wazuh-apid did not start correctly | v4.3.4
986 views
Skip to first unread message
Atul Chadha
Jun 22, 2022, 6:04:25 AM6/22/22
to Wazuh mailing list
I am trying to add another node in wazuh cluster for different set of logs ( network devices based on syslog )
I have installed the version 4.3.4 and configured the filebeat as mentioned in the install guide.
I am not able to start the wazuh-manager and get the below error
Jun 22 09:06:32 somehostname env: Starting Wazuh v4.3.4...
Jun 22 09:06:44 somehostname env: wazuh-apid did not start correctly.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service: control process exited, code=exited status=1
Jun 22 09:06:44 somehostname systemd: Failed to start Wazuh manager.
Jun 22 09:06:44 somehostname systemd: Unit wazuh-manager.service entered failed state.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service failed.
Jun 22 09:06:44 somehostname env: wazuh-apid did not start correctly.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service: control process exited, code=exited status=1
Jun 22 09:06:44 somehostname systemd: Failed to start Wazuh manager.
Jun 22 09:06:44 somehostname systemd: Unit wazuh-manager.service entered failed state.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service failed.
I have double checked the "/usr/share/kibana/data/wazuh/config/wazuh.yml" file on kibana server and see the IP is mentioned there.
Expert Christian.bassey mentioned something about user in the above mentioned thread, i am assuming its the same as users in
wazuh.yml file on kibana.
Could someone help me debug this as i am out of ideas now
Could someone help me debug this as i am out of ideas now
Santiago David Vendramini
Jun 22, 2022, 12:58:17 PM6/22/22
to Wazuh mailing list
Hi! Thanks for using Wazuh! Can you send me the full log (/var/ossec/logs/ossec.log) when Wazuh tries to start with debug mode? Also, after trying to start wazuh, can you run "journal -xe" and "systemctl status wazuh-manager.service"? These commands can provide more information about the problem. The ossec.conf file was modified? I would appreciate if you send me this file too hiding personal information.
I await your response so I can help you.
Best regards.
I await your response so I can help you.
Best regards.
Santiago David Vendramini
Jun 22, 2022, 1:08:17 PM6/22/22
to Wazuh mailing list
Is this a new instalation? or an upgrade? It may also be necessary to verify the file api.log (/var/ossec/logs/api.log).
Regards
Regards
Atul Chadha
Jun 22, 2022, 10:11:31 PM6/22/22
to Wazuh mailing list
This was a fresh installation , trying to add this node in a cluster with other node.
systemctl log
Jun 23 01:58:17 somehostname systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Jun 23 01:58:18 somehostname env[3181]: 2022/06/23 01:58:18 wazuh-modulesd: WARNING: The 'hotfixes' option is only available on Windows systems. Ignoring it.
Jun 23 01:58:18 somehostname env[3181]: 2022/06/23 01:58:18 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
Jun 23 01:58:19 somehostname env[3181]: Starting Wazuh v4.3.4...
Jun 23 01:58:30 somehostname env[3181]: wazuh-apid did not start correctly.
Jun 23 01:58:30 somehostname systemd[1]: wazuh-manager.service: control process exited, code=exited status=1
Jun 23 01:58:30 somehostname systemd[1]: Failed to start Wazuh manager.
-- Subject: Unit wazuh-manager.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has failed.
--
-- The result is failed.
Jun 23 01:58:30 somehostname systemd[1]: Unit wazuh-manager.service entered failed state.
Jun 23 01:58:30 somehostname systemd[1]: wazuh-manager.service failed.
Jun 23 01:58:30 somehostname polkitd[636]: Unregistered Authentication Agent for unix-process:3175:6358633 (system bus name :1.324, object path /org/freedesktop/PolicyKit1/AuthenticationAgeJun 23 01:58:30 somehostname userxyz[3297]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 1
Jun 23 01:58:42 somehostname userxyz[3313]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:42 somehostname userxyz[3319]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:42 somehostname userxyz[3325]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:43 somehostname userxyz[3333]: root [3094]: |20220623|01:58:43|UTC|journal -xe 127
Jun 23 01:58:52 somehostname userxyz[3347]: root [3094]: |20220623|01:58:52|UTC|journalcl -xe 127
systemctl log
Jun 23 01:58:17 somehostname systemd[1]: Starting Wazuh manager...
-- Subject: Unit wazuh-manager.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has begun starting up.
Jun 23 01:58:18 somehostname env[3181]: 2022/06/23 01:58:18 wazuh-modulesd: WARNING: The 'hotfixes' option is only available on Windows systems. Ignoring it.
Jun 23 01:58:18 somehostname env[3181]: 2022/06/23 01:58:18 wazuh-modulesd: WARNING: The <ignore_time> tag at module 'vulnerability-detector' is deprecated for version newer than 4.3.
Jun 23 01:58:19 somehostname env[3181]: Starting Wazuh v4.3.4...
Jun 23 01:58:30 somehostname env[3181]: wazuh-apid did not start correctly.
Jun 23 01:58:30 somehostname systemd[1]: wazuh-manager.service: control process exited, code=exited status=1
Jun 23 01:58:30 somehostname systemd[1]: Failed to start Wazuh manager.
-- Subject: Unit wazuh-manager.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wazuh-manager.service has failed.
--
-- The result is failed.
Jun 23 01:58:30 somehostname systemd[1]: Unit wazuh-manager.service entered failed state.
Jun 23 01:58:30 somehostname systemd[1]: wazuh-manager.service failed.
Jun 23 01:58:30 somehostname polkitd[636]: Unregistered Authentication Agent for unix-process:3175:6358633 (system bus name :1.324, object path /org/freedesktop/PolicyKit1/AuthenticationAgeJun 23 01:58:30 somehostname userxyz[3297]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 1
Jun 23 01:58:42 somehostname userxyz[3313]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:42 somehostname userxyz[3319]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:42 somehostname userxyz[3325]: root [3094]: |20220623|01:58:17|UTC|systemctl restart wazuh-manager 130
Jun 23 01:58:43 somehostname userxyz[3333]: root [3094]: |20220623|01:58:43|UTC|journal -xe 127
Jun 23 01:58:52 somehostname userxyz[3347]: root [3094]: |20220623|01:58:52|UTC|journalcl -xe 127
API log
2022/06/22 07:17:47 INFO: wazuh-wui kibana "GET /agents" with parameters {"agents_list": "000"} and body {} done in 0.032s: 200
2022/06/22 07:17:47 INFO: wazuh-wui kibana "GET /cluster/status" with parameters {} and body {} done in 0.025s: 200
2022/06/22 07:17:48 INFO: wazuh-wui kibana "GET /security/users/me" with parameters {} and body {} done in 0.244s: 200
2022/06/22 07:17:48 INFO: wazuh-wui kibana "GET /cluster/local/info" with parameters {} and body {} done in 0.007s: 400
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /manager/info" with parameters {} and body {} done in 0.010s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /agents" with parameters {"agents_list": "000"} and body {} done in 0.012s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /cluster/status" with parameters {} and body {} done in 0.014s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /security/users/me" with parameters {} and body {} done in 0.120s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /cluster/local/info" with parameters {} and body {} done in 0.009s: 400
2022/06/22 07:17:47 INFO: wazuh-wui kibana "GET /cluster/status" with parameters {} and body {} done in 0.025s: 200
2022/06/22 07:17:48 INFO: wazuh-wui kibana "GET /security/users/me" with parameters {} and body {} done in 0.244s: 200
2022/06/22 07:17:48 INFO: wazuh-wui kibana "GET /cluster/local/info" with parameters {} and body {} done in 0.007s: 400
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /manager/info" with parameters {} and body {} done in 0.010s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /agents" with parameters {"agents_list": "000"} and body {} done in 0.012s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /cluster/status" with parameters {} and body {} done in 0.014s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /security/users/me" with parameters {} and body {} done in 0.120s: 200
2022/06/22 07:17:56 INFO: wazuh-wui kibana "GET /cluster/local/info" with parameters {} and body {} done in 0.009s: 400
Santiago David Vendramini
Jun 23, 2022, 10:53:18 AM6/23/22
to Wazuh mailing list
Taking advantage of the fact that it is a new installation, you could try to correctly uninstall all the components, and then installing again and trying to start the manager without any change in the configuration following this documentation: https://documentation.wazuh.com/current/installation-guide/index.html. If this comes out correctly, then I can help you to configure it in the way that you need it. I hope you tell me the results to move forward.
Best regards.
Best regards.
Atul Chadha
Jun 23, 2022, 10:39:13 PM6/23/22
to Wazuh mailing list
Will give it a shot and let you know how it went.
Atul Chadha
Jun 24, 2022, 12:06:28 AM6/24/22
to Wazuh mailing list
I guess this was case of "Did you tried restarting :)" Full reinstall seems to have fixed it!
Reply all
Reply to author
Forward
0 new messages