Weird

Okay

I have been having issues with Wazuh loading today..  at first the api would not load which prompted me to reboot the VM.  After Wazuh came back up it loaded with no problem.  I left it idled for a while and of course I had to log back in again.  This time it was an issue with the indexer not loading.  Tried rebooting the VM, restarting the wazuh-indexer, restarting the wazuh-dashboard and nada.  Not even the login page would load at that point.  So I tried checking the logs which was useless, but I had to follow the protocol for troubleshooting before I was forced to engage the forums.  After a little googling I found a couple of steps to follow, one of which had me scratching my head.  it suggested that I check the free disk space on the server.  It showed that the partition containing the Wazuh server was at 100% capacity, so I increased the disk size for the VM in Proxmox, rebooted the VM and checked again and still no change.  Weird!!!  So I then found another suggestion for clearing the logs in the /var/logs/wazuh directory but only one directory under the wazuh folder had anything in it and even then it was only using 7 megs of space, I am thinking to myself that can't be the issue so I tried an experiment and tried to create a new file on the server and low and behold I got the error message about not enough disk space to perform the task.  After several minutes of scratching my head, I said screw it and tried deleting the file that was the biggest by far clocking in at 5.9 megs.  I was unable to do it so I tried deleting the directory it was in for the month of March and deleted all the files including that one.  I made sure to check and see if the indexer and dashboard service started back up and "Bob's your uncle" I was cooking with gas.  I did have to reboot the server again but everything started backup and it loaded the dashboard with one little caveat, all my alerts were gone for all the endpoints it was monitoring, oops!  Live and learn!  it is just a home lab and it will take a day or so for the alerts to be ingested by it again.  After all of this I decided to check the free space again and low and behold the disk increase i made in Proxmox for the VM kicked in and it is at 30 gigs now, again live and learn.  All in all it only took 3 hours to resolve that issue and I learned a lot.  This homelab using Linux is going to drive me to drink, but I am way better at it than I was 2 years ago, yeah!!!!!!

Happy Wednesday 😀