-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure-logs spamming in the ossec log #23329
Comments
Issue UpdateThe related code fragment is in the wazuh/src/config/wmodules-azure.c Lines 376 to 377 in f094086
wazuh/src/config/wmodules-azure.c Lines 508 to 509 in f094086
Also, a test of the module was carried out in Wazuh Wazuh versionroot@d9b3863d6d59:/# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.7.4"
WAZUH_REVISION="40717"
WAZUH_TYPE="server" ossec.conf<wodle name="azure-logs">
<disabled>no</disabled>
<interval>10m</interval>
<run_on_start>yes</run_on_start>
<log_analytics>
<auth_path>/var/ossec/wodles/azure/credentials-analytics</auth_path>
<tenantdomain>TENANT</tenantdomain>
<request>
<query>AzureActivity</query>
<workspace><workspace_id></workspace>
<time_offset>50d</time_offset>
</request>
</log_analytics>
<storage>
<auth_path>/var/ossec/wodles/azure/credentials-storage</auth_path>
<container name="container">
<content_type>json_inline</content_type>
<time_offset>260d</time_offset>
</container>
</storage>
</wodle> ossec.log
In conclusion, we will categorize it as a bug with a lower priority given it is not new to Wazuh versionroot@29c3919c0341:/# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v5.0.0"
WAZUH_REVISION="50000"
WAZUH_TYPE="server" ossec.log without debug level 2
After setting ossec.log with debug level 2
|
Description
We have been reported a problem where, in 4.8.0-rc1,
wazuh-modulesd
service is spamming azure-logs like the following:We need to review what might be happening and fix it, especially if this problem has been included in 4.8.0.
Checks
The following elements have been updated or reviewed (should also be checked if no modification is required):
api/test/integration/mapping/_test_mapping.py
).The text was updated successfully, but these errors were encountered: