wazuh-db did not start correctly

[Nataliia]

Hello!

After some changes in the /var/ossec/etc/ossec.conf I had an error, something like:

xml.parsers.expat.ExpatError: mismatched tag: line 382, column 4

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.2.6-py3.9.egg/wazuh/core/configuration.py", line 480, in get_ossec_conf

    xml_data = load_wazuh_xml(conf_file)

  File "/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.2.6-py3.9.egg/wazuh/core/utils.py", line 739, in load_wazuh_xml

    return ElementTree.fromstring(entities + '<root_tag>' + data + '</root_tag>')

  File "/var/ossec/framework/python/lib/python3.9/xml/etree/ElementTree.py", line 1347, in XML

    parser.feed(text)

  File "/var/ossec/framework/python/lib/python3.9/xml/etree/ElementTree.py", line 1722, in feed

    self._raiseerror(v)

  File "/var/ossec/framework/python/lib/python3.9/xml/etree/ElementTree.py", line 1629, in _raiseerror

    raise err

xml.etree.ElementTree.ParseError: mismatched tag: line 382, column 4

Before it I copy file ossec.conf without any my changes. So, I recover this file. Error, which I wrote before didn't reappear, but now I have another errors:

wazuh-db: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).

wazuh-modulesd: INFO: Cannot find 'queue/db/wdb'. Waiting 1 seconds to reconnect.

wazuh-modulesd: ERROR: Unable to connect to socket 'queue/db/wdb'.

2022/04/29 14:06:51 wazuh-modulesd:task-manager: ERROR: (8209): Tasks DB Cannot execute SQL query: err database 'queue/tasks/tasks.db'

wazuh-monitord: CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).

Would be grateful for help.

[Nataliia]

And if it matters, after network crushing it appeared this informal message in the /var/ossec/etc/ossec.conf:

E325: ATTENTION

Found a swap file by the name ".ossec.conf.swp" 

         owned by: root   dated: Fri Apr 22 09:16:14 2022

         file name: /var/ossec/etc/ossec.conf

          modified: YES

         user name: root   host name: wazuh-manager

        process ID: 5109

While opening file "ossec.conf"

             dated: Fri Apr 29 13:14:49 2022

      NEWER than swap file!

(1) Another program may be editing the same file.  If this is the case,

    be careful not to end up with two different instances of the same

    file when making changes.  Quit, or continue with caution.

(2) An edit session for this file crashed.

    If this is the case, use ":recover" or "vim -r ossec.conf"

    to recover the changes (see ":help recovery").

    If you did this already, delete the swap file ".ossec.conf.swp"

    to avoid this message.

"ossec.conf" 373L, 10115C

Press ENTER or type command to continue

пятница, 29 апреля 2022 г. в 17:11:50 UTC+3, Nataliia:

[Matias Pereyra]

Hello!

It seems that you have a syntax error in the XML configuration file ossec.conf. You can upload it if you can't find the error, but it seems it is near this line

     mismatched tag: line 382, column 4

Now, when you used your configuration backup, maybe the permissions of the file weren't right causing this error 

    CRITICAL: (1226): Error reading XML file 'etc/ossec.conf':  (line 0).

Please verify that ossec.conf belongs to root:ossec and change it if necessary

    # chown root:ossec /var/ossec/etc/ossec.conf

Finally, the error message you show in the second message may be the cause of the corrupted file.

Try again with your backup file.

Regards.

[Nataliia]

Hello, Matias!

I have changed  ossec.conf for belongs it to root and wazuh-manager has started.

Thank you a lot!

понедельник, 2 мая 2022 г. в 18:12:58 UTC+3, matias....@wazuh.com: