Errors in ossec.log after upgrading to 4.8.0.
KnaveXVX
I
have some warnings in ossec.log after upgrading to 4.8.0. I did follow all the troubleshooting steps.
"Failed to sync agent '005' with the indexer"
" IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-server', retrying until the connection is successful."
I am seeing activity on the Wazuh Vulnerability dashboard but it doesn't refresh unless I reboot the server. I sometimes need to re-enter the username and password for the indexer into the wazuh-keystore and then restart the Wazuh services. I also checked the overall health of the system and it is in a yellow status. The reasoning is due to some unassigned indices but I have no idea how to fix this.
When looking at those indices, they all show as being setup with a replica count of 1 but I only have one server. Some of the indices, I can manually set to 0 but others give me an error when saving. I don't know why some indices are defaulting to 1 replica.
Thank you.
Sebastian Dario Bustos
{
"index_patterns": [
".opendistro-ism-managed-index-history-*"
],
"template": {
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0
}
}
}
{
"index" : {
"number_of_replicas" : 0
}
}
KnaveXVX
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "index template [managed-history] has index patterns [.opendistro-ism-managed-index-history-*] matching patterns from existing templates [replicas] with patterns (replicas => [*]) that have the same priority [0], multiple index templates may not match during index creation, please use a different priority"
}
],
"type": "illegal_argument_exception",
"reason": "index template [managed-history] has index patterns [.opendistro-ism-managed-index-history-*] matching patterns from existing templates [replicas] with patterns (replicas => [*]) that have the same priority [0], multiple index templates may not match during index creation, please use a different priority"
},
"status": 400