Hi,
2. I do restarting but still forbidden, but the data from the server use wazuh agent still receive when I check in Discover menu
3. I think I can't find the 403 in the api.log :
2024/07/02 00:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.020s: 200
2024/07/02 00:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 00:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 00:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.002s: 401
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.787s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.535s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.053s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.031s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.031s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.022s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.020s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.018s: 200
2024/07/02 00:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 00:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.012s: 200
2024/07/02 00:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 00:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.014s: 200
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.004s: 401
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.003s: 401
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.004s: 401
2024/07/02 00:45:00 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.755s: 200
2024/07/02 00:45:00 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.760s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.407s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.181s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.016s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.088s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.013s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.013s: 200
2024/07/02 00:50:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.036s: 200
2024/07/02 00:50:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.023s: 200
2024/07/02 00:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.027s: 200
2024/07/02 00:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.014s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.042s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.032s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.018s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.016s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.017s: 200
2024/07/02 01:05:01 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 01:05:01 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.010s: 401
2024/07/02 01:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.960s: 200
2024/07/02 01:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.686s: 200
2024/07/02 01:05:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.055s: 200
2024/07/02 01:05:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.015s: 200
2024/07/02 01:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.024s: 200
2024/07/02 01:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.016s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.030s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.022s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.019s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.029s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.029s: 200
2024/07/02 01:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.039s: 200
2024/07/02 01:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.030s: 200
2024/07/02 01:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.006s: 401
2024/07/02 01:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.007s: 401
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.773s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.557s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.089s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.027s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.032s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.037s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.026s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.019s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.022s: 200
2024/07/02 01:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.033s: 200
2024/07/02 01:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.017s: 200
2024/07/02 01:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.020s: 200
2024/07/02 01:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.012s: 200
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.004s: 401
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.004s: 401
2024/07/02 01:45:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 1.140s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 1.303s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.841s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.249s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.167s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.042s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.024s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.033s: 200
2024/07/02 01:50:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.049s: 200
2024/07/02 01:50:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.028s: 200
2024/07/02 01:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 01:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.098s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.081s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.060s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.043s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.015s: 200
2024/07/02 02:05:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.002s: 401
2024/07/02 02:05:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.002s: 401
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.764s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.554s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.073s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.028s: 200
2024/07/02 02:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.050s: 200
2024/07/02 02:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.030s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.028s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.027s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.020s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.016s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.018s: 200
4. I think this is warn from my virustotal api to connect the wazuh and it can't help for the issue