Added certificate verification for wazuh-engine indexer connector #27268
+23
−5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
juliancnn
force-pushed
the
27174-engine-implement-SSL-verify-iconnector
branch
2 times, most recently
from
e881afa to
5878ab7
Compare
Coverage reportsThe coverage report can be downloaded from here
🔴 Some modules have failed the coverage check |
juliancnn
force-pushed
the
27174-engine-implement-SSL-verify-iconnector
branch
from
5878ab7 to
1606d83
Compare
Coverage reportsThe coverage report can be downloaded from here
🔴 Some modules have failed the coverage check |
JavierBejMen
approved these changes
Dec 17, 2024
There was a problem hiding this comment.
Ubuntu package test
Install
sudo apt install ./wazuh-server_5.0.0-0_amd64_1606d83.deb
[sudo] password for test:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-server' instead of './wazuh-server_5.0.0-0_amd64_1606d83.deb'
Suggested packages:
expect
The following NEW packages will be installed:
wazuh-server
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/289 MB of archives.
After this operation, 543 MB of additional disk space will be used.
Get:1 /home/test/wazuh-server_5.0.0-0_amd64_1606d83.deb wazuh-server amd64 5.0.0-0 [289 MB]
Selecting previously unselected package wazuh-server.
(Reading database ... 40788 files and directories currently installed.)
Preparing to unpack .../wazuh-server_5.0.0-0_amd64_1606d83.deb ...
Unpacking wazuh-server (5.0.0-0) ...
Setting up wazuh-server (5.0.0-0) ...
Processing triggers for libc-bin (2.39-0ubuntu8.3) ...
N: Download is performed unsandboxed as root as file '/home/test/wazuh-server_5.0.0-0_amd64_1606d83.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Engine
root@WazPc:/home/test# export WAZUH_CONFIG_SKIP_API=true
root@WazPc:/home/test# /usr/share/wazuh-server/bin/wazuh-engine server start
2024-12-17 10:11:19.244 494:494 info: Logging initialized.
2024-12-17 10:11:19.245 494:494 info: Skipping configuration from API.
2024-12-17 10:11:19.263 494:494 info: Store initialized.
2024-12-17 10:11:19.264 494:494 info: RBAC initialized.
2024-12-17 10:11:19.266 494:494 info: MetricsManager: Created new scope: (KVDB)
2024-12-17 10:11:19.318 494:494 info: KVDB initialized.
2024-12-17 10:11:19.318 494:494 info: Geo initialized.
2024-12-17 10:11:19.332 494:494 info: Schema initialized.
2024-12-17 10:11:19.347 494:494 info: Loaded timezone database version: '2024a'
2024-12-17 10:11:19.353 494:494 info: HLP initialized.
2024-12-17 10:11:19.378 494:494 info: Indexer Connector initialized.
2024-12-17 10:11:19.380 494:494 info: Builder initialized.
2024-12-17 10:11:19.380 494:494 info: Catalog initialized.
2024-12-17 10:11:19.380 494:494 info: Policy manager initialized.
2024-12-17 10:11:19.380 494:494 info: MetricsManager: Created new scope: (EventQueue)
2024-12-17 10:11:19.380 494:494 info: MetricsManager: Created new scope: (EventQueueDelta)
2024-12-17 10:11:19.384 494:494 info: No flooding file provided, the queue will not be flooded.
2024-12-17 10:11:19.385 494:494 info: MetricsManager: Created new scope: (TestQueue)
2024-12-17 10:11:19.385 494:494 info: MetricsManager: Created new scope: (TestQueueDelta)
2024-12-17 10:11:19.391 494:494 info: No flooding file provided, the queue will not be flooded.
2024-12-17 10:11:19.393 494:494 warning: Router: router/tester/0 table is empty
2024-12-17 10:11:19.497 494:494 info: Router initialized.
2024-12-17 10:11:19.515 494:494 error: Error opening the database: Couldn't find column family: 'vendor_map', trying to re-download the feed.
2024-12-17 10:11:19.515 494:494 info: MetricsManager: Created new scope: (endpointAPI)
2024-12-17 10:11:19.515 494:494 info: MetricsManager: Created new scope: (endpointAPIRate)
2024-12-17 10:11:19.517 494:494 error: [Endpoint: /run/wazuh-server/engine-api.socket] Error on socket: EINVAL (invalid argument)
2024-12-17 10:11:19.518 494:494 info: Starting the server...
2024-12-17 10:11:19.518 494:494 info: bind::<lambda>handleCloseEvent
Using verify certificates on false
Conf
server:
nodes:
- master
node:
name: server_01
type: master
ssl:
key: /etc/wazuh-server/certs/server.key
cert: /etc/wazuh-server/certs/server.crt
ca: /etc/wazuh-server/certs/server.ca
indexer:
hosts:
- host: localhost
port: 9200
username: admin
password: admin
ssl:
verify_certificates: false
use_ssl: true
#key: /etc/wazuh-indexer/certs/indexer-key.pem
#certificate: /etc/wazuh-indexer/certs/indexer.pem
#certificate_authorities:
# - /etc/wazuh-indexer/certs/root-ca.pem
communications_api:
host: "0.0.0.0"
management_api:
host:
- "0.0.0.0"
- "::"
engine:
logging:
level: debug
Sending event, it should fail because the event cannot be parsed (meaning conexion with indexer is correct)
root@WazPc:/home/server# systemctl start wazuh-server
root@WazPc:/home/server# systemctl status wazuh-server
● wazuh-server.service - Wazuh server
Loaded: loaded (/lib/systemd/system/wazuh-server.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 14:59:20 CET; 6s ago
Main PID: 12963 (wazuh-server)
Tasks: 69 (limit: 9331)
Memory: 358.0M
CGroup: /system.slice/wazuh-server.service
├─12963 /bin/sh /usr/share/wazuh-server/bin/wazuh-server start -r
├─12968 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─12970 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─12971 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─12974 /usr/share/wazuh-server/bin/wazuh-engine server -l info start
├─13423 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13431 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13448 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13449 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13451 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13466 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13467 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13468 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─13469 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
└─13477 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/api/scripts/wazuh_apid.py -r
Dec 18 14:59:25 WazPc env[13468]: 2024/12/18 14:59:25 INFO: [Communications API] Booting worker with pid: 13468
Dec 18 14:59:25 WazPc env[13468]: 2024/12/18 14:59:25 INFO: [Communications API] Started server process [13468]
Dec 18 14:59:25 WazPc env[13468]: 2024/12/18 14:59:25 INFO: [Communications API] Waiting for application startup.
Dec 18 14:59:25 WazPc env[13468]: 2024/12/18 14:59:25 INFO: [Communications API] Application startup complete.
Dec 18 14:59:25 WazPc env[13469]: 2024/12/18 14:59:25 INFO: [Communications API] Booting worker with pid: 13469
Dec 18 14:59:25 WazPc env[13469]: 2024/12/18 14:59:25 INFO: [Communications API] Started server process [13469]
Dec 18 14:59:25 WazPc env[13469]: 2024/12/18 14:59:25 INFO: [Communications API] Waiting for application startup.
Dec 18 14:59:25 WazPc env[13469]: 2024/12/18 14:59:25 INFO: [Communications API] Application startup complete.
Dec 18 14:59:26 WazPc env[12968]: 2024/12/18 14:59:26 INFO: [Local Server] [Main] Started wazuh-comms-apid (pid: 13423)
Dec 18 14:59:26 WazPc env[12968]: 2024/12/18 14:59:26 INFO: [Local Server] [Main] Starting wazuh-apid
root@WazPc:/home/server# journalctl -f -xeu wazuh-server | grep indexerConnector
Dec 18 14:59:54 WazPc env[12974]: 2024-12-18 14:59:54.818 12974:13359 indexerConnector.cpp:243 at operator()::<lambda>handleSuccessfulPostResponse(): debug: Response: {"took":883,"errors":true,"items":[{"index":{"_index":"wazuh-alerts-5x","_id":"bkIR2pMBLQwIj9yAZ55O","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":2,"_primary_term":1,"status":201}},{"index":{"_index":"wazuh-alerts-5x","_id":"b0IR2pMBLQwIj9yAZ55O","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [event.ingested] of type [date] in document with id 'b0IR2pMBLQwIj9yAZ55O'. Preview of field's value: 'string'","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [string] with format [strict_date_optional_time||epoch_millis]","caused_by":{"type":"date_time_parse_exception","reason":"Failed to parse with all enclosed parsers"}}}}},{"index":{"_index":"wazuh-alerts-5x","_id":"cEIR2pMBLQwIj9yAZ55O","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [event.ingested] of type [date] in document with id 'cEIR2pMBLQwIj9yAZ55O'. Preview of field's value: 'string'","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [string] with format [strict_date_optional_time||epoch_millis]","caused_by":{"type":"date_time_parse_exception","reason":"Failed to parse with all enclosed parsers"}}}}}]}
Using verify certificates on true with incorrect certificates (default ones)
Conf
server:
nodes:
- master
node:
name: server_01
type: master
ssl:
key: /etc/wazuh-server/certs/server.key
cert: /etc/wazuh-server/certs/server.crt
ca: /etc/wazuh-server/certs/server.ca
indexer:
hosts:
- host: localhost
port: 9200
username: admin
password: admin
ssl:
verify_certificates: true
use_ssl: true
#key: /etc/wazuh-indexer/certs/indexer-key.pem
#certificate: /etc/wazuh-indexer/certs/indexer.pem
#certificate_authorities:
# - /etc/wazuh-indexer/certs/root-ca.pem
communications_api:
host: "0.0.0.0"
management_api:
host:
- "0.0.0.0"
- "::"
engine:
logging:
level: debug
Sending event, server should not be available
root@WazPc:/home/server# systemctl start wazuh-server
root@WazPc:/home/server# systemctl status wazuh-server
● wazuh-server.service - Wazuh server
Loaded: loaded (/lib/systemd/system/wazuh-server.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 15:06:07 CET; 2s ago
Main PID: 16478 (wazuh-server)
Tasks: 52 (limit: 9331)
Memory: 171.8M
CGroup: /system.slice/wazuh-server.service
├─16478 /bin/sh /usr/share/wazuh-server/bin/wazuh-server start -r
├─16483 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─16485 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─16486 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
└─16489 /usr/share/wazuh-server/bin/wazuh-engine server -l info start
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/thread_pool_>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 engineServer.cpp:37 at changeUVTreadPoolWorkerSize(): debug: Thread pool worker si>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 metricsManager.cpp:59 at getMetricsScope(): info: MetricsManager: Created new scop>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 metricsManager.cpp:59 at getMetricsScope(): info: MetricsManager: Created new scop>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/api_timeout'>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/api_queue_si>
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.545 16489:16489 conf.hpp:165 at get(): debug: Using configuration key '/engine/server/api_socket' >
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.546 16489:16489 engineServer.cpp:112 at addEndpoint(): debug: Adding endpoint API
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.546 16489:16489 conf.hpp:165 at get(): debug: Using configuration key '/engine/api_server/socket' >
Dec 18 15:06:09 WazPc env[16489]: 2024-12-18 15:06:09.547 16489:16489 engineServer.cpp:78 at start(): info: Starting the server...
root@WazPc:/home/server# journalctl -f -xeu wazuh-server | grep threadEventDispatcher
Dec 18 15:06:20 WazPc env[16489]: 2024-12-18 15:06:20.474 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:25 WazPc env[16489]: 2024-12-18 15:06:25.475 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:30 WazPc env[16489]: 2024-12-18 15:06:30.475 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:35 WazPc env[16489]: 2024-12-18 15:06:35.476 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:40 WazPc env[16489]: 2024-12-18 15:06:40.476 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:45 WazPc env[16489]: 2024-12-18 15:06:45.477 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:50 WazPc env[16489]: 2024-12-18 15:06:50.477 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:06:56 WazPc env[16489]: 2024-12-18 15:06:56.576 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:07:01 WazPc env[16489]: 2024-12-18 15:07:01.577 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 15:07:06 WazPc env[16489]: 2024-12-18 15:07:06.577 16489:16874 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
NahuFigueroa97
approved these changes
Dec 17, 2024
There was a problem hiding this comment.
LGTM!
root@test:/home/vagrant# dpkg -i wazuh-server_5.0.0-0_amd64_1606d83.deb
Selecting previously unselected package wazuh-server.
(Reading database ... 76373 files and directories currently installed.)
Preparing to unpack wazuh-server_5.0.0-0_amd64_1606d83.deb ...
Unpacking wazuh-server (5.0.0-0) ...
Setting up wazuh-server (5.0.0-0) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
root@test:/home/vagrant# WAZUH_CONFIG_SKIP_API=true /usr/share/wazuh-server/bin/wazuh-engine -r
2024-12-17 14:10:34.058 6559:6559 info: Logging initialized.
2024-12-17 14:10:34.059 6559:6559 info: Skipping configuration from API.
2024-12-17 14:10:34.077 6559:6559 info: Store initialized.
2024-12-17 14:10:34.078 6559:6559 info: RBAC initialized.
2024-12-17 14:10:34.079 6559:6559 info: MetricsManager: Created new scope: (KVDB)
2024-12-17 14:10:34.307 6559:6559 info: KVDB initialized.
2024-12-17 14:10:34.307 6559:6559 info: Geo initialized.
2024-12-17 14:10:34.350 6559:6559 info: Schema initialized.
2024-12-17 14:10:34.378 6559:6559 info: Loaded timezone database version: '2024a'
2024-12-17 14:10:34.385 6559:6559 info: HLP initialized.
2024-12-17 14:10:34.416 6559:6559 info: Indexer Connector initialized.
2024-12-17 14:10:34.416 6559:6559 info: Builder initialized.
2024-12-17 14:10:34.416 6559:6559 info: Catalog initialized.
2024-12-17 14:10:34.416 6559:6559 info: Policy manager initialized.
2024-12-17 14:10:34.416 6559:6559 info: MetricsManager: Created new scope: (EventQueue)
2024-12-17 14:10:34.416 6559:6559 info: MetricsManager: Created new scope: (EventQueueDelta)
2024-12-17 14:10:34.418 6559:6559 info: No flooding file provided, the queue will not be flooded.
2024-12-17 14:10:34.419 6559:6559 info: MetricsManager: Created new scope: (TestQueue)
2024-12-17 14:10:34.419 6559:6559 info: MetricsManager: Created new scope: (TestQueueDelta)
2024-12-17 14:10:34.428 6559:6559 info: No flooding file provided, the queue will not be flooded.
2024-12-17 14:10:34.429 6559:6559 warning: Router: router/tester/0 table is empty
2024-12-17 14:10:34.595 6559:6559 info: Router initialized.
2024-12-17 14:10:34.620 6559:6559 error: Error opening the database: Couldn't find column family: 'vendor_map', trying to re-download the feed.
2024-12-17 14:10:34.620 6559:6559 info: MetricsManager: Created new scope: (endpointAPI)
2024-12-17 14:10:34.620 6559:6559 info: MetricsManager: Created new scope: (endpointAPIRate)
2024-12-17 14:10:34.623 6559:6559 info: Starting the server...
JavierBejMen
approved these changes
Dec 18, 2024
TestCertificates on falseConfiguration: Server status: # systemctl status wazuh-server
● wazuh-server.service - Wazuh server
Loaded: loaded (/lib/systemd/system/wazuh-server.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 17:16:10 CET; 5s ago
Main PID: 15235 (wazuh-server)
Tasks: 72 (limit: 9500)
Memory: 364.5M
CGroup: /system.slice/wazuh-server.service
├─15235 /bin/sh /usr/share/wazuh-server/bin/wazuh-server start -r
├─15240 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─15242 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─15243 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─15246 /usr/share/wazuh-server/bin/wazuh-engine server -l info start
├─15291 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─15297 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─15305 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─15306 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─15308 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/apis/scripts/wazuh_comms_apid.py -r
├─15321 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_apid.py -r
Dec 18 17:16:13 vm-ubuntu20 env[15305]: 2024/12/18 17:16:13 INFO: [Communications API] Booting worker with pid: 15305
Dec 18 17:16:13 vm-ubuntu20 env[15305]: 2024/12/18 17:16:13 INFO: [Communications API] Started server process [15305]
Dec 18 17:16:13 vm-ubuntu20 env[15305]: 2024/12/18 17:16:13 INFO: [Communications API] Waiting for application startup.
Dec 18 17:16:13 vm-ubuntu20 env[15305]: 2024/12/18 17:16:13 INFO: [Communications API] Application startup complete.
Dec 18 17:16:13 vm-ubuntu20 env[15306]: 2024/12/18 17:16:13 INFO: [Communications API] Booting worker with pid: 15306
Dec 18 17:16:13 vm-ubuntu20 env[15306]: 2024/12/18 17:16:13 INFO: [Communications API] Started server process [15306]
Dec 18 17:16:13 vm-ubuntu20 env[15306]: 2024/12/18 17:16:13 INFO: [Communications API] Waiting for application startup.
Dec 18 17:16:13 vm-ubuntu20 env[15306]: 2024/12/18 17:16:13 INFO: [Communications API] Application startup complete.
Dec 18 17:16:15 vm-ubuntu20 env[15240]: 2024/12/18 17:16:15 INFO: [Local Server] [Main] Started wazuh-comms-apid (pid: 15291)
Dec 18 17:16:15 vm-ubuntu20 env[15240]: 2024/12/18 17:16:15 INFO: [Local Server] [Main] Starting wazuh-apidIndexerConector # journalctl -f -xeu wazuh-server | grep indexerConnector
Dec 18 17:24:34 vm-ubuntu20 env[17596]: 2024-12-18 17:24:34.927 17596:17903 indexerConnector.cpp:243 at operator()::<lambda>handleSuccessfulPostResponse(): debug: Response: {"took":883,"errors":true,"items":[{"index":{"_index":"wazuh-alerts-5x","_id":"bkIR2pMBLQwIj9yAZ66O","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":2,"_primary_term":1,"status":201}},{"index":{"_index":"wazuh-alerts-5x","_id":"b0IR2pMBLQwIj9yAZ66O","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [event.ingested] of type [date] in document with id 'b0IR2pMBLQwIj9yAZ66O'. Preview of field's value: 'string'","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [string] with format [strict_date_optional_time||epoch_millis]","caused_by":{"type":"date_time_parse_exception","reason":"Failed to parse with all enclosed parsers"}}}}},{"index":{"_index":"wazuh-alerts-5x","_id":"cEIR2pMBLQwIj9yAZ66O","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [event.ingested] of type [date] in document with id 'cEIR2pMBLQwIj9yAZ66O'. Preview of field's value: 'string'","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [string] with format [strict_date_optional_time||epoch_millis]","caused_by":{"type":"date_time_parse_exception","reason":"Failed to parse with all enclosed parsers"}}}}}]}Certificates on true with incorrect certificates:configuration: Server status: # systemctl status wazuh-server
● wazuh-server.service - Wazuh server
Loaded: loaded (/lib/systemd/system/wazuh-server.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2024-12-18 17:29:25 CET; 8s ago
Main PID: 17985 (wazuh-server)
Tasks: 57 (limit: 9400)
Memory: 178.2M
CGroup: /system.slice/wazuh-server.service
├─17985 /bin/sh /usr/share/wazuh-server/bin/wazuh-server start -r
├─17990 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─17992 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
├─17993 /usr/share/wazuh-server/framework/python/bin/python3 /usr/share/wazuh-server/framework/scripts/wazuh_server.py start -r
└─17996 /usr/share/wazuh-server/bin/wazuh-engine server -l info start
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/thread_pool_>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 engineServer.cpp:37 at changeUVTreadPoolWorkerSize(): debug: Thread pool worker si>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 metricsManager.cpp:59 at getMetricsScope(): info: MetricsManager: Created new scop>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 metricsManager.cpp:59 at getMetricsScope(): info: MetricsManager: Created new scop>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/api_timeout'>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 conf.hpp:172 at get(): debug: Using configuration key '/engine/server/api_queue_si>
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.532 17996:17996 conf.hpp:165 at get(): debug: Using configuration key '/engine/server/api_socket' >
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.533 17996:17996 engineServer.cpp:112 at addEndpoint(): debug: Adding endpoint API
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.533 17996:17996 conf.hpp:165 at get(): debug: Using configuration key '/engine/api_server/socket' >
Dec 18 17:29:27 vm-ubuntu20 env[17996]: 2024-12-18 17:29:27.534 17996:17996 engineServer.cpp:78 at start(): info: Starting the server...IndexerConector: # journalctl -f -xeu wazuh-server | grep threadEventDispatcher
Dec 18 17:31:43 vm-ubuntu20 env[18872]: 2024-12-18 17:31:43.473 18872:19285 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 17:31:48 vm-ubuntu20 env[18872]: 2024-12-18 17:31:48.474 18872:19285 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 17:31:53 vm-ubuntu20 env[18872]: 2024-12-18 17:31:53.474 18872:19285 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 17:31:58 vm-ubuntu20 env[18872]: 2024-12-18 17:31:58.474 18872:19285 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server
Dec 18 17:32:03 vm-ubuntu20 env[18872]: 2024-12-18 17:32:03.475 18872:19285 threadEventDispatcher.hpp:205 at singleAndOrdered(): error: Dispatch handler error: No available server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #27174
Add the option to verify the certificate in the indexer connector. Also set the global default setting to verify.