ossec-integratord: ERROR: Unable to run integration for pagerduty
577 views
Skip to first unread message
Gal Akavia
Nov 23, 2021, 10:52:31 AM11/23/21
to Wazuh mailing list
Hi,
We have issues get incidents from Wazuh to PagerDuty (SaaS).
First we created a service,
The integration key implemented normally in wazuh ossec.conf (obfuscated as seen the picture below).
We received the incidents properly few weeks ago but, The last weeks we missing all incident, sometimes just few incidents are receiving.
So, i dont think its PagerDuty issue side, maybe it is..
We set an email alert from wazuh that way i tried to cover incidents that not received on pagerduty side.
I checked the logs in /var/ossec/logs/ossec.log
We got the following errors:
1. "ossec-integratord: ERROR: Unable to run integration for pagerduty" & ERROR: While
2. running pagerduty Output: Error sending the alert to pagerduy.
I open a case to pagerduty support but try also here.
Friends, is anyone get same issues before and can guide me?
Didn't find a proper docs about this issue.
Thank's a lot in advance !!
Luis Contreras
Nov 23, 2021, 3:05:59 PM11/23/21
to Wazuh mailing list
Hi,
In order to confirm that you followed the documentation about it from here https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html
Error sending the alert to page dut, it looks like a format issue.
Have you checked this entry about a similar situation https://github.com/wazuh/wazuh/issues/3639?
Let me know your comments,
Let me know your comments,
Gal Akavia
Nov 24, 2021, 11:17:21 AM11/24/21
to Wazuh mailing list
Hi Luis,
Yes i followed the documentation about it, As shown the picture above i inserted Pagerduty API key (After created a "service" in PD).
In addition we received incidents few weeks ago but suddenly we got them few hours delay, then nothing.
I have reat it few days ago,
# /var/ossec/integrations/pagerduty << the script is already set /bin/bash.
About the steps to create API KEY, i already did it and its work but after few days the delay is start and then all incident not arriving PD.
I think it's wazuh side issue and not PD.
Thank's in advance!
Javier Medeot
Nov 30, 2021, 4:26:41 PM11/30/21
to Wazuh mailing list
Hello Gulguly.
Have you confirmed with PagerDuty that you are not reaching your PagerDuty's plan limits (if any, like API calls frequency limit, API key expired, etc.)?
Have you confirmed with PagerDuty that you are not reaching your PagerDuty's plan limits (if any, like API calls frequency limit, API key expired, etc.)?
If this is the case, you could enable Wazuh integratord's debug mode as a next step and check `var/ossec/logs/ossec.log` again to see if there are specific details for this error. To enable debug mode for this module you need to set `integrator.debug=2` in the `/var/ossec/etc/internal_options.conf` file of the manager and restart it.
Could you share these new log details? What Wazuh version are you running? What kind of events are you missing? Thank you.
Reply all
Reply to author
Forward
0 new messages