Wazuh Urgent Update
120 views
Skip to first unread message
Usman Ali
Jun 30, 2022, 6:50:17 AM6/30/22
to Wazuh mailing list
Hi,
Currently my wazuh version is 4.3.4 and now I want to upgrade to Wazuh 4.3.5 I follow
I have few question
1) What is difference between
A) wazuh central components
B)Elastic basic Licenses
C)open distro for Elasticsearch
D)Wazuh Agent
2) From above which I need to follow to upgrade my wazhu (A, B, C & D all of them or specific one )and why?
3) curl -X PUT "https://<WAZUH_INDEXER_IP>:9200/_cluster/settings" -u <username>:<password> -k -H 'Content-Type: application/json
in above url which IP should i use Public, private or loop back
4) From where I will get wazuh indexer username an password? So i can enter in my question 3 URL
Thanks
Sandra Ocando
Jul 4, 2022, 8:40:43 AM7/4/22
to Usman Ali, Wazuh mailing list
Hello,
Thank you for using Wazuh! I'll address each of your questions below:
1. The basic Wazuh architecture is a Wazuh agent that is installed on the endpoints to be monitored, the Wazuh manager in charge of analyzing the data received from the agents, a shipper or forwarder (usually Filebeat) that sends the alert information to an indexer in charge of indexing and storing the data (Wazuh indexer / Elasticsearch) and a web user interface (Wazuh dashboard / Kibana).
Thank you for using Wazuh! I'll address each of your questions below:
1. The basic Wazuh architecture is a Wazuh agent that is installed on the endpoints to be monitored, the Wazuh manager in charge of analyzing the data received from the agents, a shipper or forwarder (usually Filebeat) that sends the alert information to an indexer in charge of indexing and storing the data (Wazuh indexer / Elasticsearch) and a web user interface (Wazuh dashboard / Kibana).
Depending on the forwarder, the indexer and the web user interface we can have different Wazuh installations as listed in the upgrade guide index.A) Wazuh central components: includes the Wazuh server, the Wazuh indexer, and the Wazuh dashboard. This is the default installation starting Wazuh v4.3.x.If you installed Wazuh 4.3.4 using our Quickstart (https://documentation.wazuh.com/current/quickstart.html ) or by following the Installation guide (https://documentation.wazuh.com/current/installation-guide/index.html), this is your type of installation. To learn more, see https://wazuh.com/blog/introducing-wazuh-4-3-0/ https://documentation.wazuh.com/current/getting-started/components/index.html.B) Elastic basic license: The Wazuh manager can be installed with a proprietary version of Filebeat, Elasticsearch and Kibana. The latest version supported is 7.17.4.The instructions for this type of installation can be found in https://documentation.wazuh.com/current/deployment-options/elastic-stack/index.html.C) Open distro for Elasticsearch: This was Wazuh default installation from Wazuh v4.0.0 to 4.2.7: https://documentation.wazuh.com/4.2/installation-guide/index.html.D) The Wazuh agent is the component deployed to the endpoints to be monitored. It supports Windows, Linux, MacOS, HP-UX, Solaris and AIX platforms.
2. Choose between A, B, or C according to your Wazuh installation. Follow the Upgrade the Wazuh agent guide (D) to upgrade your agents.If unsure about your installation type, on your web user interface enter the top left menu ≡ and click Stack Management.If you're using the default Wazuh installation, you'll find "Welcome to Stack Management 1.2.0". If that's the case use (A) Wazuh central components.If you find "Welcome to Stack Management 7.17.x" or 7.16.x, you're using Wazuh and Elastic Stack basic license (Option B).If you're using Open distro for Elasticsearch, you'll find "Welcome to Stack Management 7.10.2". If this is the case use option (C) Open distro for Elasticsearch.
3. Use the Wazuh indexer / Elasticsearch IP set during your installation. Check
4. Regarding your user and password, it also depends on your installation type:For installation A. Wazuh central components:
If you installed Wazuh using the Wazuh installation assistant, you can find the users and passwords in the
2. Choose between A, B, or C according to your Wazuh installation. Follow the Upgrade the Wazuh agent guide (D) to upgrade your agents.If unsure about your installation type, on your web user interface enter the top left menu ≡ and click Stack Management.If you're using the default Wazuh installation, you'll find "Welcome to Stack Management 1.2.0". If that's the case use (A) Wazuh central components.If you find "Welcome to Stack Management 7.17.x" or 7.16.x, you're using Wazuh and Elastic Stack basic license (Option B).If you're using Open distro for Elasticsearch, you'll find "Welcome to Stack Management 7.10.2". If this is the case use option (C) Open distro for Elasticsearch.
3. Use the Wazuh indexer / Elasticsearch IP set during your installation. Check
/etc/wazuh-indexer/opensearch.yml or /etc/elasticsearch/elasticsearch.yml and search for network.host. You may use localhost or 127.0.0.1 if network.host is configured as 0.0.0.0.4. Regarding your user and password, it also depends on your installation type:For installation A. Wazuh central components:
If you installed Wazuh using the Wazuh installation assistant, you can find the users and passwords in the
passwords.wazuh file inside wazuh-install-files.tar.tar -O -xvf wazuh-install-files.tar wazuh-install-files/passwords.wazuh
If you installed following step-by-step instructions, try the default credentials admin:admin. If you changed the default credentials and you can't find the new ones, you may use the Wazuh password tool to set new ones: https://documentation.wazuh.com/current/user-manual/securing-wazuh/wazuh-indexer.htmlFor installations B and C, look for your credentials inside the
Thank you for sharing your doubts, I'll work with the team to improve this page and make it easier for users to navigate through it.
Let us know if you need further assistance.
Best regards,
Sandra.
/etc/filebeat/filebeat.yml configuration file.Thank you for sharing your doubts, I'll work with the team to improve this page and make it easier for users to navigate through it.
Let us know if you need further assistance.
Best regards,
Sandra.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/05fac3b3-b44a-4034-a0cd-9bfd735f0b72n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages