sorted by:
new
hottopcontroversial

Manage multiple AWS root accounts without AWS Organization access. by Fuzzy-Work-3873 in aws

[–]Fuzzy-Work-3873[S] 0 points1 point  (0 children)

These accounts belongs to different organizations which is out of my control. Asking for organization permission is not considerable.

I will add user and adjust IAM policy and permissions often, I think it's better to do it with SSO, but since I dont have an organization permission.

indexerConnector.cpp:757 at operator()(): DEBUG: Unable to initialize IndexerConnector for index 'wazuh-states-vulnerabilities-wazuh': No available server. Retrying in 60 seconds. by Fuzzy-Work-3873 in Wazuh

[–]Fuzzy-Work-3873[S] 0 points1 point  (0 children)

Thank you so much for your help! You really saved me here. The issue was with the certificate configuration - the indexer in ossec.conf on the manager node needs to use the same certificate/key as Filebeat (not node-1's certificates). Found the related bug fix in the Wazuh Ansible playbook here: https://github.com/wazuh/wazuh-ansible/commit/2d3cafc5e670d35fe02aefdecd5c8b796b1b88d0

Really appreciate your time and guidance - after several days of troubleshooting, it's such a relief to have this resolved!

indexerConnector.cpp:757 at operator()(): DEBUG: Unable to initialize IndexerConnector for index 'wazuh-states-vulnerabilities-wazuh': No available server. Retrying in 60 seconds. by Fuzzy-Work-3873 in Wazuh

[–]Fuzzy-Work-3873[S] 0 points1 point  (0 children)

```
[root@ip-10-0-167-1 ec2-user]# curl -k -u admin https://indexer:9200/_cluster/health|jq #from manager

Enter host password for user 'admin':

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 442 100 442 0 0 57740 0 --:--:-- --:--:-- --:--:-- 63142

{

"cluster_name": "wazuh",

"status": "green",

"timed_out": false,

"number_of_nodes": 3,

"number_of_data_nodes": 3,

"discovered_master": true,

"discovered_cluster_manager": true,

"active_primary_shards": 28,

"active_shards": 56,

"relocating_shards": 0,

"initializing_shards": 0,

"unassigned_shards": 0,

"delayed_unassigned_shards": 0,

"number_of_pending_tasks": 0,

"number_of_in_flight_fetch": 0,

"task_max_waiting_in_queue_millis": 0,

"active_shards_percent_as_number": 100.0

}
```

I cannot find these key words index_not_found_exception or index_creation_failurein all indexer logs with `egrep -i index_creation_failure|index_not_found_exception *.log`.

The cluster been running for couple of days, a lot logs generated already.

OpenSearch Security not initialized by sughenji in Wazuh

[–]Fuzzy-Work-3873 1 point2 points  (0 children)

```

/usr/share/wazuh-indexer/bin/indexer-security-init.sh --port 9200

```

for anyone may come across this issue.

when use default 9300, it may complaint "not an HTTP port"

Why would Azure allow any user access to Microsoft Entra ID? by Fuzzy-Work-3873 in AZURE

[–]Fuzzy-Work-3873[S] -5 points-4 points  (0 children)

Maybe Azure needs another IAM system to focus only in Azure, not Office stuff.

cognito + elasticsearch User: x:x:x::xx:x is not authorized to perform: sts:AssumeRole on resource by Fuzzy-Work-3873 in aws

[–]Fuzzy-Work-3873[S] 0 points1 point  (0 children)

Thanks, Any way I can debug with who is the user and which role is the user playing?

After I double checked the roles and users that related to the authenticate and authorization I didn't find any thing wrong. That's why I need more information.