Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review Indexer repository for legacy modules #303

Closed
2 tasks done
AlexRuiz7 opened this issue Jul 11, 2024 · 4 comments · Fixed by #385
Closed
2 tasks done

Review Indexer repository for legacy modules #303

AlexRuiz7 opened this issue Jul 11, 2024 · 4 comments · Fixed by #385
Assignees
@f-galland
Labels
level/task Task issue phase/mvp Minimum Viable Product type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Jul 11, 2024
edited by f-galland
Loading

Description

As part of the Legacy Removal epic, we need to ensure there are no references for legacy stuff.

Tasks

In this repository:

  • Check for references to OSSEC
  • Check for references to removed daemons (see Legacy Removal)
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Jul 11, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Jul 11, 2024
Open
1 task
@f-galland
Copy link
Member

f-galland commented Jul 17, 2024
edited
Loading

We are still relying on the old ossec path only in our integrations' compose files and pipeline files:

$ grep -Ril ossec | grep -Ev '.jar$|.jmod$|.zip$|^.gradle|.tar.gz$'
integrations/splunk/logstash/pipeline/manager-to-splunk.conf
integrations/elastic/logstash/pipeline/manager-to-elastic.conf
integrations/docker/compose.manager-elastic.yml
integrations/docker/compose.manager-splunk.yml
integrations/docker/compose.manager-opensearch.yml
integrations/opensearch/logstash/pipeline/manager-to-opensearch.conf
integrations/tools/events-generator/wazuh-alerts/alerts.json
integrations/tools/events-generator/run.py

However, we cannot remove these until the manager itself stops using these directories.

@f-galland
Copy link
Member

No references to the legacy modules whatsoever:

fede@tyner:~/src/wazuh-indexer (303-remove-legacy-references)
$ grep -REl 'wazuh-agentd|wazuh-agentlessd|wazuh-analysisd|wazuh-apid|wazuh-authd|wazuh-clusterd|wazuh-csyslogd|wazuh-db|wazuh-dbd|wazuh-execd|wazuh-integratord|wazuh-logcollector|wazuh-maild|wazuh-modulesd|wazuh-remoted|wazuh-reportd|wazuh-syscheckd'
fede@tyner:~/src/wazuh-indexer (303-remove-legacy-references)

@vikman90 vikman90 added the phase/mvp Minimum Viable Product label Aug 7, 2024
@AlexRuiz7
Copy link
Member Author

AlexRuiz7 commented Aug 21, 2024
edited
Loading

Blocked until we know the new path for the alerts.json file in 5.0.0.

The references to ossec come from the path of this file in our development environments for the third-party integrations.

/var/ossec/logs/alerts/alerts.json

@AlexRuiz7
Copy link
Member Author

Integrations with the Manager will no longer exist for 5.0.0.

We can safely remove these environments.

@f-galland f-galland mentioned this issue Sep 9, 2024
Merged
8 tasks
@f-galland f-galland linked a pull request Sep 9, 2024 that will close this issue
Remove alerts.json references and manager integrations #385
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f-galland f-galland

Labels
level/task Task issue phase/mvp Minimum Viable Product type/enhancement Enhancement issue
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove alerts.json references and manager integrations wazuh/wazuh-indexer
3 participants
@vikman90 @AlexRuiz7 @f-galland