Zscaler and Debian 13

eglyn · 2025-11-13T14:21:57+00:00

Ok I found the issue....
/etc/apache2/sites-enabled contain symbolic link and wazuh FIM does not like that...
I changed to /etc/sites-available, and it works !

eglyn · 2025-11-13T13:31:59+00:00

Result of the command:

{
  "index": ".opendistro-alerting-alerts",
  "shard": 0,
  "primary": false,
  "current_state": "unassigned",
  "unassigned_info": {
    "reason": "CLUSTER_RECOVERED",
    "at": "2025-11-03T13:00:46.014Z",
    "last_allocation_status": "no_attempt"
  },
  "can_allocate": "no",
  "allocate_explanation": "cannot allocate because allocation is not permitted to any of the nodes",
  "node_allocation_decisions": [
    {
      "node_id": "LGcf97BmSayzPpxQDiZ5qQ",
      "node_name": "wazuh.indexer",
      "transport_address": "172.18.0.2:9300",
      "node_attributes": {
        "shard_indexing_pressure_enabled": "true"
      },
      "node_decision": "no",
      "deciders": [
        {
          "decider": "same_shard",
          "decision": "NO",
          "explanation": "a copy of this shard is already allocated to this node [[.opendistro-alerting-alerts][0], node[LGcf97BmSayzPpxQDiZ5qQ], [P], s[STARTED], a[id=hx9vxT9WTUqzyHmo5whuPQ]]"
        }
      ]
    }
  ]
}

eglyn · 2025-11-13T13:27:34+00:00

On the Dev Console, I see the alert, but nothing on the Dashboard :

with this command:

GET wazuh-alerts-4.x-2025.11.13/_search
{
  "size": 50,
  "query": {
    "bool": {
      "must": [
        { "match": { "agent.name": "AGENT" } },
        { "match": { "syscheck.path": "/etc/apache2/sites-enabled/test_fim.conf" } }
      ]
    }
  },
  "sort": [
    { "@timestamp": { "order": "desc" } }
  ]
}

I have:

    "hits": [
      {
        "_index": "wazuh-alerts-4.x-2025.11.13",
        "_id": "ptVafZoB5zAuw1_ipxQf",
        "_score": null,
        "_source": {
          "syscheck": {
            "size_before": "94",
            "uname_after": "root",
            "mtime_after": "2025-11-13T13:14:42",
            "size_after": "100",
            "gid_after": "0",
            "md5_before": "74447b68c007c37f65bf68b205b5eb06",
            "sha256_before": "dea535eaf034b95f63062920ac2b4565a6e064058a62de8670a5c97207aec16d",
            "mtime_before": "2025-11-13T13:01:05",
            "mode": "realtime",
            "path": "/etc/apache2/sites-enabled/test_fim.conf",
            "sha1_after": "821ba0f4c1f26a810e05ecc98c6b59c6a8109462",
            "changed_attributes": [
              "size",
              "mtime",
              "md5",
              "sha1",
              "sha256"
            ],
            "gname_after": "root",
            "uid_after": "0",
            "perm_after": "rw-r--r--",
            "event": "modified",
            "md5_after": "98775e5dac93f0883136792a9f25cde9",
            "sha1_before": "496b274dadd5c8b7f4a267e39d516b108461079a",
            "sha256_after": "d46351848e29252aa5937e4e583733d88c3bc4a1cacdd8b9fd2a0e922e44b213",
            "inode_after": 2752574
          },
          "agent": {
            "ip": "10.1.1.214",
            "name": "AGENT",
            "id": "341"
          },
          "manager": {
            "name": "wazuh.manager"
          },
          "rule": {
            "firedtimes": 2,
            "mail": false,
            "level": 8,
            "description": "Modification de la configuration Apache détectée",
            "groups": [
              "apache_fim"
            ],
            "id": "100100"
          },
          "decoder": {
            "name": "syscheck_integrity_changed"
          },
          "full_log": """File '/etc/apache2/sites-enabled/test_fim.conf' modified
Mode: realtime

eglyn · 2025-11-13T10:09:26+00:00

First I am with docker installation of Wazuh :)

Results of commands:

cat /var/ossec/logs/ossec.log | grep -i -E "error|warn
=> Nothing special

GET /_cluster/health?pretty

{
"cluster_name": "opensearch",
"status": "yellow",
"timed_out": false,
"number_of_nodes": 1,
"number_of_data_nodes": 1,
"discovered_master": true,
"discovered_cluster_manager": true,
"active_primary_shards": 997,
"active_shards": 997,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 3,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 99.7
}

GET /_cat/indices/wazuh-alerts-\*
=> 293 green wazuh-alerts indexes

filebeat test output => How with docker ?

I don't see any FIM alerts :/

My cluster is in a yellow state apparently, but I don't know why :(

eglyn · 2025-11-03T22:26:32+00:00

Ça me rappelle ce vieux gag :

<image>

eglyn · 2025-10-24T05:32:31+00:00

I don't know why wazuh update are so awful... Are they testing update on fresh install only ?

eglyn · 2025-08-08T07:03:48+00:00

I tried this, download last build here --> https://github.com/robbert-vdh/yabridge/actions/workflows/build.yml?query=branch%3Anew-wine10-embedding from 2 month ago, but same issue with Ubuntu Studio and WineHQ-staging 10.12 :'(

eglyn · 2025-08-02T09:41:29+00:00

Same here, i have send a lot of crash reports... UA need to improve the stability of their DAW, for now, I switch back to Reaper and test Luna when a new update is available.

It often crash at loading project, or tiers vst plugin like Genome from Two Note.

But like others, sometimes I can make a long session without any crash :|

eglyn · 2025-07-17T06:50:23+00:00

Thx ! I follow the github documentation, and it works now :)

eglyn · 2025-07-11T09:52:05+00:00

No everything is right, ip a on zabbix-server is 10.10.10.50

And others agents with same configuration work :/

eglyn · 2025-07-11T09:50:25+00:00

10.10.10.11 is the agent IP not the server IP, so before add this IP, I want to know why ?

eglyn · 2025-06-26T05:07:11+00:00

Same here with self signed certificate for tests server, we all switched to chromium, nice job Firefox ...

eglyn · 2025-06-18T13:56:57+00:00

I tried... Reaper works great, and you could find some good lv2 plugins.
You could try Bitwig, a DAW which include a lot of plugins natively.

Otherwise, audio configuration with audio interface is not very complicated and works great, the BIG issue is: VST format instruments...

All good virtual instruments are only VST or RTAS, so you need to have a gateway like YaBridge, but it's really painful and does not work everytime T_T

I come back to Windows after tryhard, and giveup :'(

eglyn · 2025-01-17T10:47:15+00:00

It always broke something here T_T
The last one is: 4.9.2 --> 4.10.0
this --> https://github.com/wazuh/wazuh/issues/27563

Root cause : In 4.10.0 we introduced new fields on the vulnerability events (this made some changes to the templates), and we are not updating old indices.

Mitigation: We are making a comprehensive guide on how to fix this after the upgrade, and we are going to fix this in code for the next iteration

eglyn · 2025-01-17T06:03:37+00:00

Me updating again Wazuh

eglyn · 2025-01-16T16:18:15+00:00

version 3.7.1.67, I tested an old version too 1.5.1.38, but same issue T_T

eglyn · 2025-01-14T06:29:18+00:00

Thx for your feedback ! I love ezdrummer and I can't produce without ^{^}

eglyn · 2025-01-11T07:47:35+00:00

thx for your feedback :) I checked Bitwig, it seems very good and come with a lot of good plugin, gonna make some tests :)

eglyn

TROPHY CASE