Skip to content

Redirect logs to a file #29255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fdalmaup merged 4 commits into from
Apr 21, 2025
Merged

Redirect logs to a file #29255

fdalmaup merged 4 commits into from
Apr 21, 2025

Conversation

@nico-stefani
Copy link
Member

@nico-stefani nico-stefani commented Apr 16, 2025
edited
Loading

Related issue
#27509

Description

This PR closes #27509. Adds a log file /var/log/wazuh-server/wazuh-server.log to redirect the output.

When the service is started with SysV init, this is the only log destination; when it is used with Systemd, it is also sent to the journal.

Logs/Alerts example

SysV init 

root@bec51b3f194e:/workdir# service wazuh-server start
root@bec51b3f194e:/workdir# tail /var/log/wazuh-server/wazuh-server.log
2025/04/16 21:36:59 INFO: [Server] [Main] Starting wazuh-server-management-apid
2025/04/16 21:37:00 INFO: [Management API] Starting API
2025/04/16 21:37:01 INFO: [Server] [Main] Started wazuh-server-management-apid (pid: 190)
2025/04/16 21:37:01 INFO: [Management API] Updating RBAC information
2025/04/16 21:37:01 INFO: [Management API] Listening on 0.0.0.0:55000.
2025/04/16 21:37:01 DEBUG: [Management API] Connecting to the indexer client.
2025/04/16 21:37:01 INFO: [Management API] Populating installation UID...
2025/04/16 21:37:01 INFO: [Management API] Getting updates information...
2025/04/16 21:37:02 WARNING: [Management API] Cannot initialize the indexer client.
2025/04/16 21:37:02 INFO: [Management API] Sleeping 1.8626950219348126s until next try.

Systemd 

root@vagrant:/vagrant# systemctl start wazuh-server
root@vagrant:/vagrant# tail /var/log/wazuh-server/wazuh-server.log
2025/04/16 21:29:51 INFO: [Communications API] Application startup complete.
2025/04/16 21:29:52 INFO: [Management API] Starting API
2025/04/16 21:29:53 INFO: [Server] [Main] Started wazuh-server-management-apid (pid: 7438)
2025/04/16 21:29:53 INFO: [Management API] Updating RBAC information
2025/04/16 21:29:53 DEBUG: [Management API] Connecting to the indexer client.
2025/04/16 21:29:53 INFO: [Management API] Listening on 0.0.0.0:55000.
2025/04/16 21:29:53 INFO: [Management API] Populating installation UID...
2025/04/16 21:29:53 INFO: [Management API] Getting updates information...
2025/04/16 21:29:54 WARNING: [Management API] Cannot initialize the indexer client.
2025/04/16 21:29:54 INFO: [Management API] Sleeping 1.971595444072484s until next try.
root@vagrant:/vagrant# journalctl -u wazuh-server -xe
Apr 16 21:29:54 vagrant sh[7339]: 2025/04/16 21:29:54 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:29:54 vagrant sh[7339]: 2025/04/16 21:29:54 INFO: [Management API] Sleeping 1.971595444072484s until next try.
Apr 16 21:29:56 vagrant sh[7339]: 2025/04/16 21:29:56 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:29:56 vagrant sh[7339]: 2025/04/16 21:29:56 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:29:56 vagrant sh[7339]: 2025/04/16 21:29:56 INFO: [Management API] Sleeping 2.2764543848298615s until next try.
Apr 16 21:29:58 vagrant sh[7339]: 2025/04/16 21:29:58 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:29:58 vagrant sh[7339]: 2025/04/16 21:29:58 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:29:58 vagrant sh[7339]: 2025/04/16 21:29:58 INFO: [Management API] Sleeping 4.986916714513575s until next try.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 INFO: [Server] [Main] Getting orders from indexer
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 WARNING: [Server] [Main] Cannot initialize the indexer client.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 INFO: [Server] [Main] Sleeping 1.630045067971996s until next try.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 DEBUG: [Management API] Closing the indexer client session.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 ERROR: [Management API] Failed updating RBAC information: Error 2200 - Could not connect to the indexer: Cannot connect to host wazuh-indexer:9200 ssl:default>
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 INFO: [Management API] Updating RBAC information
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:30:03 vagrant sh[7339]: 2025/04/16 21:30:03 INFO: [Management API] Sleeping 1.9529511599254286s until next try.
Apr 16 21:30:05 vagrant sh[7339]: 2025/04/16 21:30:05 WARNING: [Server] [Main] Cannot initialize the indexer client.
Apr 16 21:30:05 vagrant sh[7339]: 2025/04/16 21:30:05 INFO: [Server] [Main] Sleeping 2.9246471652515798s until next try.
Apr 16 21:30:05 vagrant sh[7339]: 2025/04/16 21:30:05 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:30:05 vagrant sh[7339]: 2025/04/16 21:30:05 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:30:05 vagrant sh[7339]: 2025/04/16 21:30:05 INFO: [Management API] Sleeping 2.887955744755147s until next try.
Apr 16 21:30:07 vagrant sh[7339]: 2025/04/16 21:30:07 WARNING: [Server] [Main] Cannot initialize the indexer client.
Apr 16 21:30:07 vagrant sh[7339]: 2025/04/16 21:30:07 INFO: [Server] [Main] Sleeping 4.936351832527314s until next try.
Apr 16 21:30:08 vagrant sh[7339]: 2025/04/16 21:30:08 DEBUG: [Management API] Connecting to the indexer client.
Apr 16 21:30:08 vagrant sh[7339]: 2025/04/16 21:30:08 WARNING: [Management API] Cannot initialize the indexer client.
Apr 16 21:30:08 vagrant sh[7339]: 2025/04/16 21:30:08 INFO: [Management API] Sleeping 4.7097308620336245s until next try.

@nico-stefani nico-stefani linked an issue Apr 16, 2025 that may be closed by this pull request
service wazuh-server start command hangs in console #27509
Closed
2 tasks
@nico-stefani nico-stefani force-pushed the enhancement/27509-unify-log branch from 1adf313 to 7fc30be Compare April 16, 2025 13:42
@nico-stefani nico-stefani force-pushed the enhancement/27509-unify-log branch from 7fc30be to 32e7bca Compare April 16, 2025 21:02
@nico-stefani nico-stefani changed the title Use start stop daemon for SysV init debian script Redirect logs to a file Apr 16, 2025
@nico-stefani nico-stefani marked this pull request as ready for review April 16, 2025 21:50
@javiersanchz javiersanchz self-requested a review April 21, 2025 07:48
javiersanchz
javiersanchz approved these changes Apr 21, 2025
View reviewed changes
Copy link
Member

@javiersanchz javiersanchz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

fdalmaup
fdalmaup approved these changes Apr 21, 2025
View reviewed changes
Copy link
Member

@fdalmaup fdalmaup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fdalmaup fdalmaup merged commit 997c7d8 into main Apr 21, 2025
6 checks passed
@fdalmaup fdalmaup deleted the enhancement/27509-unify-log branch April 21, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fdalmaup fdalmaup fdalmaup approved these changes

@javiersanchz javiersanchz javiersanchz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

service wazuh-server start command hangs in console

4 participants

@nico-stefani @fdalmaup @javiersanchz