Wazuh API Issue
1,597 views
Skip to first unread message
Ryan Mohr
Apr 21, 2021, 5:37:42 PM4/21/21
to Wazuh mailing list
Hi All,
We are running a wazuh docker system. The Wazuh API Connection continues to load, then eventually fails.
The error it's producing is:
Error: 3099 - ERROR3099 - Some Wazuh daemons are not ready yet in node "manager" (wazuh-modulesd->failed)"
Any suggestions?
Thank you!
Miguel Casares
Apr 21, 2021, 5:41:07 PM4/21/21
to Ryan Mohr, Wazuh mailing list
Unfortunately, there is a critical bug that causes the Wazuh manager processes to crash (Wazuh agents are not affected). More specifically, it affects Wazuh managers 3.11 and later versions.
This bug is caused by a problem in the Vulnerability Detection module. It can temporarily be solved by disabling the NVD provider on the manager configuration file. Vulnerability Detector won’t work, but the rest of the manager capabilities will work normally.
To apply the temporary fix, on the Wazuh manager system, you need to edit your /var/ossec/etc/ossec.conf file and disable the NVD provider. This needs to be done inside the <vulnerability-detection> section of the file:
<provider name="nvd">
<enabled>no</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
Then, to apply changes, you will need to restart your Wazuh manager:
systemctl restart wazuh-manager
Please make sure the manager is properly working afterward, by checking that the wazuh-modulesd process is up and running in your system:
ps aux | grep -i wazuh-modulesd
We will be releasing a patched version (4.1.5) within the next 24 hours. With this patch, the Vulnerability Detector module will work well again.
Apologies for the inconvenience. Let us know if you have any questions.
Regards.
This bug is caused by a problem in the Vulnerability Detection module. It can temporarily be solved by disabling the NVD provider on the manager configuration file. Vulnerability Detector won’t work, but the rest of the manager capabilities will work normally.
To apply the temporary fix, on the Wazuh manager system, you need to edit your /var/ossec/etc/ossec.conf file and disable the NVD provider. This needs to be done inside the <vulnerability-detection> section of the file:
<provider name="nvd">
<enabled>no</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
Then, to apply changes, you will need to restart your Wazuh manager:
systemctl restart wazuh-manager
Please make sure the manager is properly working afterward, by checking that the wazuh-modulesd process is up and running in your system:
ps aux | grep -i wazuh-modulesd
We will be releasing a patched version (4.1.5) within the next 24 hours. With this patch, the Vulnerability Detector module will work well again.
Apologies for the inconvenience. Let us know if you have any questions.
Regards.
Miguel Casares
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7f260656-47a5-486a-9d04-181259f4df7fn%40googlegroups.com.
Ryan Mohr
Apr 21, 2021, 5:49:40 PM4/21/21
to Wazuh mailing list
Wow thank you. Weight off my back.
Miguel Casares
Apr 21, 2021, 6:03:31 PM4/21/21
to Ryan Mohr, Wazuh mailing list
Hello Ryan,
Were you able to recover the service?
Regards,
Miguel Casares
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/86d42cf9-6c2d-4302-84db-236062864ef9n%40googlegroups.com.
Ryan Mohr
Apr 21, 2021, 8:46:02 PM4/21/21
to Miguel Casares, Wazuh mailing list
Yes, thank you Miguel.
Miguel Casares
Apr 22, 2021, 10:55:08 AM4/22/21
to Ryan Mohr, Wazuh mailing list
Hello Ryan,
Great!
Don't hesitate to contact us should you have any questions.
Regards,
Miguel Casares
Miguel Casares
Apr 26, 2021, 6:47:28 AM4/26/21
to Wazuh mailing list
Hello Ryan,
The fix is ready and it was released in 4.1.5: https://documentation.wazuh.com/current/release-notes/release_4_1_5.html
You may upgrade and enable the module again.
Thank you,
Miguel Casares
Reply all
Reply to author
Forward
0 new messages