2019/10/08 21:07:27 ossec-agentd: WARNING: Unable to reload hostname for 'my-nlb-url-pointing-at-1514'. Using previous address.
2019/10/08 21:07:27 ossec-agentd: INFO: Trying to connect to server (my-nlb-url-pointing-at-1514/172.23.5.32:1514/tcp).
2019/10/08 21:07:31 ossec-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds
2019/10/08 21:07:31 ossec-syscheckd: INFO: (6008): File integrity monitoring scan started.
2019/10/08 21:07:49 ossec-agentd: WARNING: Unable to reload hostname for 'my-nlb-url-pointing-at-1514'. Using previous address.
2019/10/08 21:07:49 ossec-agentd: INFO: Trying to connect to server (my-nlb-url-pointing-at-1514:1514/tcp).
2019/10/08 21:08:10 ossec-agentd: WARNING: Unable to reload hostname for 'my-nlb-url-pointing-at-1514'. Using previous address.
2019/10/08 21:08:10 ossec-agentd: INFO: Trying to connect to server (my-nlb-url-pointing-at-1514/IP_ADDRESS:1514/tcp).
2019/10/08 21:08:31 ossec-agentd: WARNING: Unable to reload hostname for 'my-nlb-url-pointing-at-1514'. Using previous address.
2019/10/08 21:08:31 ossec-agentd: INFO: Trying to connect to server (my-nlb-url-pointing-at-1514/IP_ADDRESS:1514/tcp).

2019/10/08 21:25:20 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:25:30 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:25:40 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:25:50 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:00 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:10 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:20 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:30 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:40 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.
2019/10/08 21:26:50 wazuh-clusterd: ERROR: [Worker] [Main] Could not connect to master: [Errno -2] Name or service not known. Trying again in 10 seconds.

--- a/wazuh-master-sts.yaml
+++ b/wazuh-master-sts.yaml
@@ -30,6 +30,10 @@ spec:
         filebeat_conf_cm_version: '@(filebeat_conf_cm_version)'
     spec:
       volumes:
+        - name: wazuh-master-efs
+          nfs:
+            path: /
+            server: {{ undef "<computed>" .efs_dns_name }}
         - name: ossec-conf
           secret:
             secretName: wazuh-master-conf
@@ -87,9 +91,9 @@ spec:
               mountPath: /etc/filebeat/filebeat.yml
               subPath: filebeat.yml
               readOnly: true
-            - name: data
+            - name: wazuh-master-efs
               mountPath: /var/ossec/data
-            - name: data
+            - name: wazuh-master-efs
               mountPath: /etc/postfix
           ports:
             - containerPort: 1515
@@ -98,14 +102,3 @@ spec:
               name: cluster
             - containerPort: {{ .api_port }}
               name: api
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-        namespace: '@(namespace)'
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        storageClassName: gp2-encrypted-retained
-        resources:
-          requests:
-            storage: 50Gi

2019/05/29 01:45:17 wazuh-modulesd: ERROR: (1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2019/05/29 01:45:18 ossec-remoted: ERROR: (1210): Queue '/queue/ossec/queue' not accessible: 'Connection refused'.
2019/05/29 01:45:18 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0190-ms_ftpd_rules.xml'
2019/05/29 01:45:18 ossec-remoted: CRITICAL: (1211): Unable to access queue: '/queue/ossec/queue'. Giving up..

rm: cannot remove '/var/ossec/queue/db/.template.db': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/authd.pass' -> '/var/ossec/data/etc/authd.pass'
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/data/etc/ossec.conf'
'/wazuh-config-mount/etc/rules/local_rules.xml' -> '/var/ossec/data/etc/rules/local_rules.xml'
'/wazuh-config-mount/etc/shared/default/agent.conf' -> '/var/ossec/data/etc/shared/default/agent.conf'
Performing Wazuh API port and credentials setup
### Wazuh API Configuration ###

Using 55000 port.


Adding password for user ndev-wazuh-manager.


Configuration changed.

Restarting API.

### [Configuration changed] ###
sed: cannot rename /etc/filebeat/sedJyZzQl: Device or resource busy
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/10_syslog-ng.init...
Sep 13 20:27:19 wazuh-manager-3-9-0 syslog-ng[60]: syslog-ng starting up; version='3.13.2'
*** Booting runit daemon...
*** Runit started as PID 67
WAZUH-API is already running.
WazuhAPI 2019-09-13 20:21:43 ndev-wazuh-manager: [::ffff:10.6.21.70] GET /agents/?limit=500&offset=0 - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:44 ndev-wazuh-manager: [::ffff:100.102.185.128] GET /version? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:45 ndev-wazuh-manager: [::ffff:10.6.21.70] GET /cluster/status? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:45 ndev-wazuh-manager: [::ffff:100.114.66.128] GET /cluster/node? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:45 ndev-wazuh-manager: [::ffff:100.100.234.128] GET /version? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:46 ndev-wazuh-manager: [::ffff:100.100.26.64] GET /agents/summary? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:46 ndev-wazuh-manager: [::ffff:100.100.234.128] GET /rules/pci? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:21:46 ndev-wazuh-manager: [::ffff:100.123.247.192] GET /rules/gdpr? - 200 - error: '0'.
WazuhAPI 2019-09-13 20:24:52 : ERROR: Wazuh manager v3.9.5 found. Wazuh manager v3.6.x expected. Exiting.
WazuhAPI 2019-09-13 20:24:53 : ERROR: Wazuh manager v3.9.5 found. Wazuh manager v3.6.x expected. Exiting.
Sep 13 20:27:19 wazuh-manager-3-9-0 cron[73]: (CRON) INFO (pidfile fd = 3)
Sep 13 20:27:19 wazuh-manager-3-9-0 cron[73]: (CRON) INFO (Running @reboot jobs)
2019-09-13T20:27:19.460Z	INFO	instance/beat.go:611	Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2019-09-13T20:27:19.465Z	INFO	instance/beat.go:618	Beat UUID: ecf3180a-9430-4918-a210-6729a6b1a191
2019-09-13T20:27:19.465Z	INFO	[beat]	instance/beat.go:931	Beat info	{"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "ecf3180a-9430-4918-a210-6729a6b1a191"}}}
2019-09-13T20:27:19.465Z	INFO	[beat]	instance/beat.go:940	Build info	{"system_info": {"build": {"commit": "0ffbeab5a52fa93586e4178becf1252e6a837028", "libbeat": "6.8.2", "time": "2019-07-24T14:24:45.000Z", "version": "6.8.2"}}}
2019-09-13T20:27:19.465Z	INFO	[beat]	instance/beat.go:943	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":16,"version":"go1.10.8"}}}
2019-09-13T20:27:19.466Z	INFO	[beat]	instance/beat.go:947	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-09-13T15:48:26Z","containerized":true,"name":"wazuh-manager-3-9-0","ip":["127.0.0.1/8","::1/128","100.107.198.212/32","fe80::10ac:caff:fed6:59e7/64"],"kernel_version":"4.15.0-1044-aws","mac":["12:ac:ca:d6:59:e7"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"18.04.3 LTS (Bionic Beaver)","major":18,"minor":4,"patch":3,"codename":"bionic"},"timezone":"UTC","timezone_offset_sec":0}}}
2019-09-13T20:27:19.466Z	INFO	[beat]	instance/beat.go:976	Process info	{"system_info": {"process": {"capabilities": {"inheritable":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 102, "ppid": 97, "seccomp": {"mode":"disabled","no_new_privs":false}, "start_time": "2019-09-13T20:27:18.919Z"}}}
2019-09-13T20:27:19.466Z	INFO	instance/beat.go:280	Setup Beat: filebeat; Version: 6.8.2
2019-09-13T20:27:19.466Z	INFO	[publisher]	pipeline/module.go:110	Beat name: wazuh-manager-3-9-0
Config OK
tail: cannot open '/var/log/filebeat/filebeat' for reading: No such file or directory
tail: no files remaining
2019/09/13 20:27:19 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:27:19 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
ossec-analysisd: Configuration error. Exiting
2019/09/13 20:26:48 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:26:48 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:26:52 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:26:52 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:27:02 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:27:02 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:27:12 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:27:12 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:27:19 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:27:19 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
WazuhAPI 2019-09-13 20:27:19 : ERROR: Wazuh manager v3.9.5 found. Wazuh manager v3.6.x expected. Exiting.
2019-09-13T20:27:20.565Z	INFO	instance/beat.go:611	Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2019-09-13T20:27:20.565Z	INFO	instance/beat.go:618	Beat UUID: ecf3180a-9430-4918-a210-6729a6b1a191
2019-09-13T20:27:20.565Z	INFO	[beat]	instance/beat.go:931	Beat info	{"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "ecf3180a-9430-4918-a210-6729a6b1a191"}}}
2019-09-13T20:27:20.565Z	INFO	[beat]	instance/beat.go:940	Build info	{"system_info": {"build": {"commit": "0ffbeab5a52fa93586e4178becf1252e6a837028", "libbeat": "6.8.2", "time": "2019-07-24T14:24:45.000Z", "version": "6.8.2"}}}
2019-09-13T20:27:20.565Z	INFO	[beat]	instance/beat.go:943	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":16,"version":"go1.10.8"}}}
2019-09-13T20:27:20.566Z	INFO	[beat]	instance/beat.go:947	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-09-13T15:48:26Z","containerized":true,"name":"wazuh-manager-3-9-0","ip":["127.0.0.1/8","::1/128","100.107.198.212/32","fe80::10ac:caff:fed6:59e7/64"],"kernel_version":"4.15.0-1044-aws","mac":["12:ac:ca:d6:59:e7"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"18.04.3 LTS (Bionic Beaver)","major":18,"minor":4,"patch":3,"codename":"bionic"},"timezone":"UTC","timezone_offset_sec":0}}}
2019-09-13T20:27:20.566Z	INFO	[beat]	instance/beat.go:976	Process info	{"system_info": {"process": {"capabilities": {"inheritable":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 159, "ppid": 158, "seccomp": {"mode":"disabled","no_new_privs":false}, "start_time": "2019-09-13T20:27:20.099Z"}}}
2019-09-13T20:27:20.566Z	INFO	instance/beat.go:280	Setup Beat: filebeat; Version: 6.8.2
2019-09-13T20:27:20.567Z	INFO	[publisher]	pipeline/module.go:110	Beat name: wazuh-manager-3-9-0
Config OK
/usr/share/filebeat/bin/filebeat-god already running.
2019-09-13T20:27:19.554Z	INFO	[publisher]	pipeline/module.go:110	Beat name: wazuh-manager-3-9-0
2019-09-13T20:27:19.554Z	INFO	instance/beat.go:402	filebeat start running.
2019-09-13T20:27:19.554Z	INFO	registrar/registrar.go:97	No registry file found under: /var/lib/filebeat/registry. Creating a new registry file.
2019-09-13T20:27:19.560Z	INFO	registrar/registrar.go:134	Loading registrar data from /var/lib/filebeat/registry
2019-09-13T20:27:19.560Z	INFO	registrar/registrar.go:141	States Loaded from registrar: 0
2019-09-13T20:27:19.560Z	WARN	beater/filebeat.go:367	Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.
2019-09-13T20:27:19.560Z	INFO	crawler/crawler.go:72	Loading Inputs: 1
2019-09-13T20:27:19.561Z	INFO	log/input.go:148	Configured paths: [/var/ossec/logs/alerts/alerts.json]
2019-09-13T20:27:19.561Z	INFO	input/input.go:114	Starting input of type: log; ID: 13571056894027297000 
2019-09-13T20:27:19.561Z	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 1
2019/09/13 20:28:22 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:28:22 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:28:32 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:28:32 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:28:42 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:28:42 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:28:52 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:28:52 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:28:58 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:28:58 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:02 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:02 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:08 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:08 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:12 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:12 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:18 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:18 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:22 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:22 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:32 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:32 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.
2019/09/13 20:29:42 ossec-analysisd: ERROR: Invalid decoder name: 'syscheck_integrity_changed_2nd'.
2019/09/13 20:29:42 ossec-analysisd: CRITICAL: (1220): Error loading the rules: 'ruleset/rules/0015-ossec_rules.xml'.

apiVersion: v1
kind: Service
metadata:
  name: wazuh-workers
  namespace: wazuh
  labels:
    app: wazuh-manager
spec:
  selector:
    app: wazuh-manager
    node-type: worker
  ports:
    - name: agents-events
      port: 1514
      targetPort: 1514
      protocol: TCP
  type: LoadBalancer

2019/10/22 01:46:33 ossec-remoted: WARNING: (1213): Message from '100.112.0.0' not allowed.
2019/10/22 01:46:38 ossec-remoted: WARNING: (1213): Message from '100.119.0.0' not allowed.
2019/10/22 01:46:44 ossec-remoted: WARNING: (1213): Message from '100.116.0.0' not allowed.
2019/10/22 01:46:51 ossec-remoted: WARNING: (1213): Message from '100.112.0.0' not allowed.
2019/10/22 01:47:02 ossec-remoted: WARNING: (1213): Message from '100.119.0.0' not allowed.
2019/10/22 01:47:09 ossec-remoted: WARNING: (1213): Message from '100.116.0.0' not allowed.

2019/10/22 01:50:49 ossec-remoted: WARNING: (1408): Invalid ID 007 for the source ip: '100.116.0.0' (name 'unknown').
2019/10/22 01:50:56 ossec-remoted: WARNING: (1408): Invalid ID 007 for the source ip: '100.112.0.0' (name 'unknown').
2019/10/22 01:51:01 ossec-remoted: WARNING: (1408): Invalid ID 007 for the source ip: '100.119.0.0' (name 'unknown').

apiVersion: v1
kind: Service
metadata:
  name: wazuh-workers
  namespace: wazuh
  labels:
    app: wazuh-manager
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
  selector:
    app: wazuh-manager
    node-type: worker
  ports:
    - name: agents-events
      port: 1514
      targetPort: 1514
      protocol: TCP
  type: LoadBalancer

2019/10/22 01:53:01 ossec-remoted: WARNING: Too big message size from 100.119.0.0 [13].
2019/10/22 01:53:01 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [13].
2019/10/22 01:53:01 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [14].
2019/10/22 01:53:05 ossec-remoted: WARNING: Too big message size from 100.119.0.0 [13].
2019/10/22 01:53:09 ossec-remoted: WARNING: Too big message size from 100.119.0.0 [13].
2019/10/22 01:53:09 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [13].
2019/10/22 01:53:09 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [14].
2019/10/22 01:53:11 ossec-remoted: WARNING: Too big message size from 100.112.0.0 [13].
2019/10/22 01:53:11 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [14].
2019/10/22 01:53:11 ossec-remoted: WARNING: Too big message size from 100.116.0.0 [13].

          volumeMounts:
            - name: config
              mountPath: /wazuh-config-mount/etc/ossec.conf
              subPath: ossec.conf
              readOnly: true
            - name: wazuh-manager-master
              mountPath: /var/ossec/data
            - name: wazuh-manager-master
              mountPath: /etc/postfix
            - name: wazuh-manager-master
              mountPath: /var/lib/filebeat