Internal Server Error on Read only users
251 views
Skip to first unread message
Lucio Donda
Jun 16, 2022, 7:33:52 AM6/16/22
to Wazuh mailing list
Hi @renzo, thanks for using wazuh!
I guess you have a 4.2.X version installed, right? have you followed this guide in order to create the read-only user?
Have you set correctly the roles of that user, what about policies ?
Let me know how that checks go and we keep discussing this, have a great day!
I guess you have a 4.2.X version installed, right? have you followed this guide in order to create the read-only user?
Have you set correctly the roles of that user, what about policies ?
Let me know how that checks go and we keep discussing this, have a great day!
Renan Rivera
Jun 16, 2022, 7:47:40 PM6/16/22
to Wazuh mailing list
Hello lucio,
Good Day!
Thank you for replying to my post, I really appreciate it!
-The version that I have is the current 4.3.3
-Yes, I followed the guide please see the snapshot.
Thanks much.
Best regards,
Renan
Lucio Donda
Jun 21, 2022, 9:50:10 AM6/21/22
to Wazuh mailing list
Hi Renzo,
Besides those steps have you mapped the user with wazuh (Step 5 on this guide) ?
If that's correct, then we should check on this logs while you're trying to login:
journalctl -u wazuh-dashboard
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
Let me know how that goes.
Have a great day!
Besides those steps have you mapped the user with wazuh (Step 5 on this guide) ?
If that's correct, then we should check on this logs while you're trying to login:
journalctl -u wazuh-dashboard
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
Let me know how that goes.
Have a great day!
Renan Rivera
Jun 21, 2022, 8:06:04 PM6/21/22
to Lucio Donda, Wazuh mailing list
Hello Lucio,
Sorry, I did not mention that I upgrade from 4.2 to 4.3 version a weeks ago.
I noticed that my current file is in this directory:
/usr/share/kibana/data/wazuh/config/wazuh.yml
While the 4.3 version is here /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
No logs is seen on this command.
journalctl -u wazuh-dashboard
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
maybe migration of version issue?.
Anyway, the issue is just the prompt error when logging in, but the user can still view the dashboard.
Thanks a lot, Lucio, appreciate your help 😊.
Warm regards,
Renan
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/pWmmw75rhMY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0144cf16-8aad-4fea-99bd-ace0381cca7an%40googlegroups.com.
Lucio Donda
Jun 22, 2022, 7:23:52 AM6/22/22
to Wazuh mailing list
Renan,
Glad to hear that despite the error message the dashboard is still visible for those users.
Those are 2 commands:
journalctl -u wazuh-dashboard
And the next one will filter and only show all log messages with warning or error status
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
inside log directory will be stored all logs and inside config (as you say) it will show the yaml file used for module configuration.
Let me know if you can reach those messages to find the reason for those warnings.
Have a great day!
Glad to hear that despite the error message the dashboard is still visible for those users.
Those are 2 commands:
journalctl -u wazuh-dashboard
And the next one will filter and only show all log messages with warning or error status
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
Let me know if you can reach those messages to find the reason for those warnings.
Have a great day!
Renan Rivera
Jun 22, 2022, 7:57:03 PM6/22/22
to Lucio Donda, Wazuh mailing list
Hello Lucio,
Checking the journalctl -u kibana, this is the current logs:
Jun 23 07:36:09 localhost.localdomain kibana[2146]: {"type":"response","@timestamp":"2022-06-22T23:36:09Z","tags":[],"pid":2146,"method":"post","statusCode":200,"req":{"url":"/api/ui_metric/report","method":"post","headers":{"host":"10.6.5.23","connection":"keep-alive",>
Checking cat /usr/share/kibana/data/wazuh/logs/wazuhapp.log, this is the logs when logging into the read only users.
{"date":"2022-06-22T23:25:30.047Z","level":"error","location":"queue:delayApiRequest","message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed with status code 401"}
{"date":"2022-06-22T23:32:00.464Z","level":"error","location":"queue:delayApiRequest","message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed with status code 401"}
{"date":"2022-06-22T23:34:00.574Z","level":"error","location":"queue:delayApiRequest","message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed with status code 401"}
{"date":"2022-06-22T23:32:00.464Z","level":"error","location":"queue:delayApiRequest","message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed with status code 401"}
{"date":"2022-06-22T23:34:00.574Z","level":"error","location":"queue:delayApiRequest","message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed with status code 401"}
Well I've noticed that the deployment of wazuh has changed in 4.3 (indexer-server-wazuhdashboard), that's the reason why I cant find the command : journalctl -u wazuh-dashboard and cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn". Is it wise for me to redeploy the new method of deployment in 4.3 or I will be just fine with my current settings?.
Thanks for your assistance Lucio.
Warm regards,
Renan
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/96dea9e5-6aa5-45ae-9b88-6866a70f412an%40googlegroups.com.
Lucio Donda
Jun 23, 2022, 8:31:35 AM6/23/22
to Wazuh mailing list
Renan,
Thanks for the info,
I'll take that log and see if it can be used to create an issue or to match a present one.
But, as you said there has been a big change from 4.2.X to 4.3.X and kibana, elastic and filebeat had been replaced, so I encourage you to take a look at our dashboard migration guide if you haven't already. Especially from items 4 and forth. Check if you haven't missed anything.
There's also an indexer migration guide you should look at.
If you follow those steps there shouldn't be any problem.
Have a great day!
Thanks for the info,
I'll take that log and see if it can be used to create an issue or to match a present one.
But, as you said there has been a big change from 4.2.X to 4.3.X and kibana, elastic and filebeat had been replaced, so I encourage you to take a look at our dashboard migration guide if you haven't already. Especially from items 4 and forth. Check if you haven't missed anything.
There's also an indexer migration guide you should look at.
If you follow those steps there shouldn't be any problem.
Have a great day!
Reply all
Reply to author
Forward
0 new messages