Vulnerbaility Detection 4.10

Albert Waweru

unread,

Jan 13, 2025, 10:25:28 AM1/13/25

to Wazuh | Mailing List

Hello team, i am facing an issue with the vulnerbaility detection not showing alerts on the dashboard. I have checked the certificates and they are all fine i have even stopped the vulnerability detection and re-enabled it again but it didnt solve my problem. Please help

this is the output of the ossec.log. I have checked the credentials and they are fine but still the issue persists

Screenshot From 2025-01-13 18-23-51.png

Nicolas Zapata

unread,

Jan 13, 2025, 2:21:22 PM1/13/25

to Wazuh | Mailing List

Hi albert!

Can you please verify that have you followed the vulnerability detection module https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/configuring-scans.html.

Please make sure to update the <vulnerability-detection> and <indexer> block in /var/ossec/etc/ossec.conf

Replace `0.0.0.0` with the indexer IP in the Filebeat config file, For example:
output.elasticsearch.hosts:
- 127.0.0.1:9200

Wazuh indexer node's IP address or hostname. If you have a Wazuh indexer cluster, add a `<host>` entry for each one of your nodes. For example, in a two-node configuration:
<hosts>
<host>https://10.0.0.1:9200</host>
<host>https://10.0.0.2:9200</host>
</hosts>

Check the certificate name:
ll /etc/filebeat/certs
Verify the Filebeat certificate name and path are correct and update the `<indexer>` block in `/var/ossec/etc/ossec.conf` accordingly.
In case the certs is missing you can extract that from wazuh-certificates.tar that is created at the time of generating certs

Save the Wazuh indexer username and password into the Wazuh manager keystore using the Wazuh-keystore tool:
/var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
/var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>

After that, save the configuration and restart the manager/cluster using the command:
systemctl restart wazuh-manager

If this didnt resolve the issue then please share the output of the following command

cat /var/ossec/logs/ossec.log | grep vul

Refer: https://documentation.wazuh.com/current/upgrade-guide/troubleshooting.html

Damian Alfredo Mangold

unread,

Jan 13, 2025, 3:00:21 PM1/13/25

to Wazuh | Mailing List

Hi Albert Waweru

If you installed version 4.10.0 by upgrading from a previous version of Wazuh, please verify that you have executed point 5 of this guide:

- Configuring Filebeat

Regards.

Albert Waweru

unread,

Jan 15, 2025, 1:54:06 AM1/15/25

to Wazuh | Mailing List

Hello, this is the output of the ossec.conf

cat /var/ossec/logs/ossec.log | grep vul
2025/01/15 09:28:01 wazuh-modulesd:vulnerability-scanner[3171837] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:28:20 wazuh-modulesd[3173353] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:28:20 wazuh-modulesd:vulnerability-scanner[3173353] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:28:20 wazuh-modulesd:vulnerability-scanner[3173353] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:28:20 wazuh-modulesd:vulnerability-scanner[3173353] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:29:01 wazuh-modulesd:vulnerability-scanner[3173353] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:29:18 wazuh-modulesd[3174913] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:29:18 wazuh-modulesd:vulnerability-scanner[3174913] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:29:18 wazuh-modulesd:vulnerability-scanner[3174913] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:29:18 wazuh-modulesd:vulnerability-scanner[3174913] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:30:01 wazuh-modulesd:vulnerability-scanner[3174913] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:30:19 wazuh-modulesd[3176651] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:30:19 wazuh-modulesd:vulnerability-scanner[3176651] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:30:19 wazuh-modulesd:vulnerability-scanner[3176651] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:30:19 wazuh-modulesd:vulnerability-scanner[3176651] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:31:02 wazuh-modulesd:vulnerability-scanner[3176651] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:31:19 wazuh-modulesd[3178258] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:31:19 wazuh-modulesd:vulnerability-scanner[3178258] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:31:19 wazuh-modulesd:vulnerability-scanner[3178258] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:31:20 wazuh-modulesd:vulnerability-scanner[3178258] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:32:02 wazuh-modulesd:vulnerability-scanner[3178258] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:32:21 wazuh-modulesd[3179921] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:32:21 wazuh-modulesd:vulnerability-scanner[3179921] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:32:21 wazuh-modulesd:vulnerability-scanner[3179921] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:32:21 wazuh-modulesd:vulnerability-scanner[3179921] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:33:01 wazuh-modulesd:vulnerability-scanner[3179921] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:33:17 wazuh-modulesd[3181487] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:33:17 wazuh-modulesd:vulnerability-scanner[3181487] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:33:17 wazuh-modulesd:vulnerability-scanner[3181487] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:33:17 wazuh-modulesd:vulnerability-scanner[3181487] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:34:01 wazuh-modulesd:vulnerability-scanner[3181487] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:34:20 wazuh-modulesd[3183109] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:34:20 wazuh-modulesd:vulnerability-scanner[3183109] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:34:20 wazuh-modulesd:vulnerability-scanner[3183109] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:34:20 wazuh-modulesd:vulnerability-scanner[3183109] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:35:01 wazuh-modulesd:vulnerability-scanner[3183109] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:35:25 wazuh-modulesd[3184727] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:35:25 wazuh-modulesd:vulnerability-scanner[3184727] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:35:26 wazuh-modulesd:vulnerability-scanner[3184727] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:35:26 wazuh-modulesd:vulnerability-scanner[3184727] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:36:01 wazuh-modulesd:vulnerability-scanner[3184727] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:36:20 wazuh-modulesd[3186192] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:36:20 wazuh-modulesd:vulnerability-scanner[3186192] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:36:20 wazuh-modulesd:vulnerability-scanner[3186192] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:36:21 wazuh-modulesd:vulnerability-scanner[3186192] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:37:02 wazuh-modulesd:vulnerability-scanner[3186192] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:37:19 wazuh-modulesd[3187796] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:37:19 wazuh-modulesd:vulnerability-scanner[3187796] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:37:20 wazuh-modulesd:vulnerability-scanner[3187796] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:37:20 wazuh-modulesd:vulnerability-scanner[3187796] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:37:41 wazuh-modulesd:vulnerability-scanner[3187796] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:38:00 wazuh-modulesd[3189306] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:38:00 wazuh-modulesd:vulnerability-scanner[3189306] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:38:00 wazuh-modulesd:vulnerability-scanner[3189306] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:38:00 wazuh-modulesd:vulnerability-scanner[3189306] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:39:02 wazuh-modulesd:vulnerability-scanner[3189306] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:39:21 wazuh-modulesd[3191820] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:39:21 wazuh-modulesd:vulnerability-scanner[3191820] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:39:21 wazuh-modulesd:vulnerability-scanner[3191820] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:39:22 wazuh-modulesd:vulnerability-scanner[3191820] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:40:02 wazuh-modulesd:vulnerability-scanner[3191820] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:40:24 wazuh-modulesd[3193474] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:40:24 wazuh-modulesd:vulnerability-scanner[3193474] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:40:24 wazuh-modulesd:vulnerability-scanner[3193474] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:40:24 wazuh-modulesd:vulnerability-scanner[3193474] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:41:01 wazuh-modulesd:vulnerability-scanner[3193474] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:41:18 wazuh-modulesd[3195092] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:41:18 wazuh-modulesd:vulnerability-scanner[3195092] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:41:18 wazuh-modulesd:vulnerability-scanner[3195092] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:41:18 wazuh-modulesd:vulnerability-scanner[3195092] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:42:01 wazuh-modulesd:vulnerability-scanner[3195092] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:42:18 wazuh-modulesd[3196697] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:42:18 wazuh-modulesd:vulnerability-scanner[3196697] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:42:18 wazuh-modulesd:vulnerability-scanner[3196697] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:42:18 wazuh-modulesd:vulnerability-scanner[3196697] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:43:01 wazuh-modulesd:vulnerability-scanner[3196697] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:43:20 wazuh-modulesd[3198323] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:43:20 wazuh-modulesd:vulnerability-scanner[3198323] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:43:20 wazuh-modulesd:vulnerability-scanner[3198323] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:43:20 wazuh-modulesd:vulnerability-scanner[3198323] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:44:01 wazuh-modulesd:vulnerability-scanner[3198323] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:44:20 wazuh-modulesd[3199907] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:44:20 wazuh-modulesd:vulnerability-scanner[3199907] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:44:20 wazuh-modulesd:vulnerability-scanner[3199907] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:44:20 wazuh-modulesd:vulnerability-scanner[3199907] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:45:01 wazuh-modulesd:vulnerability-scanner[3199907] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:45:17 wazuh-modulesd[3201503] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:45:17 wazuh-modulesd:vulnerability-scanner[3201503] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:45:18 wazuh-modulesd:vulnerability-scanner[3201503] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:45:18 wazuh-modulesd:vulnerability-scanner[3201503] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:46:01 wazuh-modulesd:vulnerability-scanner[3201503] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:46:19 wazuh-modulesd[3203130] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:46:19 wazuh-modulesd:vulnerability-scanner[3203130] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:46:19 wazuh-modulesd:vulnerability-scanner[3203130] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:46:19 wazuh-modulesd:vulnerability-scanner[3203130] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:47:01 wazuh-modulesd:vulnerability-scanner[3203130] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:47:19 wazuh-modulesd[3204738] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:47:19 wazuh-modulesd:vulnerability-scanner[3204738] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:47:19 wazuh-modulesd:vulnerability-scanner[3204738] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:47:19 wazuh-modulesd:vulnerability-scanner[3204738] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:48:01 wazuh-modulesd:vulnerability-scanner[3204738] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:48:18 wazuh-modulesd[3206362] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:48:18 wazuh-modulesd:vulnerability-scanner[3206362] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:48:18 wazuh-modulesd:vulnerability-scanner[3206362] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:48:18 wazuh-modulesd:vulnerability-scanner[3206362] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:49:01 wazuh-modulesd:vulnerability-scanner[3206362] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:49:19 wazuh-modulesd[3208002] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:49:19 wazuh-modulesd:vulnerability-scanner[3208002] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:49:19 wazuh-modulesd:vulnerability-scanner[3208002] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:49:19 wazuh-modulesd:vulnerability-scanner[3208002] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:50:01 wazuh-modulesd:vulnerability-scanner[3208002] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:50:26 wazuh-modulesd[3209636] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:50:26 wazuh-modulesd:vulnerability-scanner[3209636] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:50:26 wazuh-modulesd:vulnerability-scanner[3209636] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:50:26 wazuh-modulesd:vulnerability-scanner[3209636] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:51:01 wazuh-modulesd:vulnerability-scanner[3209636] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:51:18 wazuh-modulesd[3211158] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:51:18 wazuh-modulesd:vulnerability-scanner[3211158] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:51:18 wazuh-modulesd:vulnerability-scanner[3211158] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:51:18 wazuh-modulesd:vulnerability-scanner[3211158] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:52:01 wazuh-modulesd:vulnerability-scanner[3211158] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.
2025/01/15 09:52:19 wazuh-modulesd[3212752] main.c:95 at main(): DEBUG: Created new thread for the 'vulnerability_scanner' module.
2025/01/15 09:52:19 wazuh-modulesd:vulnerability-scanner[3212752] wm_vulnerability_scanner.c:52 at wm_vulnerability_scanner_main(): INFO: Starting vulnerability_scanner module.
2025/01/15 09:52:19 wazuh-modulesd:vulnerability-scanner[3212752] wm_vulnerability_scanner.c:45 at wm_vulnerability_scanner_log_config(): DEBUG: {"vulnerability-detection":{"enabled":"yes","index-status":"yes","feed-update-interval":"60m","cti-url":"https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0"},"wmMaxEps":100,"translationLRUSize":2048,"osdataLRUSize":1000,"remediationLRUSize":2048,"managerDisabledScan":1,"indexer":{"enabled":"yes","hosts":["https://159.223.132.53:9200"],"ssl":{"certificate_authorities":["/etc/filebeat/certs/root-ca.pem"],"certificate":"/etc/filebeat/certs/filebeat.pem","key":"/etc/filebeat/certs/filebeat-key.pem"}},"clusterEnabled":false,"clusterName":"TPWazuhmanager","clusterNodeName":"undefined"}
2025/01/15 09:52:19 wazuh-modulesd:vulnerability-scanner[3212752] vulnerabilityScannerFacade.cpp:280 at vulnerabilityScanPolicyChange(): DEBUG: Vulnerability scanner in manager still disabled
2025/01/15 09:53:01 wazuh-modulesd:vulnerability-scanner[3212752] wm_vulnerability_scanner.c:146 at wm_vulnerability_scanner_stop(): INFO: Stopping vulnerability_scanner module.

Message has been deleted

Albert Waweru

unread,

Jan 17, 2025, 6:49:27 AM1/17/25

to Wazuh | Mailing List

Hello Nicolas, i verified that everything is fine as per the documents

Albert Waweru

unread,

Jan 17, 2025, 6:50:14 AM1/17/25

to Wazuh | Mailing List

Hello Damian, i indeed executed step 5 but still i am not getting any events on the vulnerability dashboard. Could you please help me?

On Monday, January 13, 2025 at 11:00:21 PM UTC+3 Damian Alfredo Mangold wrote:

Albert Waweru

unread,

Jan 20, 2025, 7:08:36 AM1/20/25

to Wazuh | Mailing List

Somebody please assist me here.

Message has been deleted

Nicolas Zapata

unread,

Jan 20, 2025, 7:54:10 AM1/20/25

to Wazuh | Mailing List

Hi Albert!

Please perform the following tests: and share the output

filebeat test output
curl -u <user>:<pass> --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -X GET "https://127.0.0.1:9200/_cluster/health?pretty=true"

Albert Waweru

unread,

Jan 20, 2025, 8:24:04 AM1/20/25

to Wazuh | Mailing List

curl -k -u admin:'<REDACTED>' https://159.223.132.53:9200/_cluster/health?pretty=true --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem
{
"cluster_name" : "wazuh-indexer-cluster",
"status" : "red",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 98,
"active_shards" : 98,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 40,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 71.01449275362319
}

filebeat test output

elasticsearch: https://159.223.132.53:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 159.223.132.53
dial up... OK
TLS...
security: server's certificate chain verification is enabled
SDK 2025/01/20 16:21:23 WARN falling back to IMDSv1: operation error ec2imds: getToken, http response error StatusCode: 405, request to EC2 IMDS failed
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... ERROR Connection marked as failed because the onConnect callback failed: could not connect to a compatible version of Elasticsearch: 400 Bad Request: {"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_license], must not start with '_'.","index":"_license","index_uuid":"_na_"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_license], must not start with '_'.","index":"_license","index_uuid":"_na_"},"status":400}

Message has been deleted

Nicolas Zapata

unread,

Jan 20, 2025, 9:44:42 AM1/20/25

to Wazuh | Mailing List

Hi Albert!

Your indexer does not seem to be working because it is in red status. This may be the reason why you have no vulnerability detection events.
Please check the indexers and shards you have and verify which ones are in red/yellow.

curl -k -u admin:<password> -XGET https://<127.0.0.1/indexer-ip>:9200/_cat/shards?v

curl -k -u admin:<password> -XGET https://<127.0.0.1/indexer-ip>:9200/_cat/indices?s=index

Also please check the indexer logs

cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "error|crit|warn|fatal"

Albert Waweru

unread,

Jan 20, 2025, 1:17:31 PM1/20/25

to Wazuh | Mailing List

curl -k -u admin:'<REDACTED>' https://159.223.132.53:9200/_cat/shards?v

index shard prirep state docs store ip node wazuh-alerts-4.x-2025.01.08 0 p UNASSIGNED

wazuh-alerts-4.x-2025.01.08 1 p UNASSIGNED
wazuh-alerts-4.x-2025.01.08 2 p UNASSIGNED
wazuh-alerts-4.x-2025.01.07 0 p STARTED 2969052 702.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.07 1 p STARTED 2967701 702mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.07 2 p STARTED 2969805 701.8mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.06 0 p STARTED 6352471 1.6gb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.06 1 p STARTED 6355757 1.6gb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.06 2 p STARTED 6357306 1.6gb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.05 0 p STARTED 24695013 5.9gb 159.223.132.53 node-1
.ql-datasources 0 p STARTED 0 208b 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.04-000069 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.04-000069 0 r UNASSIGNED
wazuh-alerts-4.x-2025.01.09 0 p UNASSIGNED
wazuh-alerts-4.x-2025.01.09 1 p UNASSIGNED
wazuh-alerts-4.x-2025.01.09 2 p UNASSIGNED
.opendistro-reports-instances 0 p STARTED 1 6.4kb 159.223.132.53 node-1
.opendistro_security 0 p STARTED 10 44.1kb 159.223.132.53 node-1
wazuh-statistics-2025.3w 0 p STARTED 208 314.3kb 159.223.132.53 node-1
wazuh-monitoring-2025.1w 0 p STARTED 3471 908.1kb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.12 0 p STARTED 6926619 2.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.12 1 p STARTED 6923095 2.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.12 2 p STARTED 6928365 2.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.11 0 p STARTED 3904874 1.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.11 1 p STARTED 3903395 1.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.11 2 p STARTED 3905032 1.4gb 159.223.132.53 node-1
.opensearch-observability 0 p STARTED 0 208b 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.16 0 p STARTED 772758 261mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.16 1 p STARTED 773109 260.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.16 2 p STARTED 774137 263.7mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.15 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.15 1 p UNASSIGNED
wazuh-alerts-4.x-2024.12.15 2 p UNASSIGNED
.opensearch-sap-log-types-config 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.13 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.13 1 p UNASSIGNED
wazuh-alerts-4.x-2024.12.13 2 p UNASSIGNED
wazuh-alerts-4.x-2025.01.11 0 p STARTED 2340723 580.5mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.11 1 p STARTED 2340785 582mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.11 2 p STARTED 2341703 580.9mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.10 0 p STARTED 649709 183.7mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.10 1 p STARTED 650216 183.7mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.10 2 p STARTED 650479 183.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.15 0 p STARTED 2825289 668.7mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.15 1 p STARTED 2825114 671mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.15 2 p STARTED 2826646 667.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.14 0 p STARTED 44409 11.3mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.14 1 p STARTED 44178 11mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.14 2 p STARTED 44131 11mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.12 0 p STARTED 533729 169.5mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.12 1 p STARTED 535831 173.8mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.12 2 p STARTED 534730 174.5mb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.10-000073 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.10-000073 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2025.01.16-000077 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.16-000077 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2025.01.12-000075 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.12-000075 0 r UNASSIGNED
.opendistro-ism-config 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-config 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2025.01.07-000071 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.07-000071 0 r UNASSIGNED
index 0 p STARTED 0 208b 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.05-000070 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.05-000070 0 r UNASSIGNED
.tasks 0 p STARTED 9 77.2kb 159.223.132.53 node-1
wazuh-statistics-2025.4w 0 p STARTED 6 60.1kb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.09-000072 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.09-000072 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2025.01.18-000079 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.18-000079 0 r UNASSIGNED
wazuh-monitoring-2025.4w 0 p STARTED 89 42.8kb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.27-000068 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.27-000068 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2024.12.26-000067 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.26-000067 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2024.12.23-000065 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.23-000065 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2024.12.25-000066 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.25-000066 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2024.12.22-000064 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2024.12.22-000064 0 r UNASSIGNED
wazuh-alerts-4.x-2024.12.29 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.28 0 p STARTED 930669 327.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.28 1 p STARTED 931311 326.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.28 2 p STARTED 930743 329.3mb 159.223.132.53 node-1
wazuh-statistics-2025.1w 0 p STARTED 240 308.2kb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.31 0 p STARTED 68000 27.1mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.30 0 p STARTED 91131 37.6mb 159.223.132.53 node-1
wazuh-monitoring-2025.3w 0 p STARTED 2759 604.3kb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.11-000074 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.11-000074 0 r UNASSIGNED
.opendistro-ism-managed-index-history-2025.01.15-000076 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.15-000076 0 r UNASSIGNED
wazuh-alerts-4.x-2024.12.19 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.19 1 p UNASSIGNED
wazuh-alerts-4.x-2024.12.19 2 p UNASSIGNED
.kibana_2 0 p STARTED 132 130.9kb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.19-000080 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.19-000080 0 r UNASSIGNED
wazuh-statistics-2025.2w 0 p STARTED 1883 1.2mb 159.223.132.53 node-1
.kibana_3 0 p STARTED 149 111.1kb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.23 0 p STARTED 7715023 2.3gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.23 1 p STARTED 7717735 2.3gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.23 2 p STARTED 7716582 2.3gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.22 0 p STARTED 7078172 2.1gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.22 1 p STARTED 7078672 2.1gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.22 2 p STARTED 7082637 2.1gb 159.223.132.53 node-1
.plugins-ml-config 0 p STARTED 1 3.9kb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.21 0 p STARTED 7441341 2.1gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.21 1 p STARTED 7441066 2.1gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.21 2 p STARTED 7445064 2.1gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.20 0 p STARTED 1901494 558.3mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.20 1 p STARTED 1900847 557.8mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.20 2 p STARTED 1899430 558.2mb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.27 0 p UNASSIGNED
wazuh-alerts-4.x-2024.12.27 1 p UNASSIGNED
wazuh-alerts-4.x-2024.12.27 2 p UNASSIGNED
wazuh-alerts-4.x-2024.12.26 0 p STARTED 8561052 2.5gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.26 1 p STARTED 8561775 2.5gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.26 2 p STARTED 8557670 2.5gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.25 0 p STARTED 8253857 2.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.25 1 p STARTED 8255149 2.4gb 159.223.132.53 node-1
wazuh-alerts-4.x-2024.12.25 2 p STARTED 8255801 2.4gb 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.17-000078 0 p STARTED 159.223.132.53 node-1
.opendistro-ism-managed-index-history-2025.01.17-000078 0 r UNASSIGNED
.opendistro-job-scheduler-lock 0 p STARTED 0 246b 159.223.132.53 node-1
.opendistro-job-scheduler-lock 0 r UNASSIGNED
wazuh-alerts-4.x-2025.01.04 0 p STARTED 802018 225.7mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.04 1 p STARTED 802211 225.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.04 2 p STARTED 801682 224.3mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.03 0 p STARTED 2379974 603.4mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.02 0 p STARTED 59592 24.2mb 159.223.132.53 node-1
.opensearch-notifications-config 0 p STARTED 1 7.9kb 159.223.132.53 node-1
wazuh-monitoring-2025.2w 0 p STARTED 14774 2.9mb 159.223.132.53 node-1
wazuh-alerts-4.x-2025.01.01 0 p STARTED 59592 24.7mb 159.223.132.53 node-1

# curl -k -u admin:'<redacted>' https://159.223.132.53:9200/_cat/indices?s=index

green open .kibana_2 N99fJaayR4alC8hFkaW_1A 1 0 132 11 130.9kb 130.9kb

green open .kibana_3 1Q2ecaobTSusGkmcmMWvQw 1 0 149 18 111.1kb 111.1kb
yellow open .opendistro-job-scheduler-lock lKCegJKGTOevyZbEFi2zzA 1 1 0 0 246b 246b
green open .opendistro-reports-instances A21GuR_LTwOYxjxmneEqXA 1 0 1 0 6.4kb 6.4kb
green open .opendistro_security Nf9rHsHUSRCile2_lGeC9Q 1 0 10 1 44.1kb 44.1kb
green open .opensearch-notifications-config _llUY6rNQr6RSD2nhB6SDg 1 0 1 0 7.9kb 7.9kb
green open .opensearch-observability eFK4eKT4S2uq0l7AMI93wQ 1 0 0 0 208b 208b
green open .plugins-ml-config cKH0547bRPigSAfGD96shw 1 0 1 0 3.9kb 3.9kb
green open .ql-datasources elYRM5wRTjWa8nc_fVXUqg 1 0 0 0 208b 208b
green open .tasks 4utiXVkwSwahmFyE4icIOQ 1 0 9 0 77.2kb 77.2kb
green open index mcnXWrKrRouy-FdTeXHdyg 1 0 0 0 208b 208b
green open wazuh-alerts-4.x-2024.12.11 Tlxko8aKSYKRl2V0OxN0Mw 3 0 11713301 2524 4.4gb 4.4gb
green open wazuh-alerts-4.x-2024.12.12 kVO135CNQKa2jyEtsP5eUw 3 0 20778079 8663 7.2gb 7.2gb
red open wazuh-alerts-4.x-2024.12.13 aaMRWDiVSj6djq_9HTmxfw 3 0
red open wazuh-alerts-4.x-2024.12.15 vkD2C3I3Q8-69onFMDx-rg 3 0
green open wazuh-alerts-4.x-2024.12.16 EeUmvYOdTDmuoLiS8WLy0Q 3 0 2320004 5371 785.2mb 785.2mb
red open wazuh-alerts-4.x-2024.12.19 rP6B5U_WQ8qMMXSUPawzZg 3 0
green open wazuh-alerts-4.x-2024.12.20 boCag8l7StqK00bbN_SHMg 3 0 5701771 9448 1.6gb 1.6gb
green open wazuh-alerts-4.x-2024.12.21 HEvVGq7QR6-omNH5JUMVkA 3 0 22327471 13725 6.4gb 6.4gb
green open wazuh-alerts-4.x-2024.12.22 aj8wNAIqRiyq_pbEItKvIw 3 0 21239481 17816 6.4gb 6.4gb
green open wazuh-alerts-4.x-2024.12.23 vmBh_JgpQ6eGX-5NTd4fNA 3 0 23149340 8086 7.1gb 7.1gb
green open wazuh-alerts-4.x-2024.12.25 nFWxJaWEQvik4gIuguvi2w 3 0 24764807 5899 7.3gb 7.3gb
green open wazuh-alerts-4.x-2024.12.26 HyBUWCscRBeQlwHh6ByOYA 3 0 25680497 6522 7.6gb 7.6gb
red open wazuh-alerts-4.x-2024.12.27 qmqMMeWeRL6KCwv2BF1S1Q 3 0
green open wazuh-alerts-4.x-2024.12.28 9tfO7daiR-KMepKfLm6ZsA 3 0 2792723 1 983.2mb 983.2mb
red open wazuh-alerts-4.x-2024.12.29 4k_Pq487Q7qV_0O60E01oQ 1 0
green open wazuh-alerts-4.x-2024.12.30 QpZMnW5nSdqY4rl861cJjQ 1 0 91131 0 37.6mb 37.6mb
green open wazuh-alerts-4.x-2024.12.31 1RQuoUSERaavxAkCDi4X6Q 1 0 68000 0 27.1mb 27.1mb
green open wazuh-alerts-4.x-2025.01.01 _94f11S-SF-Jx-ZhPE0wZQ 1 0 59592 0 24.7mb 24.7mb
green open wazuh-alerts-4.x-2025.01.02 nOjHUoArR-i42bmXNcNy_w 1 0 59592 0 24.2mb 24.2mb
green open wazuh-alerts-4.x-2025.01.03 CfWcrnAhQHiNOEEXtZLmRg 1 0 2379974 3001 603.4mb 603.4mb
green open wazuh-alerts-4.x-2025.01.04 H0TkueiLTvuV8KxF3q2otA 3 0 2405911 4567 675.5mb 675.5mb
green open wazuh-alerts-4.x-2025.01.05 CknHd9VuTwKTuIZIFIGztA 1 0 24695013 6574 5.9gb 5.9gb
green open wazuh-alerts-4.x-2025.01.06 5pTzRnomR1CYG7bHA2e__A 3 0 19065534 3499 4.8gb 4.8gb
green open wazuh-alerts-4.x-2025.01.07 txNojgztSlyj-1LuOMREWw 3 0 8906558 2086 2gb 2gb
red open wazuh-alerts-4.x-2025.01.08 bVqyPmXxRY-Zis9zdVocuA 3 0
red open wazuh-alerts-4.x-2025.01.09 tUibKNSmQoKUpg6J7OMjcw 3 0
green open wazuh-alerts-4.x-2025.01.10 o0Jx8rbbRlGRXu9ojyglcA 3 0 1950404 5809 550.9mb 550.9m
green open wazuh-alerts-4.x-2025.01.11 grjlwsi9RiiAry40yN_NMg 3 0 7023211 5566 1.7gb 1.7gb
green open wazuh-alerts-4.x-2025.01.12 -c3-n-VOTqaBvD4z8CW-Mg 3 0 1604290 6895 517.9mb 517.9mb
green open wazuh-alerts-4.x-2025.01.14 _gmI3Sf4TmmzFGk0lB7m2Q 3 0 132718 135 33.4mb 33.4mb
green open wazuh-alerts-4.x-2025.01.15 43iRDLF0QRiYu4DJHwcSmg 3 0 8477049 3563 1.9gb 1.9gb
green open wazuh-monitoring-2025.1w wgtB2k37SBKr_S62p_TYHg 1 0 3471 0 908.1kb 908.1kb
green open wazuh-monitoring-2025.2w Y_11bq1URtWPEyXn112MIA 1 0 14774 0 2.9mb 2.9mb
green open wazuh-monitoring-2025.3w LWSY3ryER1iTvZu7ZD-GIA 1 0 2759 0 604.3kb 604.3kb
green open wazuh-monitoring-2025.4w NyQfqkGoTjCV9QBNeoVp6A 1 0 89 0 42.8kb 42.8kb
green open wazuh-statistics-2025.1w D9zsBr2RT-aA540ah1pqCg 1 0 240 0 308.2kb 308.2kb
green open wazuh-statistics-2025.2w JMkYYlvFSQSS-FCvotY9qg 1 0 1883 0 1.2mb 1.2mb
green open wazuh-statistics-2025.3w ZHL8Qbq9Q3mdfmS_0O418A 1 0 208 0 314.3kb 314.3kb
green open wazuh-statistics-2025.4w 8bAx1rcwRfiO5LAOfoSkzQ 1 0 6 0 60.1kb 60.1kb

output from wazuh-cluster

cat /var/log/wazuh-indexer/wazuh-indexer-cluster.log | grep -iE "crit|error}warn|fatal"
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
[2025-01-20T12:12:32,473][ERROR][o.o.t.n.s.SecureNetty4Transport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
[2025-01-20T12:12:32,476][WARN ][i.n.c.AbstractChannelHandlerContext] [node-1] An exception 'OpenSearchSecurityException[The provided TCP channel is invalid.]; nested: DecoderException[javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]; nested: SSLHandshakeException[Received fatal alert: bad_certificate];' [enable DEBUG level for full stacktrace] was thrown by a user handler's exceptionCaught() method while handling the following exception:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
[2025-01-20T13:28:56,405][ERROR][o.o.h.n.s.SecureNetty4HttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
[2025-01-20T13:28:59,792][ERROR][o.o.h.n.s.SecureNetty4HttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]

Nicolas Zapata

unread,

Jan 20, 2025, 6:01:47 PM1/20/25

to Wazuh | Mailing List

Hi Albert!

You have RED indices which indicates that they are corrupted. You can try a reroute to see if the problem is solved. If not, I would recommend that you delete those indexes if they are empty.

Albert Waweru

unread,

Jan 21, 2025, 6:35:31 AM1/21/25

to Wazuh | Mailing List

Hello Nicolas, i did delete the red indices and restarted the wazuh-manager and wazuh-indexer but i am still not able to view vulnerabilities in the dashboard

Nicolas Zapata

unread,

Jan 21, 2025, 3:48:30 PM1/21/25

to Wazuh | Mailing List

Hi albert!

Could you please run these commands again? Thanks

Albert Waweru

unread,

Jan 22, 2025, 2:28:16 AM1/22/25

to Wazuh | Mailing List

Hello Nicolas, please see the attached.

Albert Waweru

unread,

Jan 23, 2025, 11:57:16 PM1/23/25

to Wazuh | Mailing List

Hello there, can someone help me please with this issue

Albert Waweru

unread,

Jan 24, 2025, 1:33:13 AM1/24/25

to Wazuh | Mailing List

Update

I managed to fix it by matching the filebeat version to elasticsearch

Nicolas Zapata

unread,

Jan 27, 2025, 7:03:23 AM1/27/25

to Wazuh | Mailing List

I'm glad you were able to resolve the problem. Please don't hesitate to contact us if you need anything else.

Regards

Reply all

Reply to author

Forward