Help!! wazuh vulnerability module not reporting
81 views
Skip to first unread message
Stephany A
Mar 29, 2023, 10:15:01 AM3/29/23
to Wazuh mailing list
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO Starting new log after rotation.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:25:15.000 sca INFO Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/archives/2023/Mar/ossec-archive-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:38.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:40.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/alerts/2023/Mar/ossec-alerts-27.json.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous md5 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous sha1 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:24:43.000 wazuh-monitord INFO No previous sha256 checksum found: 'logs/firewall/2023/Mar/ossec-firewall-27.log.sum'. Starting over.
Mar 28, 2023 @ 06:25:15.000 sca INFO Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
Seyla Damaris Gomez
Mar 29, 2023, 3:57:00 PM3/29/23
to Wazuh mailing list
Hi Stephany,
First, check that you have the vulnerability scanner module enabled in Wazuh Manager with the configured provider.
Go to the file "/var/ossec/etc/ossec.conf". Set the tag value to yes for the Vulnerability Detector module and each operating system you want to scan.
Could you show me the section where you configure it, please?
To clarify, the shared log entries indicate that Wazuh is starting over with checksums for various log files and alerts. Additionally, the message "Assessment completed for policy /var/ossec/ruleset/sca/cis_ubuntu22-04.yml" suggests that a security compliance assessment has been completed.
This information helps to show that the system is working correctly and to identify possible security problems.
However, we need to see that the scan has started and the vulnerabilities are being reported successfully, so it would be better if you share the complete file with all the results that are in /var/ossec/logs/ossec.log.
Regards.
First, check that you have the vulnerability scanner module enabled in Wazuh Manager with the configured provider.
Go to the file "/var/ossec/etc/ossec.conf". Set the tag value to yes for the Vulnerability Detector module and each operating system you want to scan.
Could you show me the section where you configure it, please?
To clarify, the shared log entries indicate that Wazuh is starting over with checksums for various log files and alerts. Additionally, the message "Assessment completed for policy /var/ossec/ruleset/sca/cis_ubuntu22-04.yml" suggests that a security compliance assessment has been completed.
This information helps to show that the system is working correctly and to identify possible security problems.
However, we need to see that the scan has started and the vulnerabilities are being reported successfully, so it would be better if you share the complete file with all the results that are in /var/ossec/logs/ossec.log.
Regards.
Stephany A
Mar 29, 2023, 9:27:12 PM3/29/23
to Wazuh mailing list
Hello, yes, here I share the link where I followed step by step to configure the vulnerability module:
I also share the note of : /var/ossec/etc/ossec.conf /var/ossec/logs/ossec.log.
please and thank you
please and thank you
Reply all
Reply to author
Forward
0 new messages