Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 4.9.0 - Beta 1 - Footprint Metrics - SYSCHECK (2.5d) #25040

Closed
wazuhci opened this issue Aug 5, 2024 · 3 comments
Closed

Release 4.9.0 - Beta 1 - Footprint Metrics - SYSCHECK (2.5d) #25040

wazuhci opened this issue Aug 5, 2024 · 3 comments

Comments

@wazuhci
Copy link

wazuhci commented Aug 5, 2024

Footprint metrics information

Main release stage issue # #25025
Main footprint metrics issue # #25005
Version 4.9.0
Release stage # Beta 1
Tag https://github.com/wazuh/wazuh/tree/v4.9.0-beta1

Stress test documentation

Packages used


Manager
Centos agent
Ubuntu agent
Windows agent
macOS agent
  • Plots
  • Logs and configuration
  • CSV
Solaris agent
  • Plots
  • Logs and configuration
  • CSV

Conclusion 🟡

Plots compared to #24467

Graphs 🟢

Logs 🟡

Known issues:

@hossam1522
Copy link
Member

hossam1522 commented Aug 5, 2024

Analysis Report

Compared to:

Graph Report 🟢

Manager
  • Dropped_events: increase of syscheck to 30 in the second part of the test
Centos
  • VMS: decrease of modulesd.
Ubuntu
  • VMS: decrease of modulesd.
Windows
  • No abnormalities were found.

Log Report 🟡

Manager
  • Expected in Stress Test
2024/08/02 20:40:27 wazuh-modulesd:content-updater: WARNING: The offsets download has been interrupted.
2024/08/03 02:42:06 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
2024/08/03 06:20:39 wazuh-remoted: WARNING: Message queue is full (10). Events may be lost.
2024/08/04 01:03:33 wazuh-analysisd: WARNING: Syscheck decoder queue is full.
2024/08/02 20:38:22 indexer-connector: WARNING: No username and password found in the keystore, using default values.
2024/08/02 20:38:22 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-ip-172-31-0-193.ec2.internal', retrying until the connection is successful.
Centos
  • Expected in Stress Test
2024/08/03 02:41:21 wazuh-agentd: WARNING: Agent buffer is full: Events may be lost.
2024/08/03 02:41:59 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
2024/08/02 20:40:27 wazuh-agentd: ERROR: (1137): Lost connection with manager. Setting lock.
2024/08/02 20:40:27 wazuh-agentd: ERROR: (1216): Unable to connect to '[172.31.0.193]:1514/tcp': 'Connection refused'.
Ubuntu
  • Expected in Stress Test
2024/08/03 02:41:22 wazuh-agentd: WARNING: Agent buffer is full: Events may be lost.
2024/08/03 02:42:22 wazuh-syscheckd: WARNING: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data.
2024/08/02 20:40:35 wazuh-agentd: ERROR: (1216): Unable to connect to '[172.31.0.193]:1514/tcp': 'Connection refused'.
Windows
  • Expected in Stress Test
2024/08/02 21:06:28 wazuh-agent: WARNING: Agent buffer at 90 %.
2024/08/03 02:41:23 wazuh-agent: WARNING: (6906): Real time process: no data. Probably buffer overflow.
2024/08/03 02:41:42 wazuh-agent: WARNING: Agent buffer is full: Events may be lost.
2024/08/03 02:43:52 wazuh-agent: ERROR: (6716): Could not open handle for 'c:\tmp\syscheck_test\files\fimstress.18282'. Error code: 2
2024/08/03 02:43:52 wazuh-agent: WARNING: At get_user(c:\tmp\syscheck_test\files\fimstress.18282): CreateFile(): The system cannot find the file specified. (2)
2024/08/03 03:10:03 wazuh-agent: WARNING: (6922): Cannot open 'c:\tmp\syscheck_test\directories\dir2368': No such file or directory
2024/08/03 03:56:34 wazuh-agent: WARNING: (6922): Cannot open 'c:\tmp\syscheck_test\directories': No such file or directory
2024/08/03 12:19:45 wazuh-agent: ERROR: (6716): Could not open handle for 'c:\tmp\syscheck_test\files\fimstress.3975698'. Error code: 5
[2024-08-03_15:18:49] [ERROR] (create_delete): files\fimStress.5205000 file cannot be deleted.
2024/08/04 20:41:51 wazuh-agent: ERROR: (6613): Real time Windows callback process: 'Access is denied.' (5).

@wazuhci wazuhci moved this from Triage to In progress in Release 4.9.0 Aug 5, 2024
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.9.0 Aug 5, 2024
@wazuhci wazuhci moved this from Pending review to In review in Release 4.9.0 Aug 6, 2024
@pro-akim
Copy link
Member

pro-akim commented Aug 6, 2024

Review Notes

Plots:

The following observations could be done

Manager

Dropped_events: increase of syscheck to 30 in the second part of the test

CentOs and Ubuntu

VMS: decrease of modulesd

Add those observations to the plots description please

Logs:

LGTM

@wazuhci wazuhci moved this from In review to On hold in Release 4.9.0 Aug 6, 2024
@wazuhci wazuhci moved this from On hold to Pending review in Release 4.9.0 Aug 6, 2024
@pro-akim
Copy link
Member

pro-akim commented Aug 6, 2024

Review Notes

LGTM

@wazuhci wazuhci moved this from Pending review to Pending final review in Release 4.9.0 Aug 6, 2024
@wazuhci wazuhci moved this from Pending final review to In final review in Release 4.9.0 Aug 7, 2024
@rauldpm rauldpm closed this as completed Aug 7, 2024
@wazuhci wazuhci moved this from In final review to Done in Release 4.9.0 Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Status: Done
Development

No branches or pull requests

4 participants