wazuh.manager won't start #4
Description
UPDATE:
" M]dLoProdz: I have not tested this in WSL.
The issue you posted is more about a Wazuh issue than an OSSIEM issue.
I also have the same problem when the VM reboots the manager container goes into a restart loop until manually brought down and up again. I have fixed this by building a second custom image that I run after the initial setup, this image does not run the create_custom_user script on init.
"
Here is the script I am using:
https://github.com/freeload101/SCRIPTS/blob/master/Bash/SOCFortress_CoPilot_Fast.bash
logs https://rmccurdy.com/stuff/DELETE/ BASE is first compose up and BASE_DOWN_UP.txt is after setting up graylog certs
Wazuh ok ? It looks like graylog was doing something at one point 😦 Also looks like time zone is off in the future by 3hrs on most of the docker images ?
I'll post a full video Monday: Here is a video 😦
https://youtu.be/eFO4ZRVA_Y4
maybe has something to do with this it's removing the file at some point then on restart it's trying to call it back ?!
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-manager: executing...
/var/ossec/framework/python/bin/python3: can't open file '/var/ossec/framework/scripts/create_user.py': [Errno 2] No such file or directory
There was an error configuring the API user
[cont-init.d] 1-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/ossec-logs: No such file or directory
[s6-finish] sending all processes the TERM signal.
So if API_USERNAME and $API_PASSWORD are blank it thinks it's a new config/setup ... ?!
wazuh/custom-wazuh-manager/config/etc/cont-init.d/1-manager: if [[ ! -z $API_USERNAME ]] && [[ ! -z $API_PASSWORD ]]; then
...
maybe mount local time for all the images ? IDK
- /etc/localtime:/var/ossec/etc/localtime
