No Vulnerability and other logs in Kibana

smit patel

unread,

Jul 11, 2021, 11:09:38 PM7/11/21

to Wazuh mailing list

Hi Team,

I can see logs in Wazuh module, and checked in backend where I can see alerts.log folder but when I check logs about vulnerabiltity, I wont able to see logs in Kibana like "Data.vulerabitity.*" field logs.

Can you please help to fix this.

Thanks,

Smit

event.PNG

smit patel

unread,

Jul 11, 2021, 11:19:35 PM7/11/21

to Wazuh mailing list

Not sure is this error causing this issue or not.

grep -i error /var/log/elasticsearch/elasticsearch.log

[2021-07-12T06:50:39,627][ERROR][o.e.x.s.a.s.m.NativeRoleMappingStore] [elasticsearch] failed to load role mappings from index [.security] skipping all mappings.

[2021-07-12T06:50:39,710][ERROR][o.e.x.m.c.c.ClusterStatsCollector] [elasticsearch] collector [cluster_stats] failed to collect data

[2021-07-12T06:55:56,753][WARN ][o.e.b.JNANatives ] [elasticsearch] Unable to lock JVM Memory: error=12, reason=Cannot allocate memory

[2021-07-12T06:55:57,181][INFO ][o.e.n.Node ] [elasticsearch] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms6g, -Xmx6g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-9888627779779792401, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=3221225472, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]

at org.elasticsearch.transport.TransportChannel.sendErrorResponse(TransportChannel.java:56) [elasticsearch-7.9.3.jar:7.9.3]

[2021-07-12T07:51:45,887][INFO ][o.e.n.Node ] [elasticsearch] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms6g, -Xmx6g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-8331343355769965727, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=3221225472, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]

[2021-07-12T07:51:58,390][ERROR][o.e.x.s.a.e.ReservedRealm] [elasticsearch] failed to retrieve password hash for reserved user [elastic]

[2021-07-12T07:51:58,428][ERROR][o.e.x.s.a.e.ReservedRealm] [elasticsearch] failed to retrieve password hash for reserved user [elastic]

[2021-07-12T07:51:58,465][ERROR][o.e.x.s.a.e.ReservedRealm] [elasticsearch] failed to retrieve password hash for reserved user [elastic]

[2021-07-12T07:51:58,576][ERROR][o.e.x.s.a.e.ReservedRealm] [elasticsearch] failed to retrieve password hash for reserved user [elastic]

[2021-07-12T07:51:58,637][ERROR][o.e.x.s.a.e.ReservedRealm] [elasticsearch] failed to retrieve password hash for reserved user [elastic]

Caused by: org.elasticsearch.action.search.SearchPhaseExecutionException: Search rejected due to missing shards [[.kibana_task_manager_1][0]]. Consider using `allow_partial_search_results` setting to bypass this error.

smit patel

unread,

Jul 11, 2021, 11:28:22 PM7/11/21

to Wazuh mailing list

curl -XGET 'https://localhost:9200/_cluster/health?pretty' -uelastic:Rv9iIdlUYjvAmQWpbZdy -k

{

"cluster_name" : "elasticsearch",

"status" : "green",

"timed_out" : false,

"number_of_nodes" : 1,

"number_of_data_nodes" : 1,

"active_primary_shards" : 150,

"active_shards" : 150,

"relocating_shards" : 0,

"initializing_shards" : 0,

"unassigned_shards" : 0,

"delayed_unassigned_shards" : 0,

"number_of_pending_tasks" : 0,

"number_of_in_flight_fetch" : 0,

"task_max_waiting_in_queue_millis" : 0,

"active_shards_percent_as_number" : 100.0

smit patel

unread,

Jul 11, 2021, 11:36:58 PM7/11/21

to Wazuh mailing list

curl -XGET 'https://localhost:9200/_cat/indices/wazuh-alerts-4.x-*' -uelastic:Rv9iIdlUYjvAmQWpbZdy -k

green open wazuh-alerts-4.x-2021.02.26 j9dg3YJzTAGrojGT_CwNuQ 3 0 11863 0 34.2mb 34.2mb

green open wazuh-alerts-4.x-2021.04.17 AtrC8EPUS4a3UyJajQVJOw 3 0 186533 0 233.6mb 233.6mb

green open wazuh-alerts-4.x-2021.02.24 VaNmS5cHTYCIbvWBghjC_g 3 0 10853 0 30.7mb 30.7mb

green open wazuh-alerts-4.x-2021.02.25 nHwk5LLITgq4yfg6Lb_Mdg 3 0 1813 0 6.2mb 6.2mb

green open wazuh-alerts-4.x-2021.07.08 eQUBima0Q4iR4jEkR_AdOg 3 0 2138697 0 5.6gb 5.6gb

green open wazuh-alerts-4.x-2021.06.29 1kkIsVwVSHKmRbxryDaEhw 3 0 1719804 0 4.6gb 4.6gb

green open wazuh-alerts-4.x-2021.07.07 V1-cJT5ATpeduHN_J8DdVw 3 0 1903615 0 5.2gb 5.2gb

green open wazuh-alerts-4.x-2021.07.09 FzGUFkToSO6XkBb9rqOcfw 3 0 1928196 0 5.3gb 5.3gb

green open wazuh-alerts-4.x-2021.06.24 A4RhaLL-Qh6x6_2pY5n1cA 3 0 2079138 0 5.8gb 5.8gb

green open wazuh-alerts-4.x-2021.07.04 XvjHVewGRoSt2jPyzXE0YA 3 0 1137228 0 3.6gb 3.6gb

green open wazuh-alerts-4.x-2021.07.03 O4SD3BwlQr2YmgHe7D9WIw 3 0 832411 0 2.5gb 2.5gb

green open wazuh-alerts-4.x-2021.07.06 6NAB3LDYQCiQRMalV-sHrw 3 0 1975230 0 5.4gb 5.4gb

green open wazuh-alerts-4.x-2021.07.05 dluTQYPDSSyE2fFD2mUlxA 3 0 2298963 0 6.1gb 6.1gb

green open wazuh-alerts-4.x-2021.07.11 on9kiCjiQoGcxmgtXZ-3cw 3 0 975607 0 3.2gb 3.2gb

green open wazuh-alerts-4.x-2021.02.23 3iqOv5zuQH-pSDgkD6PeXg 3 0 8191 0 24.6mb 24.6mb

green open wazuh-alerts-4.x-2021.02.01 uAtZjdpzTg-VtqXli0-sKQ 3 0 97 0 447.5kb 447.5kb

green open wazuh-alerts-4.x-2021.07.10 9yQJ02q6QA-g_w3LH09RFg 3 0 1045704 0 3.4gb 3.4gb

green open wazuh-alerts-4.x-2021.06.23 ObfU_1KtQiOXceDk-24SXg 3 0 1029031 0 3gb 3gb

green open wazuh-alerts-4.x-2021.07.12 yk7FebM7QKGL6l5MHp0Pdw 3 0 181923 0 657.1mb 657.1mb

smit patel

unread,

Jul 12, 2021, 12:37:08 AM7/12/21

to Wazuh mailing list

More things want to add here, except security alerts I am not able to see any logs (like - Vulnerability, Audit Policy, Security Assestment etc)

Please help to fix this.

smit patel

unread,

Jul 12, 2021, 8:23:01 AM7/12/21

to Wazuh mailing list

I fixed this.

Thank you !!!

Reply all

Reply to author

Forward