Wazuh API often down.

446 views
Skip to first unread message

lid...@gmail.com

unread,
Jan 22, 2021, 1:03:54 AM1/22/21
to Wazuh mailing list
I found some error info in ossec.log , my wazuh manager version is 3.13

2021/01/22 00:00:35 wazuh-db: ERROR: Unable to update 'sys_processes' table for agent '1744'
2021/01/22 00:00:35 wazuh-db: ERROR: at wdb_process_insert(): sqlite3_step(): database or disk is full
2021/01/22 00:00:35 wazuh-db: ERROR: Unable to update 'sys_processes' table for agent '1777'
2021/01/22 00:00:35 wazuh-db: ERROR: at wdb_process_insert(): sqlite3_step(): database or disk is full

but my server disk is not full, what's the problem with the wazuh db? 
also I found my wazuh API can't be accessed,  APP can't connect to manager.
error info below:
 Some Wazuh daemons are not ready in node 'node01' (wazuh-modulesd->failed)  

only /var/ossec/bin/wazuh-db is alive, and manager log is still coming in.

Adrián Jesús Peña Rodríguez

unread,
Jan 25, 2021, 7:46:03 AM1/25/21
to Wazuh mailing list
Hi,

In this case the API does not seem to be working correctly because "wazuh-modulesd" has some error. The daemons needed for the Wazuh API to work are "wazuh-modulesd", "ossec-analysisd", "ossec-execd" and "wazuh-db". You can find more information here: https://github.com/wazuh/wazuh/blob/269cbed52f4f3f64def1005beeabd3103dbe3352/framework/wazuh/cluster/dapi/dapi.py#L111.

Since the disk is not full and the error does not give us much information, we can set both wazuh-db and wazuh-modulesd in debug mode. To do this you can follow the procedure described in our guide: https://documentation.wazuh.com/3.13/user-manual/reference/internal-options.html. We will set the debug mode of wazuh-modulesd and wazuh-db to level 2. After that, we will restart Wazuh and check the log again to see exactly what is happening. To find out more easily the errors we can check the log with the following command:

  • tail -n100 /var/ossec/logs/ossec.log | grep "wazuh-modulesd"
  • tail -n100 /var/ossec/logs/ossec.log | grep "wazuh-db"

I await your response so I can help you better, if you have any questions about the process, do not hesitate to ask.

Regards,
Adrián Peña

lid...@gmail.com

unread,
Jan 26, 2021, 1:35:54 AM1/26/21
to Wazuh mailing list
I had check some log files ,but not found any about the API is down, in recent days , the ossec.log is not intact when the API is down. not record the time API down.
Reply all
Reply to author
Forward
0 new messages