Vulnerability index not present after upgrade
78 views
Skip to first unread message
moosemaimer
Jan 21, 2025, 11:43:39 AM1/21/25
to Wazuh | Mailing List
I have an all-in-one server that's running 4.7.5 that I'm planning to upgrade to 4.10, so I spun up a VM to test the process: installed 4.7.5 fresh and went through the upgrade process. Currently everything seems to be working except for the vulnerability page, which looks like this:
root@wazuh-test:~# cat /var/ossec/logs/ossec.log | grep -Ei "vulnerability|indexer"
2025/01/21 15:54:19 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 15:54:19 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 15:54:19 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2025/01/21 15:54:59 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2025/01/21 15:55:00 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 15:58:06 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2025/01/21 15:58:41 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 15:58:42 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 15:58:42 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 16:01:26 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:01:48 wazuh-modulesd:vulnerability-scanner: ERROR: Error updating feed: [json.exception.out_of_range.401] array index 1 is out of range.
2025/01/21 16:02:32 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:07:57 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2025/01/21 16:07:57 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
2025/01/21 16:10:01 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:11:40 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2025/01/21 16:12:21 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 16:12:21 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 16:12:22 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 16:14:07 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:17:39 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2025/01/21 16:17:39 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
2025/01/21 15:54:19 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 15:54:19 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 15:54:19 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression.
2025/01/21 15:54:59 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished.
2025/01/21 15:55:00 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 15:58:06 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2025/01/21 15:58:41 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 15:58:42 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 15:58:42 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 16:01:26 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:01:48 wazuh-modulesd:vulnerability-scanner: ERROR: Error updating feed: [json.exception.out_of_range.401] array index 1 is out of range.
2025/01/21 16:02:32 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:07:57 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2025/01/21 16:07:57 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
2025/01/21 16:10:01 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:11:40 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2025/01/21 16:12:21 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2025/01/21 16:12:21 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-test', retrying until the connection is successful.
2025/01/21 16:12:22 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started.
2025/01/21 16:14:07 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process.
2025/01/21 16:17:39 wazuh-modulesd:vulnerability-scanner: INFO: Triggered a re-scan after content update.
2025/01/21 16:17:39 wazuh-modulesd:vulnerability-scanner: INFO: Feed update process completed.
root@wazuh-test:~# curl -X PUT "https://127.0.0.1:9200/wazuh-states-vulnerabilities-*/_mapping" -u admin:l*HCqnfLInG+94J2j+.*c5i1tSzpaz+t -k -H 'Content-Type: application/json' -d'
{
"properties": {
"vulnerability": {
"properties": {
"under_evaluation": {
"type": "boolean"
},
"scanner": {
"properties": {
"source": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
}
'
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index [wazuh-states-vulnerabilities-*]","index":"wazuh-states-vulnerabilities-*","resource.id":"wazuh-states-vulnerabilities-*","resource.type":"index_or_alias","index_uuid":"_na_"}],"type":"index_not_found_exception","reason":"no such index [wazuh-states-vulnerabilities-*]","index":"wazuh-states-vulnerabilities-*","resource.id":"wazuh-states-vulnerabilities-*","resource.type":"index_or_alias","index_uuid":"_na_"},"status":404}
{
"properties": {
"vulnerability": {
"properties": {
"under_evaluation": {
"type": "boolean"
},
"scanner": {
"properties": {
"source": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
}
'
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index [wazuh-states-vulnerabilities-*]","index":"wazuh-states-vulnerabilities-*","resource.id":"wazuh-states-vulnerabilities-*","resource.type":"index_or_alias","index_uuid":"_na_"}],"type":"index_not_found_exception","reason":"no such index [wazuh-states-vulnerabilities-*]","index":"wazuh-states-vulnerabilities-*","resource.id":"wazuh-states-vulnerabilities-*","resource.type":"index_or_alias","index_uuid":"_na_"},"status":404}
How do you tell the indexer to create that new index pattern after an upgrade?
Reply all
Reply to author
Forward
0 new messages