There are no results for selected time range
118 views
Skip to first unread message
Gerald Bartley
Nov 23, 2021, 5:53:22 PM11/23/21
to Wazuh mailing list
Hi Everyone
Just finished wazuh and it looked like everything completed successfully. I finished updating the agents and I just seemed like I was not getting any data. Although the alerts were still sending but when I looked in to the security events dashboard there is no information. I have read through a few different articles and found that under Settings -> miscellaneous and then ran the health check. I did this and there were two areas that need fixing. Please advise how I can fix the highlighted areas below. Ilook forward to your response.
meta fields setting
INFO: Getting settings...
INFO: Check Kibana setting [metaFields]: ["_source","_id","_type","_index","_score"]
INFO: App setting [metaFields]: ["_source","_index"]
INFO: Settings mismatch [metaFields]: yes
INFO: Updating [metaFields] setting...
ACTION: Updated [metaFields] setting to: ["_source","_index"]
alerts index pattern
INFO: Index pattern id in cookie: yes [wazuh-alerts-*]
INFO: Getting list of valid index patterns...
INFO: Valid index patterns found: 1
INFO: Found default index pattern with title [wazuh-alerts-*]: yes
INFO: Checking the app default pattern exists: id [wazuh-alerts-*]...
INFO: Default pattern with id [wazuh-alerts-*] exists: yes
ACTION: Default pattern id [wazuh-alerts-*] set as default index pattern
INFO: Checking the index pattern id [wazuh-alerts-*] exists...
INFO: Index pattern id exists [wazuh-alerts-*]: yes
INFO: Index pattern id in cookie: yes [wazuh-alerts-*]
INFO: Checking if the index pattern id [wazuh-alerts-*] exists...
INFO: Index pattern id [wazuh-alerts-*] found: yes title [wazuh-alerts-*]
INFO: Checking if exists a template compatible with the index pattern title [wazuh-alerts-*]
INFO: Template found for the selected index-pattern title [wazuh-alerts-*]: yes
INFO: Index pattern id in cookie: [wazuh-alerts-*]
INFO: Getting index pattern data [wazuh-alerts-*]...
INFO: Index pattern data found: [yes]
INFO: Refreshing index pattern fields: title [wazuh-alerts-*], id [wazuh-alerts-*]...
ACTION: Refreshed index pattern fields: title [wazuh-alerts-*], id [wazuh-alerts-*]
jeremias...@wazuh.com
Nov 23, 2021, 6:46:40 PM11/23/21
to Wazuh mailing list
Hello Gerald.
Thank you for using Wazuh!
Could you tell me which Wazuh version have you installed? Previously you got an older version and you were able to see this information, right? Which Wazuh version was?
On the other hand, we should check on the logs to see if there is any problem, could you run
cat /var/log/elasticsearch/<CLUSTER_NAME>.log | grep -i "error|warn"
and
filebeat test output
and share the output?
When you say that the alerts are still coming: Are you able to see new alerts in /logs/alerts/alerts.log?
With this information, we can investigate what could be the reason for the problem.
Best regards.
Gerald Bartley
Nov 24, 2021, 4:07:02 PM11/24/21
to Wazuh mailing list
Hi Jeremias
Thanks for assistng me. I am using version 4.2.5 and my previous version was 4.2.3 I do belive. I have just recently discovered Wazuh in the past year so this has been a learning curve.
results of the cat /var/log......
root@syslog:/var/log/elasticsearch# cat /var/log/elasticsearch/wazuh-cluster.log | grep -i "error|warn"
root@syslog:/var/log/elasticsearch# cat /var/log/elasticsearch/wazuh-cluster_deprication.log | grep -i "error|warn"
cat: /var/log/elasticsearch/wazuh-cluster_deprication.log: No such file or directory
root@syslog:/var/log/elasticsearch# cat /var/log/elasticsearch/wazuh-cluster_deprecation.log | grep -i "error|warn"
root@syslog:/var/log/elasticsearch# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
As for the alerts I am still getting emails from wazuh notification and when I look at /logs/alerts/alerts.log there are still alerts that are coming in.
I look forward to your response!
Gerald
jeremias...@wazuh.com
Nov 25, 2021, 10:15:37 AM11/25/21
to Wazuh mailing list
Hello Gerald,
From the commands output that you shared it doesn´t seem to be any problem.
Can you check and share the following?:
- Verify that filebeat is actualy reading the alerts with:
lsof /var/ossec/logs/alerts/alerts.json
From the commands output that you shared it doesn´t seem to be any problem.
Can you check and share the following?:
- Verify that filebeat is actualy reading the alerts with:
lsof /var/ossec/logs/alerts/alerts.json
- Check that the Elasticsearch service is working properly:
systemctl status elasticsearch
- Check the Elasticsearch log for any errors or warnings:
egrep -i "error|warn" /var/log/elasticsearch/elasticsearch.log
- The status of Elasticsearch with the command:
curl <elasticsearch_node_ip>:9200/_cluster/health?pretty
You should receive something like:
You should receive something like:
"cluster_name" : "my-cluster",
"status" : "green",
"timed_out" : "false",
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 21,
"active_shards" : 21,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0.
- Check if you have current wazuh-alerts indexes:
curl <elasticsearch_node_ip>:9200/_cat/indices/wazuh-alerts-4.x-*
- Check the last Kibana logs:
journalctl -u kibana
I expect to find any error on this information that can tell us which could be the problem.
Best regards.
- Check the last Kibana logs:
journalctl -u kibana
I expect to find any error on this information that can tell us which could be the problem.
Best regards.
Gerald Bartley
Nov 25, 2021, 4:52:37 PM11/25/21
to Wazuh mailing list
Hello Jeremias
I have complete the tests as requested and here are the results. The last one with the Kibana logs, I did not post them here because there is to many but just let you know there are logs that are as current as the time I am writing this.
I appreciate your assistance with this!!
Gerald
Gerald
--------------results -----------------
root@syslog:/var/ossec/logs/alerts# lsof /var/ossec/logs/alerts/alerts.json
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
filebeat 1119 root 8r REG 8,2 15966862 656419 /var/ossec/logs/alerts/alerts.json
wazuh-ana 2217 ossec 12w REG 8,2 15966862 656419 /var/ossec/logs/alerts/alerts.json
root@syslog:/var/ossec/logs/alerts#
----------------------------------------
root@syslog:/var/ossec/logs/alerts# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-11-20 20:21:15 UTC; 5 days ago
Docs: https://www.elastic.co
Main PID: 1304 (java)
Tasks: 199 (limit: 9830)
CGroup: /system.slice/elasticsearch.service
└─1304 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.hea
Nov 20 20:20:02 syslog systemd[1]: Starting Elasticsearch...
Nov 20 20:21:15 syslog systemd[1]: Started Elasticsearch.
root@syslog:/var/ossec/logs/alerts#
-------------------------------------------
root@syslog:/var/ossec/logs/alerts# egrep -i "error|warn" /var/log/elasticsearch/elasticsearch.log
grep: /var/log/elasticsearch/elasticsearch.log: No such file or directory
root@syslog:/var/ossec/logs/alerts#
-------------------------------------------
root@syslog:/var/ossec/logs/alerts# curl 127.0.0.1:9200/_cluster/health?pretty
curl: (52) Empty reply from server
root@syslog:/var/ossec/logs/alerts#
--------------------------------------------
root@syslog:/var/ossec/logs/alerts# curl 127.0.0.1:9200/_cat/indices/wazuh-alerts-4.x-*
curl: (52) Empty reply from server
jeremias...@wazuh.com
Nov 29, 2021, 10:03:44 AM11/29/21
to Wazuh mailing list
Hello Gerald,
In your previous test we weren´t able to get the curl output due to user permission.
Could you re-run the curl commands with the following format:
- curl -XGET -u wazuh:mypassword -k https://localhost:9200/_cluster/health?pretty=true
Could you re-run the curl commands with the following format:
- curl -XGET -u wazuh:mypassword -k https://localhost:9200/_cluster/health?pretty=true
- curl -XGET -u wazuh:mypassword -k https://localhost:9200/_cat/indices/wazuh-alerts-4.x-* ?pretty=true
Note: By default, the password is wazuh
Let´s see if we can identify the problem with this information.
Best regards.
Best regards.
Gerald Bartley
Nov 30, 2021, 7:22:50 PM11/30/21
to Wazuh mailing list
Hello Jeremias
Ok now I have some results.
---------------------------------------------------------------------
00/_cluster/health?pretty=true
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 864,
"active_shards" : 864,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 136,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 86.4
}
green open wazuh-alerts-4.x-2021.11.01 lgy3xz4SSyuzyIkmOX7NLg 3 0 3326 0 1 2mb 12mb
green open wazuh-alerts-4.x-2021.11.02 m7Qb6uCCSu--JJ5HmNQWxg 3 0 4106 0 10. 2mb 10.2mb
green open wazuh-alerts-4.x-2021.07.20 MXLH23UyTtyznuoc8UzEaw 3 0 3171156 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.11.03 91U-Ca-2R7SNOuWaPMZZpw 3 0 4637 0 10. 7mb 10.7mb
green open wazuh-alerts-4.x-2021.11.04 L1BCgQJyQ9S9nt2Pw3fDVw 3 0 8066 0 21. 9mb 21.9mb
green open wazuh-alerts-4.x-2021.11.05 VEmA5PX9QtuaMcHOnzTNZg 3 0 4069 0 12. 2mb 12.2mb
green open wazuh-alerts-4.x-2021.11.06 1RoFQqSDT825xgumbBkTaA 3 0 4404 0 10. 6mb 10.6mb
green open wazuh-alerts-4.x-2021.11.07 i1jicIhWS--nQplX1oNezQ 3 0 2633 0 9. 1mb 9.1mb
green open wazuh-alerts-4.x-2021.10.30 i5s7lBtoRIqLfFvWt0oNVw 3 0 4648 0 12. 6mb 12.6mb
green open wazuh-alerts-4.x-2021.10.31 2QnkA-LZT16TzEFd6MwJdQ 3 0 2441 0 12. 3mb 12.3mb
green open wazuh-alerts-4.x-2021.07.29 wid6OB8kTOmWI8FhK4RT7g 3 0 3545868 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.10.29 KV47KSLsQvWGFwHp9UTGwA 3 0 5298 0 14. 3mb 14.3mb
green open wazuh-alerts-4.x-2021.07.26 nw-t7fmDQJ6-0w2h1h66cA 3 0 1770160 0 2gb 2gb
green open wazuh-alerts-4.x-2021.07.25 2nAgwgyXQPeVFCQmG2JJ8w 3 0 1596184 0 2gb 2gb
green open wazuh-alerts-4.x-2021.07.28 v2GTtDU3QzuO43NjC2oHLg 3 0 4043820 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.07.27 Oy-OZqbZRzC7U8D0OLyAKA 3 0 3750625 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.07.22 _6rSIYC-Rhqfw0bH-SPrZw 3 0 3617871 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.07.21 ZiR-DoFfQ4qs8hXF_i6cfA 3 0 3481890 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.07.24 -N6EazV_TKKMBi-MMvHnnQ 3 0 2429334 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.07.23 N1kOoPNyQs22DpwmQKd1pw 3 0 4425837 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.10.21 6zVOfncdR5iUsZ05utNLUQ 3 0 7396 0 57. 2mb 57.2mb
green open wazuh-alerts-4.x-2021.10.22 LRBae_phTX-EXwFngIgjhw 3 0 2968 0 9. 8mb 9.8mb
green open wazuh-alerts-4.x-2021.09.30 EPxAsiy2TKO_mRYmSlM_RQ 3 0 1612732 0 2gb 2gb
green open wazuh-alerts-4.x-2021.10.23 Y66sP-JSQ0uysP0lNkfZMA 3 0 7054 0 13. 3mb 13.3mb
green open wazuh-alerts-4.x-2021.10.24 Zhl7YkpLT06_7Vz8EHAajA 3 0 1731 0 7. 5mb 7.5mb
green open wazuh-alerts-4.x-2021.10.25 zmXr7B8qQvSTkn748KqaAQ 3 0 2186 0 8. 2mb 8.2mb
green open wazuh-alerts-4.x-2021.10.26 H7nSkJ9dSPaJrB7sRKjn9g 3 0 4869 0 11. 3mb 11.3mb
green open wazuh-alerts-4.x-2021.10.27 wAJe5qyVQuCj87T4eNuuRw 3 0 4683 0 36. 3mb 36.3mb
green open wazuh-alerts-4.x-2021.10.28 nqo4eLHHSDeRy20iFNSXLw 3 0 4390 0 1 3mb 13mb
green open wazuh-alerts-4.x-2021.10.20 avRPjAbsR-CYycg5l3vLcQ 3 0 2167 0 10. 5mb 10.5mb
green open wazuh-alerts-4.x-2021.07.19 _avO5CKuSOWQD51VYj-N0Q 3 0 1449310 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.18 PFrfI0VzRTuNPA_UawZ5sA 3 0 1460268 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.15 XvZgcQkIRT-Gto01NiUvnA 3 0 2193706 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.10.18 9PmfzDTNRd21w3VrtnV5rg 3 0 1123 0 2. 4mb 2.4mb
green open wazuh-alerts-4.x-2021.10.19 oPLdL81jQE6eB6i1n1kEhg 3 0 2689 0 3. 9mb 3.9mb
green open wazuh-alerts-4.x-2021.07.14 8iJINCcVS5i9mpT6p60kUw 3 0 2049084 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.07.17 LzHN5asNRd6eF98VlvRa4w 3 0 1744630 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.07.16 2jRqKrU9ScmL_MeyoN1qCw 3 0 2530561 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.07.11 OVDtMwcrQHqQnju9VbdmXQ 3 0 1396009 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.10 oxWS0aWPQ3-cYrfTS2lzDw 3 0 1642100 0 2gb 2gb
green open wazuh-alerts-4.x-2021.07.13 jw3BooRaQamw0g-JFHBY8A 3 0 1672927 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.12 61h9RwmzR_aM2nPiH1WzfA 3 0 1241226 0 1. 7gb 1.7gb
green open wazuh-alerts-4.x-2021.10.10 e7ofRCHfQeWXxeeGRhQJjA 3 0 629372 0 841. 5mb 841.5mb
green open wazuh-alerts-4.x-2021.09.21 yxcpsxffQ6aUWxGrNuRXAg 3 0 4524908 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.09.22 QWKubjUySNmNkx5bcnHu3g 3 0 4794679 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.10.11 qIo0I5AbS7mW-5McU8VobQ 3 0 630148 0 844. 2mb 844.2mb
green open wazuh-alerts-4.x-2021.10.12 oubFDmj_SzeLVWJlRn_8nA 3 0 1703041 0 1. 6gb 1.6gb
green open wazuh-alerts-4.x-2021.09.20 rzE30BjsTD6NOeamjfWZBw 3 0 762173 0 931. 5mb 931.5mb
green open wazuh-alerts-4.x-2021.10.13 q0hkS5hXRz28PqVVpDgpwg 3 0 4260099 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.06.30 dSglaZa9SceKl-4GdUV8_A 3 0 1793566 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.10.14 b08m9ZZQRBaMwNmKmvcI-g 3 0 3529421 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.10.15 JqRKKOwAQ4WaJITzDrGeuw 3 0 4698 0 9. 9mb 9.9mb
green open wazuh-alerts-4.x-2021.10.16 XgqfP_r2QXa0fu5jb9Keqw 3 0 2492 0 6. 6mb 6.6mb
green open wazuh-alerts-4.x-2021.10.17 xgja6oEwQyOrMlLJdJ6VOQ 3 0 1263 0 5mb 5mb
green open wazuh-alerts-4.x-2021.07.08 EEE9vuQrSTGfTiIP4ZnC-Q 3 0 1973501 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.07.07 dqHfumKyREuMX2AL5gTuLA 3 0 1962330 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.07.09 B8draRp7SUmsX9Jlu6vTsQ 3 0 2075294 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.10.07 -5e8jwtXRKephIPt6vcpLQ 3 0 1539468 0 1. 1gb 1.1gb
green open wazuh-alerts-4.x-2021.07.04 3BuR5svJRqGHKm4Q_5v3vg 3 0 1357803 0 1. 8gb 1.8gb
green open wazuh-alerts-4.x-2021.09.29 LBLfLAIfS--xNcFXp_OfSQ 3 0 3667900 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.10.08 J5tOpgijSmWiE9uK0BL0ZQ 3 0 1126355 0 1gb 1gb
green open wazuh-alerts-4.x-2021.07.03 ssmvHYJNQyqV1Gi7HDaSkw 3 0 1726372 0 2gb 2gb
green open wazuh-alerts-4.x-2021.10.09 scUxdPl-Raej6cqmfUWUkA 3 0 629453 0 821. 7mb 821.7mb
green open wazuh-alerts-4.x-2021.09.27 N4Hv9-4kSBSGemJcVE31eg 3 0 1584480 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.06 ZG_6sm84QoS0PdBqeKidEg 3 0 1931113 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.07.05 Hjo8FpotTpaRi-4QLtBpWw 3 0 1334859 0 1. 8gb 1.8gb
green open wazuh-alerts-4.x-2021.09.28 WB5HuBMRT3-tN_T-ndArog 3 0 4421332 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.09.25 v-UGqwPkR5S6iqBCWGeR2g 3 0 2611303 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.09.26 dSVsRfPuRgukW_A8HZFYYg 3 0 1473505 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.09.23 dGZgbc9mSYm9LTmc08wJfg 3 0 4437822 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.07.02 rP1jpX9pRmGL2USeZStxTg 3 0 1675758 0 2gb 2gb
green open wazuh-alerts-4.x-2021.09.24 _M58tGDWQ_GqNnlj4jNbYw 3 0 3892596 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.07.01 Rv4RPQs1Roapi9sDqGaqvA 3 0 1376222 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.09.10 SdJQer5UR-6HFCKgRB18IQ 3 0 3955223 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.09.11 iYY3N8L2SeWdUUnFGoot3w 3 0 2788565 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.10.01 daE4tE1nTnupONLh-4OCZA 3 0 3478441 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.10.02 e2XUgXFcTrGmeG_og4s2ZA 3 0 2604665 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.10.03 LKxZV0isRw-mgOZMypNfAA 3 0 1545060 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.10.04 SLS69XMnQB-DArM-Yfrigw 3 0 1796031 0 2gb 2gb
green open wazuh-alerts-4.x-2021.10.05 1ScptgGxS2S9YAswfKZvew 3 0 4501589 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.10.06 73x1I6b0S1OavddkXke3mA 3 0 3992438 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.06.28 fAKRFZZTSgKIoaeD4cRKJg 3 0 1482985 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.06.29 -sKFhwnKTZq_LZ_IWdxqdQ 3 0 1720888 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.09.18 D8-2s8a9RJ2NUyvqYFDz_g 3 0 2953594 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.06.24 l8RCVomuSyO8xAS8jLBBFA 3 0 112467 0 165. 5mb 165.5mb
green open wazuh-alerts-4.x-2021.06.25 HStvDKaDRMaYWbGvT0zXlg 3 0 944009 0 1. 3gb 1.3gb
green open wazuh-alerts-4.x-2021.09.19 cLDKHC2ITSeJXfhygN08vA 3 0 1368855 0 1. 8gb 1.8gb
green open wazuh-alerts-4.x-2021.06.26 JOwHD77kTMywP4jU7zGMmg 3 0 1491039 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.16 R0j89IipQKiIXrQVpJ7u_Q 3 0 4208510 0 2. 9gb 2.9gb
green open wazuh-alerts-4.x-2021.09.17 GM7x7vx3RAu7j_5EUxA0Yw 3 0 4058500 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.06.27 12ZFgGVuQG-7JzUQQDxpLQ 3 0 1487006 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.14 lgyggraIRC2u3lQUutgszA 3 0 4050858 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.09.15 A8OlBMvRTW6huLfrHEFGfw 3 0 4349439 0 2. 9gb 2.9gb
green open wazuh-alerts-4.x-2021.09.12 -OoCIG6wQIC_oH2a24jK0Q 3 0 1671573 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.13 3GsmhNLDS0iWLSIqX9m3vg 3 0 1760887 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.08.30 Fwz1-LD5QveSXiqsDIptwA 3 0 1713865 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.08.31 C1GbFLwvR56QEnS5ktDVOQ 3 0 3366391 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.09.09 q5uKJgnnRXC4gimJUCTvwg 3 0 3870537 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.09.07 4j6-6dWUR42QIW4uKZh-TQ 3 0 3728908 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.09.08 2r6jMAEgT0yOkxvZyYq1sQ 3 0 3830371 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.09.05 5wg9omh8QDG11hC00m-9-g 3 0 1681755 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.06 JnB0YWbWQJ66x-iGn-_e9w 3 0 1673558 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.03 77yus-MlTASHyPeIJ6Szfg 3 0 3499142 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.09.04 tnWRr4YiT6G2ZetJRRWkFA 3 0 1688998 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.09.01 lIlsZYmDR9eGhX_WW2e-oQ 3 0 3308741 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.09.02 zLRlQV8HR_K80BqUt4tAWg 3 0 3428954 0 2. 7gb 2.7gb
green open wazuh-alerts-4.x-2021.08.21 oXBlvRLdQDK6jD-IPFd9jA 3 0 2507663 0 2. 4gb 2.4gb
green open wazuh-alerts-4.x-2021.08.20 DQGL5l-cQqepBWAFgHvFVg 3 0 3072349 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.08.27 CncZrNGqT_SAE_Uyvti9Yg 3 0 5288865 0 3. 2gb 3.2gb
green open wazuh-alerts-4.x-2021.08.26 HLAOD463TDynPvKHipSE3A 3 0 4440001 0 3gb 3gb
green open wazuh-alerts-4.x-2021.08.29 iw9mFInbRsqI5-nAfHHcpg 3 0 1705202 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.08.28 9N-YTuCOSUahf0vuhxmgeQ 3 0 3108309 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.08.23 QyP5JlwVRSKqyNJvATzFtA 3 0 1810753 0 2. 2gb 2.2gb
green open wazuh-alerts-4.x-2021.08.22 0TnSkM65SEyCMsolvjX3lw 3 0 1769857 0 2. 1gb 2.1gb
green open wazuh-alerts-4.x-2021.08.25 v9mLPZG-TDq9ZHzlJ5rSKA 3 0 4223705 0 2. 9gb 2.9gb
green open wazuh-alerts-4.x-2021.08.24 pftH437oTjGMu0HAYCgY0A 3 0 3581910 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.08.10 4cTkSTqVQXK03pA_WQwAdQ 3 0 3596068 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.08.19 7hQ3WGrqSFi1FmQzDcxTiw 3 0 2979544 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.08.16 xOwmsDopROOFWM3JZ5_nSw 3 0 1624174 0 2gb 2gb
green open wazuh-alerts-4.x-2021.08.15 K07YhkFMQsqWWyH3EBZs3g 3 0 1752671 0 2gb 2gb
green open wazuh-alerts-4.x-2021.08.18 _YvbaE4TSbypFb37zjKAPA 3 0 3547514 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.08.17 hjtvPR9rTd-YFDlhxJzXcA 3 0 2845151 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.08.12 Pj3l-n4yQOy0ioPi4h5x1Q 3 0 3642049 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.08.11 q7y8YWoMTzCHpcT5vJyNpg 3 0 4163601 0 2. 8gb 2.8gb
green open wazuh-alerts-4.x-2021.08.14 ggeIvtHjQOqTEMoUZJgT1g 3 0 2575443 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.08.13 Jj3wVDE2SAqikqK9qjtOeA 3 0 3703783 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.07.31 MI1L17foQpqd7q86oEiIOQ 3 0 1617749 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.07.30 EyMx8y1UTtS40TiGtTxzMw 3 0 3583401 0 2. 6gb 2.6gb
green open wazuh-alerts-4.x-2021.08.09 SXiZmdDeS5mFvIDMIutiMA 3 0 1514232 0 2gb 2gb
green open wazuh-alerts-4.x-2021.08.08 pmZE8srzTNmQ40_GY-eXXg 3 0 1524355 0 2gb 2gb
green open wazuh-alerts-4.x-2021.08.05 cGHWA8I9SgupPQD7rpOPWA 3 0 2792491 0 2. 4gb 2.4gb
green open wazuh-alerts-4.x-2021.08.04 N31Qrde5QDG9etk5q7u_kA 3 0 3510861 0 2. 5gb 2.5gb
green open wazuh-alerts-4.x-2021.08.07 oU3ICW3tTEWv_adeI2qUeQ 3 0 2446323 0 2. 3gb 2.3gb
green open wazuh-alerts-4.x-2021.08.06 0cFDFmYWSOSZz2WHCvUqrQ 3 0 2968515 0 2. 4gb 2.4gb
green open wazuh-alerts-4.x-2021.08.01 -Zp5IX_WRPq7djmBHWm0JA 3 0 1598107 0 1. 9gb 1.9gb
green open wazuh-alerts-4.x-2021.08.03 wJde1AqCS8C91U-2TqrElA 3 0 3087465 0 2. 4gb 2.4gb
green open wazuh-alerts-4.x-2021.08.02 EWIJKAa1SNShyT93BOeUVA 3 0 1585698 0 1. 9gb 1.9gb
curl: (3) <url> malformed
jeremias...@wazuh.com
Dec 1, 2021, 11:52:16 PM12/1/21
to Wazuh mailing list
Hello Gerald,
Ok, now we have found something, the cluister status must be green. Usually, yellow status is caused by a missing replica.
If you have a single node cluster, it´s recommended to reduce the number of replicas to 0.
For doing this you should:
Download the template:
curl https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/elasticsearch/wazuh-elastic6-template-alerts.json -o template.json
Replace this:
"settings": {
with:
"settings": {
Now, update your template:
curl -X PUT "http://localhost:9200/_template/wazuh" -H 'Content-Type: application/json' -d @template.json
New indexes will now use 0 replicas.
For already existing ones, you can reduce their number of replicas as follow:
curl -X PUT "localhost:9200/_settings" -H 'Content-Type: application/json' -d'
Let me know if this helps. Anyway, I will get in touch with other coworkers to check if anything else could be occurring.
Best regards.
Gerald Bartley
Dec 11, 2021, 1:18:30 PM12/11/21
to Wazuh mailing list
Hello Jeremias
It seems that the link to download the file from is one that I don't have access to. is there another one that I can try to get this this template from?
Gerald
Reply all
Reply to author
Forward
0 new messages