Error: No API available to connect
1,284 views
Skip to first unread message
Cézar
Sep 10, 2022, 3:05:36 PM9/10/22
to Wazuh mailing list
Hello guys, how are you doing?
Since yesterday we encountered this error in our wazuh, we did not made any changes in its configuration. We are running the App version: 4.2.5, revision 4206-1.
The full error in the dashboard is:
INFO: Current API id [default
]
INFO: Checking current API id [default]...
INFO: Current API id [default] has some problem: 3002 - Request failed with status code 400
INFO: Getting API hosts...
INFO: API hosts found: 1
INFO: Checking API host id [default]...
INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Some Wazuh daemons are not ready yet in node "node01" (wazuh-modulesd->failed)
INFO: Removed [navigate] cookie
ERROR: No API available to connect
I have tried to
curl -u user:pass -k -X GET "https://x.x.x.x:55000/security/user/authenticate"
and the output is as follow:
{"title": "Bad Request", "detail": "Some Wazuh daemons are not ready yet in node \"node01\" (wazuh-modulesd->failed)", "dapi_errors": {"node01": {"error": "Some Wazuh daemons are not ready yet in node \"node01\" (wazuh-modulesd->failed)"}}, "error": 1017}
I have also attached the api.log file to see if it helps, I have no leads what happened, any help is welcome.
Thanks in advance,
Cézar
Manuel Camona Perez
Sep 12, 2022, 2:28:15 AM9/12/22
to Wazuh mailing list
Hi Cézar,
In this case, the API is giving an error due to the wazuh-modulesd daemon. As the API response said, the wazuh-modulesd daemon is not ready yet. In order to see possible issues related to this daemon, please run the following command in the Wazuh manager:
grep -E "WARN|ERR" /var/ossec/logs/ossec.log
This will look for possible error or warning messages in the ossec.log log file.
Waiting for your response.
Message has been deleted
Cézar
Sep 12, 2022, 2:27:56 PM9/12/22
to Wazuh mailing list
Thanks for the response Manuel!
I have attached the error messages.
I have also disabled the vulnerability detector module from the ossec.conf, and it solved the issue. But I also use this functionality and it would be nice if I could solve this issue.
Manuel Camona Perez
Sep 13, 2022, 3:42:35 AM9/13/22
to Wazuh mailing list
Hi again Cézar,
So the error only appears when the vulnerability detector is enabled and configured. Could you send the vulnerability detector configuration? Or the whole ossec.conf file, if you want.
Manuel Camona Perez
Sep 14, 2022, 6:05:29 AM9/14/22
to Wazuh mailing list
Hi again Cézar and sorry for the late response,
I have seen in your ossec.conf that you have the MSU provider enabled.
Taking into account that you are using Wazuh version 4.2.5 and you have the MSU provider enabled, the problem has to be related to a segmentation fault in the vulnerability detector module. This error was already reported and fixed for Wazuh version 4.2.7: https://github.com/wazuh/wazuh/pull/13617.
The only solution here is an upgrade to Wazuh v4.2.7. You can also upgrade to Wazuh v4.3, but note that this error also affects Wazuh v4.3.0 and Wazuh v4.3.1 so avoid these versions (anyway, if you want to upgrade to 4.3, I recommend that you upgrade to the latest version, which is 4.3.7).
I have seen in your ossec.conf that you have the MSU provider enabled.
Taking into account that you are using Wazuh version 4.2.5 and you have the MSU provider enabled, the problem has to be related to a segmentation fault in the vulnerability detector module. This error was already reported and fixed for Wazuh version 4.2.7: https://github.com/wazuh/wazuh/pull/13617.
The only solution here is an upgrade to Wazuh v4.2.7. You can also upgrade to Wazuh v4.3, but note that this error also affects Wazuh v4.3.0 and Wazuh v4.3.1 so avoid these versions (anyway, if you want to upgrade to 4.3, I recommend that you upgrade to the latest version, which is 4.3.7).
I hope this helps, let me know if the upgrade solved your issue and/or if you have more problems.
Cézar
Sep 14, 2022, 1:55:59 PM9/14/22
to Wazuh mailing list
Thanks again for the response Manuel!
I will try doing that, is there any documentation for upgrading that you recommend? I have yet to update wazuh, and I am afraid of breaking things, do you recommend upgrading to 3.7 or the upgrade process is easier to the 2.7?
Manuel Camona Perez
Sep 16, 2022, 4:09:40 AM9/16/22
to Wazuh mailing list
Hi Cézar.
Have a look at the Upgrade guide documentation section. This is the main page and talks about the upgrade procedure.
In order to upgrade the Wazuh server (manager), have a look at the Wazuh central components section. In this section, you can see information about how to upgrade the indexer and the dashboard too.
Have a look at the Wazuh v4.3.7 changelog, if there are any features you are interested in, upgrade to that version. If you don't want any of these features/fixes, just upgrade to the latest Wazuh 4.2 version, which is 4.2.7. Upgrading to v4.2.7 will not introduce any breaking changes that could affect your use cases.
I hope this helps, thanks for contributing to the project!
Have a look at the Upgrade guide documentation section. This is the main page and talks about the upgrade procedure.
In order to upgrade the Wazuh server (manager), have a look at the Wazuh central components section. In this section, you can see information about how to upgrade the indexer and the dashboard too.
Have a look at the Wazuh v4.3.7 changelog, if there are any features you are interested in, upgrade to that version. If you don't want any of these features/fixes, just upgrade to the latest Wazuh 4.2 version, which is 4.2.7. Upgrading to v4.2.7 will not introduce any breaking changes that could affect your use cases.
I hope this helps, thanks for contributing to the project!
Cézar
Sep 16, 2022, 1:55:26 PM9/16/22
to Wazuh mailing list
Thanks I will try that!
Just a last thing that I noticed that might be relevant, I have disabled both msu and nvd sources and left the vulnerability detector enabled, but the error still persist. But once I disable the "main" module (the very fist option on the vulnerability dfetector) it stops.
Another thing I did on the last few days was to delete a few old security-auditlog from elasticsearch, I did not comment before because I think it is unrelated.
Reply all
Reply to author
Forward
0 new messages