Issue - Wazuh server backup restoration
41 views
Skip to first unread message
brijesh kumar
Oct 7, 2024, 12:17:56 PMOct 7
to Wazuh | Mailing List
Hi Team,
2024/10/07 13:22:24 wazuh-db: CRITICAL: Unable to bind to socket 'queue/db/wdb': 'Permission denied'. Closing local server.
However when i checked for the file in new server it is not there. Not in my backup config files as well.
So i tried again copy it from old server to new and I got the error like "No such file or directory". see below.
root@oldserver:/var/ossec/queue/db# scp -r var/ossec/queue/db/wdb us...@10.11.15.5:home/user/
us...@10.11.15.5's password:
var/ossec/queue/db/wdb: No such file or directory.
The version of old server is 4.8.1 and new is 4.8.2 - Any issues in that. attaching the logs for your review.
Please help.
I was trying to restore my current stage wazuh server to a new data center (3 server distributed installation method), I have followed below 2 docs and did the things. After restoring wazuh manager is not starting, rest all are up and running, Please have and look and help me to sort it out. Attaching the /var/ossec/logs/ossec.log FYR as well.
https://documentation.wazuh.com/4.8/migration-guide/files-backup/creating/wazuh-central-components.html
https://documentation.wazuh.com/4.8/migration-guide/files-backup/restoring/wazuh-central-components.html#multi-node-data-restoration
> error when starting wazuh manager
root@newserver:/# systemctl start wazuh-manager
Job for wazuh-manager.service failed because the control process exited with error code.
See "systemctl status wazuh-manager.service" and "journalctl -xeu wazuh-manager.service" for details.
> As per the logs, it seems there is a problem related to file permissions with queue/db/wdb.
https://documentation.wazuh.com/4.8/migration-guide/files-backup/creating/wazuh-central-components.html
https://documentation.wazuh.com/4.8/migration-guide/files-backup/restoring/wazuh-central-components.html#multi-node-data-restoration
> error when starting wazuh manager
root@newserver:/# systemctl start wazuh-manager
Job for wazuh-manager.service failed because the control process exited with error code.
See "systemctl status wazuh-manager.service" and "journalctl -xeu wazuh-manager.service" for details.
> As per the logs, it seems there is a problem related to file permissions with queue/db/wdb.
2024/10/07 13:22:24 wazuh-db: CRITICAL: Unable to bind to socket 'queue/db/wdb': 'Permission denied'. Closing local server.
However when i checked for the file in new server it is not there. Not in my backup config files as well.
So i tried again copy it from old server to new and I got the error like "No such file or directory". see below.
root@oldserver:/var/ossec/queue/db# scp -r var/ossec/queue/db/wdb us...@10.11.15.5:home/user/
us...@10.11.15.5's password:
var/ossec/queue/db/wdb: No such file or directory.
The version of old server is 4.8.1 and new is 4.8.2 - Any issues in that. attaching the logs for your review.
Please help.
brijesh kumar
Oct 7, 2024, 11:54:28 PMOct 7
to Wazuh | Mailing List
Hi Team,
Please help on below request.
Aishat Motunrayo Awujola
Oct 8, 2024, 4:08:51 AMOct 8
to Wazuh | Mailing List
Hello brijesh,
I spotted an issue with the command you tried using to copy from the old server, the file path on the new server is not properly stated
- Your command for copying scp -r var/ossec/queue/db/wdb us...@10.11.15.5:home/user/us...@10.11.15.5's password: may be giving you an error because of the file path you specified. Please copy from the old server again and this time ensure you specify correct file path on the new server starting /home/user/ and not home/user as this would return the same error.
- Please try this and provide updates.
Regards.
brijesh kumar
Oct 8, 2024, 7:10:50 AMOct 8
to Wazuh | Mailing List
The issue resolved. Thank you for the help.
The reason for server not starting was,
The /var/ossec/queue/db directory and files on this directory the owner is different:
wazuh in old server
root in the new server
After changing the user owner to wazuh in the new server for /var/ossec/queue/db directory and files, it worked.
The reason for server not starting was,
The /var/ossec/queue/db directory and files on this directory the owner is different:
wazuh in old server
root in the new server
After changing the user owner to wazuh in the new server for /var/ossec/queue/db directory and files, it worked.
Reply all
Reply to author
Forward
0 new messages