Wazuh Indexer node is not coming up

ekta dhussa

unread,

Aug 22, 2023, 1:06:06 AM8/22/23

to Wazuh mailing list

Error log:

Unregistered Authentication Agent for unix-process:12521:1440460 (system bus name :1.55, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Regards,

Ekta

Harshal Paliwal

unread,

Aug 22, 2023, 1:57:59 AM8/22/23

to Wazuh mailing list

Hi Ekta,

Thanks for using the Wazuh.

Can you please let us know which OS you are using for Wazuh-indexer. You can share the output of the below command.

uname -a

Also please check the error in /var/log/secure file.

You can restart your VM to troubleshot this error.

Reference:

https://serverfault.com/questions/949854/unregistered-authentication-agent-for-unix-process-when-i-restart-apache-each

I hope this helps. Let me know if you have any questions.
Regards

ekta dhussa

unread,

Aug 22, 2023, 1:43:25 PM8/22/23

to Wazuh mailing list

uname -a command output

Linux ip-1.2.3.4 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

AWS Instance

Aug 22 22:13:56 ip-10-53-0-6 polkitd[9921]: Loading rules from directory /etc/polkit-1/rules.d

Aug 22 22:13:56 ip-10-53-0-6 polkitd[9921]: Loading rules from directory /usr/share/polkit-1/rules.d

Aug 22 22:13:56 ip-10-53-0-6 polkitd[9921]: Finished loading, compiling and executing 2 rules

Aug 22 22:13:56 ip-10-53-0-6 polkitd[9921]: Acquired the name org.freedesktop.PolicyKit1 on the system bus

Aug 22 22:14:06 ip-10-53-0-6 polkitd[9921]: Registered Authentication Agent for unix-process:9943:2743346 (system bus name :1.12 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Aug 22 22:15:22 ip-10-53-0-6 polkitd[9921]: Unregistered Authentication Agent for unix-process:9943:2743346 (system bus name :1.12, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Aug 22 22:40:07 ip-10-53-0-6 polkitd[9921]: Registered Authentication Agent for unix-process:10426:2899375 (system bus name :1.13 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Aug 22 22:41:22 ip-10-53-0-6 polkitd[9921]: Unregistered Authentication Agent for unix-process:10426:2899375 (system bus name :1.13, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Aug 22 22:59:56 ip-10-53-0-6 polkitd[9921]: Registered Authentication Agent for unix-process:10887:3018261 (system bus name :1.15 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Aug 22 22:59:56 ip-10-53-0-6 polkitd[9921]: Unregistered Authentication Agent for unix-process:10887:3018261 (system bus name :1.15, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Aug 22 22:59:56 ip-10-53-0-6 polkitd[9921]: Registered Authentication Agent for unix-process:10919:3018268 (system bus name :1.16 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Aug 22 22:59:56 ip-10-53-0-6 polkitd[9921]: Unregistered Authentication Agent for unix-process:10919:3018268 (system bus name :1.16, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Aug 22 22:59:56 ip-10-53-0-6 polkitd[9921]: Registered Authentication Agent for unix-process:10951:3018329 (system bus name :1.17 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Aug 22 23:01:11 ip-10-53-0-6 polkitd[9921]: Unregistered Authentication Agent for unix-process:10951:3018329 (system bus name :1.17, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Aug 22 23:01:26 ip-10-53-0-6 crond[11086]: pam_systemd(crond:session): Failed to create session: Failed to activate service 'org.freedesktop.login1': timed out

~

That reference document url did not help.

Harshal Paliwal

unread,

Aug 22, 2023, 10:51:14 PM8/22/23

to Wazuh mailing list

Hi Ekta,

Can you please share the Wazuh indexer logs from here: /var/log/wazuh-indexer/wazuh-cluster.log

Also, please share your Wazuh servers memory and disk space also?

Looking for your response soon!

ekta dhussa

unread,

Aug 23, 2023, 2:31:15 AM8/23/23

to Wazuh mailing list

Logs from /var/log/wazuh-indexer/wazuh-cluster.log

[2023-08-21T14:36:40,764][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T14:39:47,474][INFO ][o.o.a.t.CronTransportAction] [es-1] Start running AD hourly cron.

[2023-08-21T14:39:47,474][INFO ][o.o.a.t.ADTaskManager ] [es-1] Start to maintain running historical tasks

[2023-08-21T14:41:40,764][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T14:46:40,765][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T14:51:40,765][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T14:56:40,765][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:01:40,766][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:06:40,766][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:11:40,767][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:16:40,767][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:21:40,767][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:26:40,768][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:31:40,768][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:36:40,769][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:39:47,473][INFO ][o.o.a.t.CronTransportAction] [es-1] Start running AD hourly cron.

[2023-08-21T15:39:47,473][INFO ][o.o.a.t.ADTaskManager ] [es-1] Start to maintain running historical tasks

[2023-08-21T15:41:40,769][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:46:40,769][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:51:40,770][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T15:56:40,770][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:01:40,771][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:06:40,771][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:11:40,771][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:16:40,772][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:21:40,772][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:26:40,773][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:31:40,773][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:36:40,773][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:39:47,475][INFO ][o.o.a.t.CronTransportAction] [es-1] Start running AD hourly cron.

[2023-08-21T16:39:47,475][INFO ][o.o.a.t.ADTaskManager ] [es-1] Start to maintain running historical tasks

[2023-08-21T16:41:40,774][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:46:40,774][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:51:40,775][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T16:56:40,775][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:01:40,775][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:06:40,776][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:11:40,776][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:16:40,777][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:21:40,777][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:26:40,778][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:31:40,778][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:36:40,778][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:39:47,476][INFO ][o.o.a.t.CronTransportAction] [es-1] Start running AD hourly cron.

[2023-08-21T17:39:47,476][INFO ][o.o.a.t.ADTaskManager ] [es-1] Start to maintain running historical tasks

[2023-08-21T17:41:40,779][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:46:40,779][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:51:40,780][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T17:56:40,780][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T18:01:40,780][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T18:06:40,781][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T18:11:40,781][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T18:16:40,782][INFO ][o.o.j.s.JobSweeper ] [es-1] Running full sweep

[2023-08-21T18:20:31,082][INFO ][o.o.s.a.r.AuditMessageRouter] [es-1] Closing AuditMessageRouter

[2023-08-21T18:20:31,082][INFO ][o.o.n.Node ] [es-1] stopping ...

[2023-08-21T18:20:31,082][INFO ][o.o.s.a.s.SinkProvider ] [es-1] Closing DebugSink

[2023-08-21T18:20:31,089][INFO ][o.o.c.c.Coordinator ] [es-1] master node [{es-2}{0QwC3_mnS2OylO7ebSTLJw}{D4X1Gf1RSWKp0nG44oWkQQ}{10.53.0.11}{10.53.0.11:9300}{dimr}{shard_indexing_pressure_enabled=true}] failed, restarting discovery

org.opensearch.transport.NodeDisconnectedException: [es-2][10.53.0.11:9300][disconnected] disconnected

[2023-08-21T18:20:31,352][INFO ][o.o.n.Node ] [es-1] stopped

[2023-08-21T18:20:31,352][INFO ][o.o.n.Node ] [es-1] closing ...

[2023-08-21T18:20:31,363][INFO ][o.o.s.a.i.AuditLogImpl ] [es-1] Closing AuditLogImpl

[2023-08-21T18:20:31,366][INFO ][o.o.n.Node ] [es-1] closed

~

Disk : 800gb

Memory : 15gb

Reply all

Reply to author

Forward