08:47:12 ip-172-31-40-54.ec2.internal env[12974]: wazuh-clusterd not running...
may 16 08:47:12 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-modulesd...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-monitord...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-logcollector...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-remoted...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-syscheckd...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-analysisd...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: wazuh-maild not running...
may 16 08:47:17 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-execd...
may 16 08:47:18 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-db...
may 16 08:47:18 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-authd...
may 16 08:47:19 ip-172-31-40-54.ec2.internal env[12974]: wazuh-agentlessd not running...
may 16 08:47:19 ip-172-31-40-54.ec2.internal env[12974]: wazuh-integratord not running...
may 16 08:47:19 ip-172-31-40-54.ec2.internal env[12974]: wazuh-dbd not running...
may 16 08:47:19 ip-172-31-40-54.ec2.internal env[12974]: wazuh-csyslogd not running...
may 16 08:47:19 ip-172-31-40-54.ec2.internal env[12974]: Killing wazuh-apid...
may 16 08:47:20 ip-172-31-40-54.ec2.internal env[12974]: Wazuh v4.8.0 Stopped
may 16 08:47:20 ip-172-31-40-54.ec2.internal systemd[1]: Stopped Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished shutting down.
may 16 08:47:20 ip-172-31-40-54.ec2.internal systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
may 16 08:47:22 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:22 wazuh-modulesd:router: INFO: Loaded router module.
may 16 08:47:22 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:22 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 08:47:23 ip-172-31-40-54.ec2.internal env[13212]: Starting Wazuh v4.8.0...
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-apid...
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-csyslogd...
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-dbd...
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:26 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-integratord...
may 16 08:47:26 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-agentlessd...
may 16 08:47:27 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-authd...
may 16 08:47:28 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-db...
may 16 08:47:29 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-execd...
may 16 08:47:30 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-analysisd...
may 16 08:47:31 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-syscheckd...
may 16 08:47:32 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-remoted...
may 16 08:47:33 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-logcollector...
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-monitord...
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:34 wazuh-modulesd:router: INFO: Loaded router module.
may 16 08:47:34 ip-172-31-40-54.ec2.internal env[13212]: 2024/05/16 08:47:34 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 08:47:35 ip-172-31-40-54.ec2.internal env[13212]: Started wazuh-modulesd...
may 16 08:47:37 ip-172-31-40-54.ec2.internal env[13212]: Completed.
may 16 08:47:37 ip-172-31-40-54.ec2.internal systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.
may 16 08:47:42 ip-172-31-40-54.ec2.internal crontab[14068]: (root) LIST (root)

Errors

🟡 Warning IndexerConnector. Related: #21829

[root@ip-172-31-40-54 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/05/16 08:40:04 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-40-54.ec2.internal', retrying until the connection is successful.
2024/05/16 08:47:35 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-40-54.ec2.internal', retrying until the connection is successful.

Ubuntu 22 🟡

Agent status

root@ip-172-31-47-61:/home/ubuntu# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-05-16 08:46:16 UTC; 1h 40min ago
      Tasks: 153 (limit: 9425)
     Memory: 1.9G
        CPU: 10min 21.566s
     CGroup: /system.slice/wazuh-manager.service
             ├─52814 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─52815 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─52818 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─52821 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─52863 /var/ossec/bin/wazuh-authd
             ├─52879 /var/ossec/bin/wazuh-db
             ├─52905 /var/ossec/bin/wazuh-execd
             ├─52919 /var/ossec/bin/wazuh-analysisd
             ├─52932 /var/ossec/bin/wazuh-syscheckd
             ├─52979 /var/ossec/bin/wazuh-remoted
             ├─53014 /var/ossec/bin/wazuh-logcollector
             ├─53035 /var/ossec/bin/wazuh-monitord
             └─53061 /var/ossec/bin/wazuh-modulesd

May 16 08:46:09 ip-172-31-47-61 env[52758]: Started wazuh-analysisd...
May 16 08:46:10 ip-172-31-47-61 env[52758]: Started wazuh-syscheckd...
May 16 08:46:11 ip-172-31-47-61 env[52758]: Started wazuh-remoted...
May 16 08:46:12 ip-172-31-47-61 env[52758]: Started wazuh-logcollector...
May 16 08:46:13 ip-172-31-47-61 env[52758]: Started wazuh-monitord...
May 16 08:46:13 ip-172-31-47-61 env[53058]: 2024/05/16 08:46:13 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:46:13 ip-172-31-47-61 env[53058]: 2024/05/16 08:46:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:46:14 ip-172-31-47-61 env[52758]: Started wazuh-modulesd...
May 16 08:46:16 ip-172-31-47-61 env[52758]: Completed.
May 16 08:46:16 ip-172-31-47-61 systemd[1]: Started Wazuh manager.

Service status

root@ip-172-31-47-61:/home/ubuntu# journalctl -xe -u wazuh-manager.service --no-pager
May 16 08:41:49 ip-172-31-47-61 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 2139.
May 16 08:41:52 ip-172-31-47-61 env[49532]: 2024/05/16 08:41:52 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:41:52 ip-172-31-47-61 env[49532]: 2024/05/16 08:41:52 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:41:53 ip-172-31-47-61 env[49502]: Starting Wazuh v4.8.0...
May 16 08:41:58 ip-172-31-47-61 env[49502]: Started wazuh-apid...
May 16 08:41:58 ip-172-31-47-61 env[49502]: Started wazuh-csyslogd...
May 16 08:41:58 ip-172-31-47-61 env[49502]: Started wazuh-dbd...
May 16 08:41:58 ip-172-31-47-61 env[49577]: 2024/05/16 08:41:58 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 16 08:41:58 ip-172-31-47-61 env[49502]: Started wazuh-integratord...
May 16 08:41:58 ip-172-31-47-61 env[49502]: Started wazuh-agentlessd...
May 16 08:41:59 ip-172-31-47-61 env[49502]: Started wazuh-authd...
May 16 08:42:00 ip-172-31-47-61 env[49502]: Started wazuh-db...
May 16 08:42:01 ip-172-31-47-61 env[49502]: Started wazuh-execd...
May 16 08:42:02 ip-172-31-47-61 env[49502]: Started wazuh-analysisd...
May 16 08:42:03 ip-172-31-47-61 env[49502]: Started wazuh-syscheckd...
May 16 08:42:04 ip-172-31-47-61 env[49502]: Started wazuh-remoted...
May 16 08:42:05 ip-172-31-47-61 env[49502]: Started wazuh-logcollector...
May 16 08:42:07 ip-172-31-47-61 env[49502]: Started wazuh-monitord...
May 16 08:42:07 ip-172-31-47-61 env[49795]: 2024/05/16 08:42:07 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:42:07 ip-172-31-47-61 env[49795]: 2024/05/16 08:42:07 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:42:08 ip-172-31-47-61 env[49502]: Started wazuh-modulesd...
May 16 08:42:10 ip-172-31-47-61 env[49502]: Completed.
May 16 08:42:10 ip-172-31-47-61 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 2139.
May 16 08:45:50 ip-172-31-47-61 systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 2578.
May 16 08:45:50 ip-172-31-47-61 env[52518]: wazuh-clusterd not running...
May 16 08:45:50 ip-172-31-47-61 env[52518]: Killing wazuh-modulesd...
May 16 08:45:56 ip-172-31-47-61 env[52518]: Killing wazuh-monitord...
May 16 08:45:56 ip-172-31-47-61 env[52518]: Killing wazuh-logcollector...
May 16 08:45:56 ip-172-31-47-61 env[52518]: Killing wazuh-remoted...
May 16 08:45:56 ip-172-31-47-61 env[52518]: Killing wazuh-syscheckd...
May 16 08:45:57 ip-172-31-47-61 env[52518]: Killing wazuh-analysisd...
May 16 08:45:57 ip-172-31-47-61 env[52518]: wazuh-maild not running...
May 16 08:45:57 ip-172-31-47-61 env[52518]: Killing wazuh-execd...
May 16 08:45:57 ip-172-31-47-61 env[52518]: Killing wazuh-db...
May 16 08:45:58 ip-172-31-47-61 env[52518]: Killing wazuh-authd...
May 16 08:45:59 ip-172-31-47-61 env[52518]: wazuh-agentlessd not running...
May 16 08:45:59 ip-172-31-47-61 env[52518]: wazuh-integratord not running...
May 16 08:45:59 ip-172-31-47-61 env[52518]: wazuh-dbd not running...
May 16 08:45:59 ip-172-31-47-61 env[52518]: wazuh-csyslogd not running...
May 16 08:45:59 ip-172-31-47-61 env[52518]: Killing wazuh-apid...
May 16 08:45:59 ip-172-31-47-61 env[52518]: Wazuh v4.8.0 Stopped
May 16 08:45:59 ip-172-31-47-61 systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
May 16 08:45:59 ip-172-31-47-61 systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 2578 and the job result is done.
May 16 08:45:59 ip-172-31-47-61 systemd[1]: wazuh-manager.service: Consumed 2min 508ms CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
May 16 08:45:59 ip-172-31-47-61 systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 2578.
May 16 08:46:01 ip-172-31-47-61 env[52788]: 2024/05/16 08:46:01 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:46:01 ip-172-31-47-61 env[52788]: 2024/05/16 08:46:01 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:46:01 ip-172-31-47-61 env[52758]: Starting Wazuh v4.8.0...
May 16 08:46:04 ip-172-31-47-61 env[52758]: Started wazuh-apid...
May 16 08:46:04 ip-172-31-47-61 env[52758]: Started wazuh-csyslogd...
May 16 08:46:04 ip-172-31-47-61 env[52758]: Started wazuh-dbd...
May 16 08:46:04 ip-172-31-47-61 env[52842]: 2024/05/16 08:46:04 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 16 08:46:04 ip-172-31-47-61 env[52758]: Started wazuh-integratord...
May 16 08:46:04 ip-172-31-47-61 env[52758]: Started wazuh-agentlessd...
May 16 08:46:05 ip-172-31-47-61 env[52758]: Started wazuh-authd...
May 16 08:46:06 ip-172-31-47-61 env[52758]: Started wazuh-db...
May 16 08:46:07 ip-172-31-47-61 env[52758]: Started wazuh-execd...
May 16 08:46:09 ip-172-31-47-61 env[52758]: Started wazuh-analysisd...
May 16 08:46:10 ip-172-31-47-61 env[52758]: Started wazuh-syscheckd...
May 16 08:46:11 ip-172-31-47-61 env[52758]: Started wazuh-remoted...
May 16 08:46:12 ip-172-31-47-61 env[52758]: Started wazuh-logcollector...
May 16 08:46:13 ip-172-31-47-61 env[52758]: Started wazuh-monitord...
May 16 08:46:13 ip-172-31-47-61 env[53058]: 2024/05/16 08:46:13 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:46:13 ip-172-31-47-61 env[53058]: 2024/05/16 08:46:13 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:46:14 ip-172-31-47-61 env[52758]: Started wazuh-modulesd...
May 16 08:46:16 ip-172-31-47-61 env[52758]: Completed.
May 16 08:46:16 ip-172-31-47-61 systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 2578.

Errors

🟡 Related: #21829

root@ip-172-31-47-61:/home/ubuntu# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/05/16 08:42:07 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-47-61', retrying until the connection is successful.
2024/05/16 08:46:14 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-47-61', retrying until the connection is successful.

RHEL 9 🟡

Agent status

[root@ip-172-31-33-80 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
     Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-05-16 08:49:39 UTC; 1h 52min ago
      Tasks: 153 (limit: 48194)
     Memory: 1.8G
        CPU: 9min 42.829s
     CGroup: /system.slice/wazuh-manager.service
             ├─20840 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─20841 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─20844 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─20847 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
             ├─20891 /var/ossec/bin/wazuh-authd
             ├─20908 /var/ossec/bin/wazuh-db
             ├─20934 /var/ossec/bin/wazuh-execd
             ├─20949 /var/ossec/bin/wazuh-analysisd
             ├─20961 /var/ossec/bin/wazuh-syscheckd
             ├─21010 /var/ossec/bin/wazuh-remoted
             ├─21045 /var/ossec/bin/wazuh-logcollector
             ├─21065 /var/ossec/bin/wazuh-monitord
             └─21091 /var/ossec/bin/wazuh-modulesd

May 16 08:49:32 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-analysisd...
May 16 08:49:33 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-syscheckd...
May 16 08:49:34 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-remoted...
May 16 08:49:35 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-logcollector...
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-monitord...
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[21087]: 2024/05/16 08:49:36 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[21087]: 2024/05/16 08:49:36 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:49:37 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-modulesd...
May 16 08:49:39 ip-172-31-33-80.ec2.internal env[20769]: Completed.
May 16 08:49:39 ip-172-31-33-80.ec2.internal systemd[1]: Started Wazuh manager.

Service status

[root@ip-172-31-33-80 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
May 16 08:42:56 ip-172-31-33-80.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 2995.
May 16 08:42:58 ip-172-31-33-80.ec2.internal env[17589]: 2024/05/16 08:42:58 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:42:58 ip-172-31-33-80.ec2.internal env[17589]: 2024/05/16 08:42:58 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:42:58 ip-172-31-33-80.ec2.internal env[17552]: Starting Wazuh v4.8.0...
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-apid...
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-csyslogd...
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-dbd...
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17635]: 2024/05/16 08:43:01 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-integratord...
May 16 08:43:01 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-agentlessd...
May 16 08:43:02 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-authd...
May 16 08:43:03 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-db...
May 16 08:43:04 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-execd...
May 16 08:43:05 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-analysisd...
May 16 08:43:06 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-syscheckd...
May 16 08:43:07 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-remoted...
May 16 08:43:09 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-logcollector...
May 16 08:43:10 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-monitord...
May 16 08:43:10 ip-172-31-33-80.ec2.internal env[17859]: 2024/05/16 08:43:10 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:43:10 ip-172-31-33-80.ec2.internal env[17859]: 2024/05/16 08:43:10 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:43:11 ip-172-31-33-80.ec2.internal env[17552]: Started wazuh-modulesd...
May 16 08:43:13 ip-172-31-33-80.ec2.internal env[17552]: Completed.
May 16 08:43:13 ip-172-31-33-80.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 2995.
May 16 08:49:14 ip-172-31-33-80.ec2.internal systemd[1]: Stopping Wazuh manager...
░░ Subject: A stop job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3438.
May 16 08:49:14 ip-172-31-33-80.ec2.internal env[20528]: wazuh-clusterd not running...
May 16 08:49:14 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-modulesd...
May 16 08:49:19 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-monitord...
May 16 08:49:19 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-logcollector...
May 16 08:49:19 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-remoted...
May 16 08:49:19 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-syscheckd...
May 16 08:49:20 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-analysisd...
May 16 08:49:20 ip-172-31-33-80.ec2.internal env[20528]: wazuh-maild not running...
May 16 08:49:20 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-execd...
May 16 08:49:20 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-db...
May 16 08:49:21 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-authd...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: wazuh-agentlessd not running...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: wazuh-integratord not running...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: wazuh-dbd not running...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: wazuh-csyslogd not running...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: Killing wazuh-apid...
May 16 08:49:22 ip-172-31-33-80.ec2.internal env[20528]: Wazuh v4.8.0 Stopped
May 16 08:49:22 ip-172-31-33-80.ec2.internal systemd[1]: wazuh-manager.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-manager.service has successfully entered the 'dead' state.
May 16 08:49:22 ip-172-31-33-80.ec2.internal systemd[1]: Stopped Wazuh manager.
░░ Subject: A stop job for unit wazuh-manager.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-manager.service has finished.
░░
░░ The job identifier is 3438 and the job result is done.
May 16 08:49:22 ip-172-31-33-80.ec2.internal systemd[1]: wazuh-manager.service: Consumed 1min 56.120s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-manager.service completed and consumed the indicated resources.
May 16 08:49:22 ip-172-31-33-80.ec2.internal systemd[1]: Starting Wazuh manager...
░░ Subject: A start job for unit wazuh-manager.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has begun execution.
░░
░░ The job identifier is 3438.
May 16 08:49:24 ip-172-31-33-80.ec2.internal env[20799]: 2024/05/16 08:49:24 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:49:24 ip-172-31-33-80.ec2.internal env[20799]: 2024/05/16 08:49:24 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:49:25 ip-172-31-33-80.ec2.internal env[20769]: Starting Wazuh v4.8.0...
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-apid...
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-csyslogd...
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-dbd...
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20869]: 2024/05/16 08:49:27 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-integratord...
May 16 08:49:27 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-agentlessd...
May 16 08:49:29 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-authd...
May 16 08:49:30 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-db...
May 16 08:49:31 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-execd...
May 16 08:49:32 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-analysisd...
May 16 08:49:33 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-syscheckd...
May 16 08:49:34 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-remoted...
May 16 08:49:35 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-logcollector...
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-monitord...
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[21087]: 2024/05/16 08:49:36 wazuh-modulesd:router: INFO: Loaded router module.
May 16 08:49:36 ip-172-31-33-80.ec2.internal env[21087]: 2024/05/16 08:49:36 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
May 16 08:49:37 ip-172-31-33-80.ec2.internal env[20769]: Started wazuh-modulesd...
May 16 08:49:39 ip-172-31-33-80.ec2.internal env[20769]: Completed.
May 16 08:49:39 ip-172-31-33-80.ec2.internal systemd[1]: Started Wazuh manager.
░░ Subject: A start job for unit wazuh-manager.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-manager.service has finished successfully.
░░
░░ The job identifier is 3438.

Errors

🟡 Related: #21829

[root@ip-172-31-33-80 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/05/16 08:43:10 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-33-80.ec2.internal', retrying until the connection is successful.
2024/05/16 08:49:37 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-33-80.ec2.internal', retrying until the connection is successful.

Amazon Linux 2 - Offline 🟡

Agent status

[root@ip-172-31-47-84 ec2-user]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 09:19:57 UTC; 1h 27min ago
   CGroup: /system.slice/wazuh-manager.service
           ├─10367 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─10409 /var/ossec/bin/wazuh-authd
           ├─10424 /var/ossec/bin/wazuh-db
           ├─10440 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─10443 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─10446 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─10461 /var/ossec/bin/wazuh-execd
           ├─10476 /var/ossec/bin/wazuh-analysisd
           ├─10489 /var/ossec/bin/wazuh-syscheckd
           ├─10537 /var/ossec/bin/wazuh-remoted
           ├─10572 /var/ossec/bin/wazuh-logcollector
           ├─10592 /var/ossec/bin/wazuh-monitord
           └─10614 /var/ossec/bin/wazuh-modulesd

may 16 09:19:51 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-syscheckd...
may 16 09:19:52 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-remoted...
may 16 09:19:53 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-logcollector...
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-monitord...
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:54 wazuh-modulesd:router: INFO: Loaded router module.
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:54 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 09:19:55 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-modulesd...
may 16 09:19:57 ip-172-31-47-84.ec2.internal crontab[10879]: (root) LIST (root)
may 16 09:19:57 ip-172-31-47-84.ec2.internal env[10308]: Completed.
may 16 09:19:57 ip-172-31-47-84.ec2.internal systemd[1]: Started Wazuh manager.

Service status

[root@ip-172-31-47-84 ec2-user]# journalctl -xe -u wazuh-manager.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 10:47:23 UTC. --
may 16 09:19:41 ip-172-31-47-84.ec2.internal systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
may 16 09:19:43 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:43 wazuh-modulesd:router: INFO: Loaded router module.
may 16 09:19:43 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:43 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 09:19:43 ip-172-31-47-84.ec2.internal env[10308]: Starting Wazuh v4.8.0...
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-apid...
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-csyslogd...
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-dbd...
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:46 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-integratord...
may 16 09:19:46 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-agentlessd...
may 16 09:19:47 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-authd...
may 16 09:19:48 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-db...
may 16 09:19:49 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-execd...
may 16 09:19:50 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-analysisd...
may 16 09:19:51 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-syscheckd...
may 16 09:19:52 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-remoted...
may 16 09:19:53 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-logcollector...
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-monitord...
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:54 wazuh-modulesd:router: INFO: Loaded router module.
may 16 09:19:54 ip-172-31-47-84.ec2.internal env[10308]: 2024/05/16 09:19:54 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
may 16 09:19:55 ip-172-31-47-84.ec2.internal env[10308]: Started wazuh-modulesd...
may 16 09:19:57 ip-172-31-47-84.ec2.internal crontab[10879]: (root) LIST (root)
may 16 09:19:57 ip-172-31-47-84.ec2.internal env[10308]: Completed.
may 16 09:19:57 ip-172-31-47-84.ec2.internal systemd[1]: Started Wazuh manager.
-- Subject: Unit wazuh-manager.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has finished starting up.
--
-- The start-up result is done.

Errors

🟡 Related: #21829

[root@ip-172-31-47-84 ec2-user]# cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2024/05/16 09:19:55 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-47-84.ec2.internal', retrying until the connection is successful.

[CarlosALgit]

Wazuh Dashboard logs

Amazon Linux 2 🟢

Agent status

[root@ip-172-31-40-54 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 08:47:40 UTC; 2h 3min ago
 Main PID: 14005 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─14005 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"mes...Source]"}
may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"mes...sabled."}
may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"mes...sabled."}
may 16 08:47:56 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:56Z","tags":["info","plugins-system"],"pid":14005,"mess...ata,home,
may 16 08:47:56 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:56Z","tags":["info","savedobjects-service"],"pid":14005...ions..."}
may 16 08:47:57 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:57Z","tags":["info","savedobjects-service"],"pid":14005...rations"}
may 16 08:47:57 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:57Z","tags":["info","plugins-system"],"pid":14005,"mess...a,home,ap
may 16 08:47:58 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:58Z","tags":["listening","info"],"pid":14005,"message":...0.0:443"}
may 16 08:47:59 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:59Z","tags":["info","http","server","OpenSearchDashboar...0.0:443"}
may 16 08:48:15 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"response","@timestamp":"2024-05-16T08:48:13Z","tags":[],"pid":14005,"method":"get","statusCode":200,...
Hint: Some lines were ellipsized, use -l to show in full.

Service status

[root@ip-172-31-40-54 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 10:51:17 UTC. --
may 16 08:46:29 ip-172-31-40-54.ec2.internal systemd[1]: Started wazuh-dashboard.
-- Subject: Unit wazuh-dashboard.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-dashboard.service has finished starting up.
--
-- The start-up result is done.
may 16 08:46:39 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:39Z","tags":["info","plugins-service"],"pid":12403,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
may 16 08:46:39 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:39Z","tags":["info","plugins-service"],"pid":12403,"message":"Plugin \"dataSource\" is disabled."}
may 16 08:46:39 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:39Z","tags":["info","plugins-service"],"pid":12403,"message":"Plugin \"visTypeXy\" is disabled."}
may 16 08:46:40 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:40Z","tags":["info","plugins-system"],"pid":12403,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 08:46:42 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:42Z","tags":["info","savedobjects-service"],"pid":12403,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
may 16 08:46:42 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:42Z","tags":["info","savedobjects-service"],"pid":12403,"message":"Starting saved objects migrations"}
may 16 08:46:43 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:43Z","tags":["info","savedobjects-service"],"pid":12403,"message":"Creating index .kibana_1."}
may 16 08:46:43 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:43Z","tags":["info","savedobjects-service"],"pid":12403,"message":"Pointing alias .kibana to .kibana_1."}
may 16 08:46:43 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:43Z","tags":["info","savedobjects-service"],"pid":12403,"message":"Finished in 324ms."}
may 16 08:46:43 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:43Z","tags":["info","plugins-system"],"pid":12403,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 08:46:44 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:44Z","tags":["error","opensearch","data"],"pid":12403,"message":"[ResponseError]: Response Error"}
may 16 08:46:44 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:44Z","tags":["error","opensearch","data"],"pid":12403,"message":"[ResponseError]: Response Error"}
may 16 08:46:44 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:44Z","tags":["listening","info"],"pid":12403,"message":"Server running at https://0.0.0.0:443"}
may 16 08:46:45 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:46:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":12403,"message":"http server running at https://0.0.0.0:443"}
may 16 08:47:40 ip-172-31-40-54.ec2.internal systemd[1]: Stopping wazuh-dashboard...
-- Subject: Unit wazuh-dashboard.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-dashboard.service has begun shutting down.
may 16 08:47:40 ip-172-31-40-54.ec2.internal opensearch-dashboards[12403]: {"type":"log","@timestamp":"2024-05-16T08:47:40Z","tags":["info","plugins-system"],"pid":12403,"message":"Stopping all plugins."}
may 16 08:47:40 ip-172-31-40-54.ec2.internal systemd[1]: Stopped wazuh-dashboard.
-- Subject: Unit wazuh-dashboard.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-dashboard.service has finished shutting down.
may 16 08:47:40 ip-172-31-40-54.ec2.internal systemd[1]: Started wazuh-dashboard.
-- Subject: Unit wazuh-dashboard.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-dashboard.service has finished starting up.
--
-- The start-up result is done.
may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"message":"Plugin \"dataSource\" is disabled."}
may 16 08:47:55 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:55Z","tags":["info","plugins-service"],"pid":14005,"message":"Plugin \"visTypeXy\" is disabled."}
may 16 08:47:56 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:56Z","tags":["info","plugins-system"],"pid":14005,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 08:47:56 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:56Z","tags":["info","savedobjects-service"],"pid":14005,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
may 16 08:47:57 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:57Z","tags":["info","savedobjects-service"],"pid":14005,"message":"Starting saved objects migrations"}
may 16 08:47:57 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:57Z","tags":["info","plugins-system"],"pid":14005,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 08:47:58 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:58Z","tags":["listening","info"],"pid":14005,"message":"Server running at https://0.0.0.0:443"}
may 16 08:47:59 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"log","@timestamp":"2024-05-16T08:47:59Z","tags":["info","http","server","OpenSearchDashboards"],"pid":14005,"message":"http server running at https://0.0.0.0:443"}
may 16 08:48:15 ip-172-31-40-54.ec2.internal opensearch-dashboards[14005]: {"type":"response","@timestamp":"2024-05-16T08:48:13Z","tags":[],"pid":14005,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/8.3.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/8.3.0"},"res":{"statusCode":200,"responseTime":1388,"contentLength":9},"message":"GET /status 200 1388ms - 9.0B"}

Errors

[root@ip-172-31-40-54 ec2-user]# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
[root@ip-172-31-40-54 ec2-user]#

Ubuntu 22 🟢

Agent status

root@ip-172-31-47-61:/home/ubuntu# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-05-16 08:46:19 UTC; 2h 9min ago
   Main PID: 53840 (node)
      Tasks: 11 (limit: 9425)
     Memory: 186.2M
        CPU: 23.633s
     CGroup: /system.slice/wazuh-dashboard.service
             └─53840 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

May 16 08:46:34 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:34Z","tags":["info","plugins-system"],"pid":53840,"message":"Setting up [48] pl>
May 16 08:46:35 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:35Z","tags":["info","savedobjects-service"],"pid":53840,"message":"Waiting unti>
May 16 08:46:36 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:36Z","tags":["info","savedobjects-service"],"pid":53840,"message":"Starting sav>
May 16 08:46:36 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:36Z","tags":["info","plugins-system"],"pid":53840,"message":"Starting [48] plug>
May 16 08:46:37 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:37Z","tags":["listening","info"],"pid":53840,"message":"Server running at https>
May 16 08:46:37 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:37Z","tags":["info","http","server","OpenSearchDashboards"],"pid":53840,"messag>
May 16 08:46:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T08:46:38Z","tags":[],"pid":53840,"method":"get","statusCode":200,"req":{"url":"/>
May 16 10:19:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:19:40Z","tags":[],"pid":53840,"method":"get","statusCode":302,"req":{"url":"/>
May 16 10:19:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:19:40Z","tags":[],"pid":53840,"method":"get","statusCode":200,"req":{"url":"/>
May 16 10:36:13 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:36:13Z","tags":[],"pid":53840,"method":"get","statusCode":302,"req":{"url":"/>

Service status

root@ip-172-31-47-61:/home/ubuntu# journalctl -xe -u wazuh-dashboard.service --no-pager
May 16 08:45:19 ip-172-31-47-61 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 2404.
May 16 08:45:34 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:34Z","tags":["info","plugins-service"],"pid":51964,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
May 16 08:45:34 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:34Z","tags":["info","plugins-service"],"pid":51964,"message":"Plugin \"dataSource\" is disabled."}
May 16 08:45:34 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:34Z","tags":["info","plugins-service"],"pid":51964,"message":"Plugin \"visTypeXy\" is disabled."}
May 16 08:45:35 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:35Z","tags":["info","plugins-system"],"pid":51964,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:45:37 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:37Z","tags":["info","savedobjects-service"],"pid":51964,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 16 08:45:38 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:38Z","tags":["info","savedobjects-service"],"pid":51964,"message":"Starting saved objects migrations"}
May 16 08:45:38 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:38Z","tags":["info","savedobjects-service"],"pid":51964,"message":"Creating index .kibana_1."}
May 16 08:45:39 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:39Z","tags":["info","savedobjects-service"],"pid":51964,"message":"Pointing alias .kibana to .kibana_1."}
May 16 08:45:39 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:39Z","tags":["info","savedobjects-service"],"pid":51964,"message":"Finished in 698ms."}
May 16 08:45:39 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:39Z","tags":["info","plugins-system"],"pid":51964,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:45:40 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:40Z","tags":["error","opensearch","data"],"pid":51964,"message":"[ResponseError]: Response Error"}
May 16 08:45:40 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:40Z","tags":["error","opensearch","data"],"pid":51964,"message":"[ResponseError]: Response Error"}
May 16 08:45:41 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:41Z","tags":["listening","info"],"pid":51964,"message":"Server running at https://0.0.0.0:443"}
May 16 08:45:42 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:45:42Z","tags":["info","http","server","OpenSearchDashboards"],"pid":51964,"message":"http server running at https://0.0.0.0:443"}
May 16 08:46:18 ip-172-31-47-61 systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 2665.
May 16 08:46:18 ip-172-31-47-61 opensearch-dashboards[51964]: {"type":"log","@timestamp":"2024-05-16T08:46:18Z","tags":["info","plugins-system"],"pid":51964,"message":"Stopping all plugins."}
May 16 08:46:19 ip-172-31-47-61 systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
May 16 08:46:19 ip-172-31-47-61 systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 2665 and the job result is done.
May 16 08:46:19 ip-172-31-47-61 systemd[1]: wazuh-dashboard.service: Consumed 11.349s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
May 16 08:46:19 ip-172-31-47-61 systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 2665.
May 16 08:46:34 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:34Z","tags":["info","plugins-service"],"pid":53840,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
May 16 08:46:34 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:34Z","tags":["info","plugins-service"],"pid":53840,"message":"Plugin \"dataSource\" is disabled."}
May 16 08:46:34 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:34Z","tags":["info","plugins-service"],"pid":53840,"message":"Plugin \"visTypeXy\" is disabled."}
May 16 08:46:34 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:34Z","tags":["info","plugins-system"],"pid":53840,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:46:35 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:35Z","tags":["info","savedobjects-service"],"pid":53840,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 16 08:46:36 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:36Z","tags":["info","savedobjects-service"],"pid":53840,"message":"Starting saved objects migrations"}
May 16 08:46:36 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:36Z","tags":["info","plugins-system"],"pid":53840,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:46:37 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:37Z","tags":["listening","info"],"pid":53840,"message":"Server running at https://0.0.0.0:443"}
May 16 08:46:37 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"log","@timestamp":"2024-05-16T08:46:37Z","tags":["info","http","server","OpenSearchDashboards"],"pid":53840,"message":"http server running at https://0.0.0.0:443"}
May 16 08:46:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T08:46:38Z","tags":[],"pid":53840,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.81.0","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.81.0"},"res":{"statusCode":200,"responseTime":1139,"contentLength":9},"message":"GET /status 200 1139ms - 9.0B"}
May 16 10:19:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:19:40Z","tags":[],"pid":53840,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"107.23.248.49","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"185.180.140.5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"},"res":{"statusCode":302,"responseTime":12,"contentLength":9},"message":"GET / 302 12ms - 9.0B"}
May 16 10:19:40 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:19:40Z","tags":[],"pid":53840,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"107.23.248.49","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","accept":"*/*","referer":"https://107.23.248.49/","accept-encoding":"gzip"},"remoteAddress":"185.180.140.5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","referer":"https://107.23.248.49/"},"res":{"statusCode":200,"responseTime":31,"contentLength":9},"message":"GET /app/login 200 31ms - 9.0B"}
May 16 10:36:13 ip-172-31-47-61 opensearch-dashboards[53840]: {"type":"response","@timestamp":"2024-05-16T10:36:13Z","tags":[],"pid":53840,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"107.23.248.49","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"45.79.128.205","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"},"res":{"statusCode":302,"responseTime":3,"contentLength":9},"message":"GET / 302 3ms - 9.0B"}

Errors

root@ip-172-31-47-61:/home/ubuntu# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
root@ip-172-31-47-61:/home/ubuntu#

RHEL 9 🟡

Agent status

[root@ip-172-31-33-80 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-05-16 08:49:42 UTC; 2h 11min ago
   Main PID: 21601 (node)
      Tasks: 11 (limit: 48194)
     Memory: 189.5M
        CPU: 23.386s
     CGroup: /system.slice/wazuh-dashboard.service
             └─21601 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

May 16 09:32:53 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:32:53Z","tags":[],"pid":21601,"method":"get","statusCode":200,"r>
May 16 09:34:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:34:36Z","tags":[],"pid":21601,"method":"get","statusCode":302,"r>
May 16 09:34:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:34:36Z","tags":[],"pid":21601,"method":"get","statusCode":200,"r>
May 16 09:58:31 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:58:31Z","tags":[],"pid":21601,"method":"get","statusCode":401,"r>
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":>
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":>
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":>
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":>
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":>
May 16 10:06:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:36Z","tags":["connection","client","error"],"pid":21601,"level":>
[root@ip-172-31-33-80 ec2-user]#

Service status

[root@ip-172-31-33-80 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
May 16 08:48:39 ip-172-31-33-80.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 3262.
May 16 08:48:55 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:55Z","tags":["info","plugins-service"],"pid":19957,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
May 16 08:48:55 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:55Z","tags":["info","plugins-service"],"pid":19957,"message":"Plugin \"dataSource\" is disabled."}
May 16 08:48:55 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:55Z","tags":["info","plugins-service"],"pid":19957,"message":"Plugin \"visTypeXy\" is disabled."}
May 16 08:48:56 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:56Z","tags":["info","plugins-system"],"pid":19957,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:48:58 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:58Z","tags":["info","savedobjects-service"],"pid":19957,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 16 08:48:59 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:59Z","tags":["info","savedobjects-service"],"pid":19957,"message":"Starting saved objects migrations"}
May 16 08:48:59 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:59Z","tags":["info","savedobjects-service"],"pid":19957,"message":"Creating index .kibana_1."}
May 16 08:48:59 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:48:59Z","tags":["info","savedobjects-service"],"pid":19957,"message":"Pointing alias .kibana to .kibana_1."}
May 16 08:49:00 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:00Z","tags":["info","savedobjects-service"],"pid":19957,"message":"Finished in 653ms."}
May 16 08:49:00 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:00Z","tags":["info","plugins-system"],"pid":19957,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:49:01 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:01Z","tags":["error","opensearch","data"],"pid":19957,"message":"[ResponseError]: Response Error"}
May 16 08:49:01 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:01Z","tags":["error","opensearch","data"],"pid":19957,"message":"[ResponseError]: Response Error"}
May 16 08:49:02 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:02Z","tags":["listening","info"],"pid":19957,"message":"Server running at https://0.0.0.0:443"}
May 16 08:49:02 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:02Z","tags":["info","http","server","OpenSearchDashboards"],"pid":19957,"message":"http server running at https://0.0.0.0:443"}
May 16 08:49:41 ip-172-31-33-80.ec2.internal opensearch-dashboards[19957]: {"type":"log","@timestamp":"2024-05-16T08:49:41Z","tags":["info","plugins-system"],"pid":19957,"message":"Stopping all plugins."}
May 16 08:49:41 ip-172-31-33-80.ec2.internal systemd[1]: Stopping wazuh-dashboard...
░░ Subject: A stop job for unit wazuh-dashboard.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has begun execution.
░░
░░ The job identifier is 3529.
May 16 08:49:42 ip-172-31-33-80.ec2.internal systemd[1]: wazuh-dashboard.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-dashboard.service has successfully entered the 'dead' state.
May 16 08:49:42 ip-172-31-33-80.ec2.internal systemd[1]: Stopped wazuh-dashboard.
░░ Subject: A stop job for unit wazuh-dashboard.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit wazuh-dashboard.service has finished.
░░
░░ The job identifier is 3529 and the job result is done.
May 16 08:49:42 ip-172-31-33-80.ec2.internal systemd[1]: wazuh-dashboard.service: Consumed 11.859s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit wazuh-dashboard.service completed and consumed the indicated resources.
May 16 08:49:42 ip-172-31-33-80.ec2.internal systemd[1]: Started wazuh-dashboard.
░░ Subject: A start job for unit wazuh-dashboard.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit wazuh-dashboard.service has finished successfully.
░░
░░ The job identifier is 3529.
May 16 08:49:57 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:57Z","tags":["info","plugins-service"],"pid":21601,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
May 16 08:49:57 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:57Z","tags":["info","plugins-service"],"pid":21601,"message":"Plugin \"dataSource\" is disabled."}
May 16 08:49:57 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:57Z","tags":["info","plugins-service"],"pid":21601,"message":"Plugin \"visTypeXy\" is disabled."}
May 16 08:49:57 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:57Z","tags":["info","plugins-system"],"pid":21601,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:49:58 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:58Z","tags":["info","savedobjects-service"],"pid":21601,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 16 08:49:59 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:59Z","tags":["info","savedobjects-service"],"pid":21601,"message":"Starting saved objects migrations"}
May 16 08:49:59 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:49:59Z","tags":["info","plugins-system"],"pid":21601,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 16 08:50:00 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:50:00Z","tags":["listening","info"],"pid":21601,"message":"Server running at https://0.0.0.0:443"}
May 16 08:50:00 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"log","@timestamp":"2024-05-16T08:50:00Z","tags":["info","http","server","OpenSearchDashboards"],"pid":21601,"message":"http server running at https://0.0.0.0:443"}
May 16 08:50:02 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T08:50:01Z","tags":[],"pid":21601,"method":"get","statusCode":200,"req":{"url":"/status","method":"get","headers":{"host":"localhost","user-agent":"curl/7.76.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.76.1"},"res":{"statusCode":200,"responseTime":1492,"contentLength":9},"message":"GET /status 200 1492ms - 9.0B"}
May 16 08:55:47 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T08:55:47Z","tags":[],"pid":21601,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.242.14.139","user-agent":"python-requests/2.31.0","accept-encoding":"gzip, deflate","accept":"*/*","connection":"keep-alive","x-datadog-trace-id":"14690715531914864284","x-datadog-parent-id":"4415846736973539950","x-datadog-sampling-priority":"1"},"remoteAddress":"34.22.208.68","userAgent":"python-requests/2.31.0"},"res":{"statusCode":302,"responseTime":6,"contentLength":9},"message":"GET / 302 6ms - 9.0B"}
May 16 09:25:34 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:25:34Z","tags":[],"pid":21601,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.242.14.139","user-agent":"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/9.1.0.0 Safari/540.0","accept-charset":"utf-8","accept-encoding":"gzip","connection":"close"},"remoteAddress":"54.189.182.92","userAgent":"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/9.1.0.0 Safari/540.0"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
May 16 09:29:20 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T09:29:20Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"C007CA83A47F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:\n"}
May 16 09:29:20 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T09:29:20Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
May 16 09:29:20 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T09:29:20Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_VERSION_TOO_LOW"},"message":"C007CA83A47F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
May 16 09:29:20 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T09:29:20Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"C007CA83A47F0000:error:0A000102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1677:\n"}
May 16 09:29:20 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T09:29:20Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n","code":"ERR_SSL_UNKNOWN_PROTOCOL"},"message":"C007CA83A47F0000:error:0A0000FC:SSL routines:tls_early_post_process_client_hello:unknown protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1653:\n"}
May 16 09:32:53 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:32:53Z","tags":[],"pid":21601,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.242.14.139:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"198.235.24.16","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
May 16 09:32:53 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:32:53Z","tags":[],"pid":21601,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.242.14.139:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"198.235.24.16","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /app/login 200 21ms - 9.0B"}
May 16 09:34:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:34:36Z","tags":[],"pid":21601,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"54.242.14.139:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"162.216.150.251","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
May 16 09:34:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:34:36Z","tags":[],"pid":21601,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"54.242.14.139:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"162.216.150.251","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":200,"responseTime":12,"contentLength":9},"message":"GET /app/login 200 12ms - 9.0B"}
May 16 09:58:31 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"response","@timestamp":"2024-05-16T09:58:31Z","tags":[],"pid":21601,"method":"get","statusCode":401,"req":{"url":"/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application","method":"get","headers":{"host":"54.242.14.139","user-agent":"Mozilla/5.0 zgrab/0.x","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"172.212.73.231","userAgent":"Mozilla/5.0 zgrab/0.x"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 401 5ms - 9.0B"}
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}
May 16 10:06:28 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:28Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}
May 16 10:06:36 ip-172-31-33-80.ec2.internal opensearch-dashboards[21601]: {"type":"error","@timestamp":"2024-05-16T10:06:36Z","tags":["connection","client","error"],"pid":21601,"level":"error","error":{"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","name":"Error","stack":"Error: C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n","code":"ERR_SSL_WRONG_VERSION_NUMBER"},"message":"C007CA83A47F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:355:\n"}

Errors

🟡 Related: wazuh/wazuh-dashboard-plugins#6312

[root@ip-172-31-33-80 ec2-user]# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
{"date":"2024-05-16T08:49:03.024Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED ::1:55000"}
{"date":"2024-05-16T08:50:00.263Z","level":"error","location":"monitoring:getApiInfo","message":"connect ECONNREFUSED ::1:55000"}

Amazon Linux 2 - Offline 🟢

Agent status

[root@ip-172-31-47-84 ec2-user]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since jue 2024-05-16 09:26:52 UTC; 1h 37min ago
 Main PID: 9041 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─9041 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

may 16 09:36:37 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:37Z","tags":[],"pid":9041,"method":"get","statusCod...":"close"
may 16 09:36:37 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:37Z","tags":[],"pid":9041,"method":"get","statusCod...ccept":"*
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCod...easuremen
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCod...easuremen
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCod...t-measure
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCod...ment.com/
may 16 09:37:44 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:37:44Z","tags":["connection","client","error"],"pid":9041...n","name"
may 16 09:39:23 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:39:23Z","tags":["connection","client","error"],"pid":9041...r.c:1686:
may 16 09:41:03 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:41:03Z","tags":["connection","client","error"],"pid":9041...1781:\n",
may 16 09:41:36 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:41:36Z","tags":["connection","client","error"],"pid":9041...ame":"Err
Hint: Some lines were ellipsized, use -l to show in full.

Service status

[root@ip-172-31-47-84 ec2-user]# journalctl -xe -u wazuh-dashboard.service --no-pager
-- Logs begin at jue 2024-05-16 08:06:07 UTC, end at jue 2024-05-16 11:05:46 UTC. --
may 16 09:26:52 ip-172-31-47-84.ec2.internal systemd[1]: Started wazuh-dashboard.
-- Subject: Unit wazuh-dashboard.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-dashboard.service has finished starting up.
--
-- The start-up result is done.
may 16 09:26:59 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:26:59Z","tags":["info","plugins-service"],"pid":9041,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
may 16 09:26:59 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:26:59Z","tags":["info","plugins-service"],"pid":9041,"message":"Plugin \"dataSource\" is disabled."}
may 16 09:26:59 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:26:59Z","tags":["info","plugins-service"],"pid":9041,"message":"Plugin \"visTypeXy\" is disabled."}
may 16 09:27:00 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:00Z","tags":["info","plugins-system"],"pid":9041,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 09:27:00 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:00Z","tags":["info","savedobjects-service"],"pid":9041,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
may 16 09:27:01 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:01Z","tags":["info","savedobjects-service"],"pid":9041,"message":"Starting saved objects migrations"}
may 16 09:27:01 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:01Z","tags":["info","savedobjects-service"],"pid":9041,"message":"Creating index .kibana_1."}
may 16 09:27:01 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:01Z","tags":["info","savedobjects-service"],"pid":9041,"message":"Pointing alias .kibana to .kibana_1."}
may 16 09:27:01 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:01Z","tags":["info","savedobjects-service"],"pid":9041,"message":"Finished in 254ms."}
may 16 09:27:01 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:01Z","tags":["info","plugins-system"],"pid":9041,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
may 16 09:27:02 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:02Z","tags":["error","opensearch","data"],"pid":9041,"message":"[ResponseError]: Response Error"}
may 16 09:27:02 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:02Z","tags":["error","opensearch","data"],"pid":9041,"message":"[ResponseError]: Response Error"}
may 16 09:27:03 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:03Z","tags":["listening","info"],"pid":9041,"message":"Server running at https://0.0.0.0:443"}
may 16 09:27:03 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"log","@timestamp":"2024-05-16T09:27:03Z","tags":["info","http","server","OpenSearchDashboards"],"pid":9041,"message":"http server running at https://0.0.0.0:443"}
may 16 09:34:55 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:34:55Z","tags":[],"pid":9041,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"3.80.178.84:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"162.216.150.251","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":302,"responseTime":15,"contentLength":9},"message":"GET / 302 15ms - 9.0B"}
may 16 09:34:55 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:34:55Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"3.80.178.84:443","user-agent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"remoteAddress":"162.216.150.251","userAgent":"Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"},"res":{"statusCode":200,"responseTime":78,"contentLength":9},"message":"GET /app/login 200 78ms - 9.0B"}
may 16 09:36:37 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:37Z","tags":[],"pid":9041,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.122","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
may 16 09:36:37 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:37Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/app/login","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","accept":"*/*","referer":"https://3.80.178.84","accept-encoding":"gzip","connection":"close"},"remoteAddress":"87.236.176.122","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","referer":"https://3.80.178.84"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /app/login 200 20ms - 9.0B"}
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.4","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 200 21ms - 9.0B"}
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.108","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 18ms - 9.0B"}
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.56","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 15ms - 9.0B"}
may 16 09:36:38 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"response","@timestamp":"2024-05-16T09:36:38Z","tags":[],"pid":9041,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon.ico","method":"get","headers":{"host":"3.80.178.84","user-agent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)","connection":"close","accept":"*/*","accept-encoding":"gzip"},"remoteAddress":"87.236.176.205","userAgent":"Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /ui/favicons/favicon.ico 200 18ms - 9.0B"}
may 16 09:37:44 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:37:44Z","tags":["connection","client","error"],"pid":9041,"level":"error","error":{"message":"140305681389440:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2285:\n","name":"Error","stack":"Error: 140305681389440:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2285:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"140305681389440:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2285:\n"}
may 16 09:39:23 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:39:23Z","tags":["connection","client","error"],"pid":9041,"level":"error","error":{"message":"140305681389440:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:\n","name":"Error","stack":"Error: 140305681389440:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:\n","code":"ERR_SSL_UNSUPPORTED_PROTOCOL"},"message":"140305681389440:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:\n"}
may 16 09:41:03 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:41:03Z","tags":["connection","client","error"],"pid":9041,"level":"error","error":{"message":"140305681389440:error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1781:\n","name":"Error","stack":"Error: 140305681389440:error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1781:\n","code":"ERR_SSL_NO_SHARED_CIPHER"},"message":"140305681389440:error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1781:\n"}
may 16 09:41:36 ip-172-31-47-84.ec2.internal opensearch-dashboards[9041]: {"type":"error","@timestamp":"2024-05-16T09:41:36Z","tags":["connection","client","error"],"pid":9041,"level":"error","error":{"message":"140305681389440:error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:698:\n","name":"Error","stack":"Error: 140305681389440:error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:698:\n","code":"ERR_SSL_BAD_KEY_SHARE"},"message":"140305681389440:error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share:../deps/openssl/openssl/ssl/statem/extensions_srvr.c:698:\n"}

Errors

[root@ip-172-31-47-84 ec2-user]# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
[root@ip-172-31-47-84 ec2-user]#

[CarlosALgit]

Additional tests

Accessing Wazuh web interface

Amazon Linux 2 🟢

Ubuntu 22 🟢

RHEL 9 🟢

Amazon Linux 2 - Offline 🟢

[teddytpc1]

@CarlosALgit, the following error should be associated with #167:
Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)

[CarlosALgit]

Comments and description updated to include wazuh/wazuh-indexer#167

[juliamagan]

LGTM