wazuh-packages icon indicating copy to clipboard operation
wazuh-packages copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Unexpected logs found in wazuh-dashboard

Open juliamagan opened this issue 2 years ago • 2 comments

Wazuh version Install type Platform
v4.3.0-rc6 Wazuh Indexer Demo environment

During the investigation at https://github.com/wazuh/wazuh-qa/issues/2819, we found some unexpected logs in wazuh-dashboard:

  • journalctl -xe -u wazuh-dashboard.service 
abr 20 08:47:17 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-20T08:47:17Z","tags":["error","opensearch","data"],"pid":28409,"message":"[search_phase_execution_exception]: all shards failed"}
abr 20 08:47:17 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"error","@timestamp":"2022-04-20T08:47:17Z","tags":[],"pid":28409,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:145:19)\n    at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:99:19)\n    at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:94:17)\n    at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n    at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/elastic/alerts","path":"/elastic/alerts","href":"/elastic/alerts"},"message":"Internal Server Error"}
abr 20 08:47:18 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-20T08:47:18Z","tags":["error","opensearch","data"],"pid":28409,"message":"[version_conflict_engine_exception]: [search-telemetry:search-telemetry]: version conflict, required seqNo [3760], primary term [1]. current document has seqNo [3761] and primary term [1]"}
abr 20 09:52:13 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-20T09:52:13Z","tags":["error","opensearch","data"],"pid":28409,"message":"[version_conflict_engine_exception]: [search-telemetry:search-telemetry]: version conflict, required seqNo [3812], primary term [1]. current document has seqNo [3813] and primary term [1]"}
abr 20 16:41:46 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"error","@timestamp":"2022-04-20T16:41:36Z","tags":[],"pid":28409,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:145:19)\n    at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:99:19)\n    at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:94:17)\n    at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n    at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/api/request","path":"/api/request","href":"/api/request"},"message":"Internal Server Error"}

abr 25 11:07:15 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-25T11:07:15Z","tags":["info","branding"],"pid":28409,"message":"logo default config is not found or invalid."}
abr 25 11:07:15 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-25T11:07:15Z","tags":["info","branding"],"pid":28409,"message":"mark default config is not found or invalid."}
abr 25 11:07:15 ip-10-0-0-184.us-west-1.compute.internal opensearch-dashboards[28409]: {"type":"log","@timestamp":"2022-04-25T11:07:15Z","tags":["info","branding"],"pid":28409,"message":"favicon config is not found or invalid."}

Complete logs

juliamagan avatar Apr 27 '22 10:04 juliamagan

I was able to detect where these messages are generated in the log, it is due to the file: src/core/server/opensearch_dashboards_config.js

This file is edited by us to search for the loadingLogos to S3 and the title of the application is also defined:

      loadingLogo: _configSchema.schema.object({
        defaultUrl: _configSchema.schema.string({
          defaultValue: 'https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/Symbol.png'
        }),
        darkModeUrl: _configSchema.schema.string({
          defaultValue: 'https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/Symbol-3.png'
        })
      }),
      faviconUrl: _configSchema.schema.string({
        defaultValue: '/'
      }),
      applicationTitle: _configSchema.schema.string({
        defaultValue: 'Wazuh'

If we leave this file as it comes by default, the logs increase:

,"branding"],"pid":7751,"message":"logo default config is not found or invalid."}
,"branding"],"pid":7751,"message":"mark default config is not found or invalid."}
,"branding"],"pid":7751,"message":"loadingLogo default config is not found or invalid."}
,"branding"],"pid":7751,"message":"favicon config is not found or invalid."}
,"branding"],"pid":7751,"message":"applicationTitle config is not found or invalid. Title length should be between 1 to 36 characters."}

This is the default file:

    branding: _configSchema.schema.object({
      logo: _configSchema.schema.object({
        defaultUrl: _configSchema.schema.string({
          defaultValue: '/'
        }),
        darkModeUrl: _configSchema.schema.string({
          defaultValue: '/'
        })
      }),
      mark: _configSchema.schema.object({
        defaultUrl: _configSchema.schema.string({
          defaultValue: '/'
        }),
        darkModeUrl: _configSchema.schema.string({
          defaultValue: '/'
        })
      }),
      loadingLogo: _configSchema.schema.object({
        defaultUrl: _configSchema.schema.string({
          defaultValue: '/'
        }),
        darkModeUrl: _configSchema.schema.string({
          defaultValue: '/'
        })
      }),
      faviconUrl: _configSchema.schema.string({
        defaultValue: '/'
      }),
      applicationTitle: _configSchema.schema.string({
        defaultValue: ''
      })

I am investigating how to skip these messages

c-bordon avatar Apr 27 '22 19:04 c-bordon

I was investigating a little more, these messages are of the INFO type, and they do not represent an error in the application, in fact, all the resources are loaded correctly, to be able to omit these messages it is necessary to touch the application code, which would not enter in the scope of this release.

These validations are performed in the following file: https://github.com/opensearch-project/OpenSearch-Dashboards/blob/1.2.0/src/core/server/rendering/rendering_service.tsx#L346

c-bordon avatar Apr 28 '22 18:04 c-bordon