Error in the operation of all Wazuh components
102 views
Skip to first unread message
ShtrudelMan
Mar 28, 2024, 7:30:03 AM3/28/24
to Wazuh | Mailing List
Good afternoon! My name is Nikita!
Yesterday afternoon I was analyzing security events using my test environment to study the capabilities of Wazuh.
I currently have 50 end nodes connected to Wazuh with Wazuh Agent installed on them.
The current version of all components and agents = v.4.7.1
Server version with Wazuh components installed = Linux Debian 11.
Problem: Yesterday I was comparing the number of detected security events in the Wazuh Dashboard. I was comparing different results for different weeks throughout March 2024. At some point the system started reporting errors related to Wazuh API wait times exceeding 20,000ms. I did not pay attention to it and continued working, as the server is weak I have from 2010 with intel quad xeon 4 cores 12GB RAM and 500GB Memory (4 disks in RAID 10 mode).
But at some point the system began to produce more errors like:
then such errors:
Today for some reason the system stopped letting me under my system administrator credentials.
I changed the password during initial setup.
But today the system refuses to accept them:
And for some reason the system started accepting again the default password and login: admin:admin. And when I log in to the system and when I check: it gives a list of the following errors:
I need your help as I don't want to reinstall the whole system from scratch as I have information collected and analyzed since September 2023.
Yesterday afternoon I was analyzing security events using my test environment to study the capabilities of Wazuh.
I currently have 50 end nodes connected to Wazuh with Wazuh Agent installed on them.
The current version of all components and agents = v.4.7.1
Server version with Wazuh components installed = Linux Debian 11.
Problem: Yesterday I was comparing the number of detected security events in the Wazuh Dashboard. I was comparing different results for different weeks throughout March 2024. At some point the system started reporting errors related to Wazuh API wait times exceeding 20,000ms. I did not pay attention to it and continued working, as the server is weak I have from 2010 with intel quad xeon 4 cores 12GB RAM and 500GB Memory (4 disks in RAID 10 mode).
But at some point the system began to produce more errors like:
then such errors:
Today for some reason the system stopped letting me under my system administrator credentials.
I changed the password during initial setup.
But today the system refuses to accept them:
And for some reason the system started accepting again the default password and login: admin:admin. And when I log in to the system and when I check: it gives a list of the following errors:
I need your help as I don't want to reinstall the whole system from scratch as I have information collected and analyzed since September 2023.
Message has been deleted
ShtrudelMan
Mar 28, 2024, 10:17:48 AM3/28/24
to Wazuh | Mailing List
I'll supplement the information from the Linux Debian 11 event logs:
Path: tail -f /var/log/syslog.
Mar 28 17:13:44 Wazuh-Server opensearch-dashboards[887782]: {"type": "log","@timestamp": "2024-03-28T14:13:44Z", "tags":["error", "opensearch", "data"], "pid":887782, "message":"[ResponseError]: Response Error"}
These events are endless.
четверг, 28 марта 2024 г. в 14:30:03 UTC+3, ShtrudelMan:
Rafael Bailon Robles
Apr 1, 2024, 5:45:50 AM4/1/24
to Wazuh | Mailing List
Hello, thanks for using Wazuh! I have reviewed your case.
The error is a circuit_breaking_exception. Wazuh Indexer uses circuit breakers to prevent nodes from running out of JVM heap memory. To solve this issue, the most effective thing is to adjust the indexer. I leave you the documentation with the necessary information to do so. There are configuration adjustments that can be made:
- Memory locking
- Shards and replicas
It is possible that adjusting the memory will solve the problem but I recommend that you read the complete documentation and, if possible, also adjust the shards and replicas to avoid problems in the future.
I hope this helps you.
- Memory locking
- Shards and replicas
It is possible that adjusting the memory will solve the problem but I recommend that you read the complete documentation and, if possible, also adjust the shards and replicas to avoid problems in the future.
I hope this helps you.
ShtrudelMan
Apr 11, 2024, 7:00:48 AM4/11/24
to Wazuh | Mailing List
Good afternoon!
I fixed the problem by reinstalling the system completely. At the same time I solved the problem of overlaying old identical Wazuh agent names on new agents with identical names.
The cause of failures in work as it turned out erroneous actions of mine inside the catalog Wazuh. I accidentally deleted some of the Wazuh files.
I fixed the problem by reinstalling the system completely. At the same time I solved the problem of overlaying old identical Wazuh agent names on new agents with identical names.
The cause of failures in work as it turned out erroneous actions of mine inside the catalog Wazuh. I accidentally deleted some of the Wazuh files.
понедельник, 1 апреля 2024 г. в 12:45:50 UTC+3, Rafael Bailon Robles:
Reply all
Reply to author
Forward
0 new messages