wazuh-kubernetes
wazuh-kubernetes copied to clipboard
wazuh
integratord needs additional package for external software
Dear Team,
I tried to configure a custom integration to Jira based on official doc and it was not possible in wazuh-kubernetes environment without modifications in 4.3.10 image version
https://wazuh.com/blog/how-to-integrate-external-software-using-integrator/
CONFIGURATION EXAMPLE
<integration>
<name>custom-jira</name>
<group>"group of alerts, ossec,sycheck,etc"</group>
<hook_url>"urlJira"</hook_url>
<api_key>"mail:apikey"</api_key>
<alert_format>json</alert_format>
</integration>
File created as executable on path /var/ossec/integrations
PROBLEM/ERRORS
- debugging on log file
cat /var/ossec/logs/ossec.log | grep integrator - enabled "integrator.debug=2/' /var/ossec/etc/local_internal_options.conf "
Error 1)
File Permission error, file cannot be written file
Error 2)
/usr/bin/ "python" not found
Error 3)
2023/02/15 23:38:08 wazuh-integratord: ERROR: Couldn't execute command (integrations /tmp/custom-jira-1676504288-885874547.alert user@api /dev/null 2>&1). Check file and permissions. no module request found
WORKAROUND
ERROR 1) File permissions chmod 750 <filename>
ERROR 2) move python as executable or install apt update && apt install python-is-python3
ERROR 3) install required modules apt-get install python3-requests
RELOAD SERVER: /etc/init.d/wazuh-manager restart
SOLUTION Add requires packages to the image
Hi @victorrodriguez1984.
Thanks for reporting this issue.
A new issue in wazuh-docker repository was created: https://github.com/wazuh/wazuh-docker/issues/788. It was added to our backlog and will be treated as soon as we can.
