Vikman Fernandez-Castro

icon indicating a website link http://vikman90.blogspot.com icon indicating an email [email protected]

icon company @wazuh icon location Granada, Spain icon location Director of engineering at @wazuh. Developer and mad bug. Pianist in another life.

Results 128 comments of Vikman Fernandez-Castro

FIM reports a lot of modified files: inode changed

Thank you @beertje44. That matches the full log: > File '/etc/motd' modified (...) Old inode was: '-2028117366', now it is '2266849930' That makes me think that FIM is simply mishandling...

FIM reports a lot of modified files: inode changed

@thefactor82 I'm pretty sure your issue is more related to: - https://github.com/wazuh/wazuh/issues/17184 - https://github.com/wazuh/wazuh/pull/17415 That issue is about the size attribute, just like you are. We're releasing the version that...

Footprint - Decrease in number of messages and generated events in CentOS agent

Closing this issue: - Known issue in chart plotting: - https://github.com/wazuh/wazuh-jenkins/issues/6900 - CIS-CAT is deprecated: - https://github.com/wazuh/wazuh-jenkins/issues/4469

Unexpected warning message in `wazuh-remoted`

As we discussed in a meeting, this is a known issue, possibly since 3.9.0 (https://github.com/wazuh/wazuh/issues/1908). The issue has been partially fixed by: - https://github.com/wazuh/wazuh/issues/21014 - https://github.com/wazuh/wazuh/pull/21595 - https://github.com/wazuh/wazuh/pull/25239 To continue...

Unexpected warning message in `wazuh-remoted`

@Nicogp Thank you for the detailed investigation and analysis of the issue. Based on the findings, it seems that the problem is isolated to macOS when Rootcheck is enabled, and...

Unexpected warning message in `wazuh-remoted`

Since _wazuh-remoted_ is scheduled for deprecation in version 5.0 and the impact of this issue appears to be minor, we will not continue investigating unless we find an environment where...

Unexpected warning message in `wazuh-remoted`

## Research report **Rootcheck Port Scan Interference with Virtual Network Causes TCP Message Corruption** ### Description During a persistent TCP connection between a macOS client (running in a virtual machine)...

Follow symbolic links in localfile

Hi @gourvy. We’ve reviewed your configuration and tested a similar scenario using the following `localfile` directive: ```xml /var/log/containers/*.log syslog ``` When running the Wazuh Logcollector in debug mode, we observed...

Follow symbolic links in localfile

@jpcerrone I agree with @wirehack7. FIM has some complexities (and other use cases) that necessitated the `` option. On the other hand, Logcollector directly attempts to open files defined in...

Upgrading macOS agent via WPK returns timeout

@juliamagan Let me open this issue back as it failed again: https://github.com/wazuh/wazuh/issues/17272#issuecomment-1563182999, and we want to propose a couple of changes. - Option ``/``. - Extend the range to 60000...