Wazuh indexer node addition problem

[Raguram Reddy]

Hi,
I have wazuh in single nodded architecture and my cluster became yellow due allocation issues. Now I am trying to add new node to cluster. but no adding getting the bellow eror
It is urgent can anyone help me please 
It's a emergency for me 

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying ...
  Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTi
meoutException)
   * Try running securityadmin.sh with -icl (but no -cn) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
   * Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
   * If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
   * Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

[Carlos Ezequiel Bordon]

Hi Raguram, are you following this guide to add a new node? https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html

Also, I need you to share some information about your environment so I can help you more precisely.

• Wazuh Indexer version
• Installation type
• How many nodes do you currently have
• Did you create new certificates for the new node?

[Raguram Reddy]

I have wazuh indexer latest version
Distributed installation
1 node I have and now I am trying to add another node
Yes I followed wazuh official documents and created wazuh-certification.tar for new indexer

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/f454ab3c-187e-48d8-bd9f-4fbf5982c4c3n%40googlegroups.com.

[Raguram Reddy]

Based on the given information can you help me to resolve the issue .

[Carlos Ezequiel Bordon]

Please share the /etc/wazuh-indexer/opensearch.yml files from both nodes (omit sensitive information, such as IP addresses and certificate names).

The error you shared indicates a timeout error. Can you validate connectivity between the nodes? Try telnet to port 9200.

[Raguram Reddy]

Please find the attached file, for all the details
Kindly please check and respond fast as this was an emergency for me
please kindly understand my problem 

To view this discussion visit https://groups.google.com/d/msgid/wazuh/412bc5c1-6ace-4d85-abc7-13960569dd69n%40googlegroups.com.

[Raguram Reddy]

Dear Team,
Please check the attachment and reply as soon as possible , it was an emergency.

[Carlos Ezequiel Bordon]

In the file you shared, I see a typo in the new node's configuration:
network.host: "..*..117"

I don't know if it was when you edited it or if the configuration is actually like this. This could be causing problems with the indexer's communication.

In this configuration, you can also set 0.0.0.0 so that Wazuh Indexer receives communications from any IP address.

After modifying this, restart the Wazuh Indexer service.

Did you test the telnet from another host? Or from the new host you're trying to add? Also, try these commands on the new node and the old node:

curl -XGET https:/<EXISTING_WAZUH_INDEXER_IP>:9200/_cluster/health?pretty -u admin: -k

[Raguram Reddy]

Dear Team,
I have a typo mistake 
in network.host ip is correctly given and also tried using 0.0.0.0 but getting like this
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit


ALso I checked cluster health 
curl -X GET "https://**.**.*.234:9200/_cluster/health?pretty" -k -u 'admin:password'
{
  "cluster_name" : "wazuh-cluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 176,
  "active_shards" : 176,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 33,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 84.21052631578947
}

On Wed, Apr 2, 2025 at 12:10 AM 'Carlos Ezequiel Bordon' via Wazuh | Mailing List <wa...@googlegroups.com> wrote:

En el archivo que me compartiste veo un typo en la configuración del nuevo nodo:
network.host: "**.**.*..117"

no se si fue cuando lo editaste o si la configuración efectivamente esta asi, esto puede estar generandote problemas en la comunicación del indexer.

en esta configuración tambien puedes poner 0.0.0.0 para que Wazuh indexer reciba las comunicaciones desde cualquier IP.

Luego de modificar esto reinicia el servicio de Wazuh indexer.

El telnet lo comprobaste desde otro host? o desde el host nuevo que estas intentando agregar?. prueba tambien estos comandos al nodo nuevo y al nodo anterior:

curl -XGET https:/<EXISTING_WAZUH_INDEXER_IP>:9200/_cluster/health?pretty -u admin:<ADMIN-PASSWORD> -k

On Tuesday, April 1, 2025 at 10:31:25 AM UTC-3 Raguram Reddy wrote:

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/p7AIDGH8j4I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/d165668b-aad0-4a8d-8b33-71949c5f1a19n%40googlegroups.com.

[Raguram Reddy]

I tried with 0.0.0.0 as network host for new node
getting same issue

Security Admin v7
Will connect to 127.0.0.1:9200 ... done

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying ...
  Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTi
meoutException)
   * Try running securityadmin.sh with -icl (but no -cn) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
   * Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
   * If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
   * Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

[Raguram Reddy]

Dear Team,
Please check the given details and help me to resolve the issue

[Raguram Reddy]

Dear Team,
please check and respond  with the solution to resolve the issue
It's an emergency for me, kindly understand.

[Raguram Reddy]

Dear Team,
Please respond 

[Raguram Reddy]

Dear Carlos,
please check the given data and help me to resolve the issue with a solution
I am waiting for your response 

[Raguram Reddy]

dear Carlos,

I am waiting for your response

Please consider my request and respond as soon as possible.

[Carlos Ezequiel Bordon]

You should look over the tool's logs to see where the error might be.

Run:

systemctl status wazuh-indexer

and share the output.

Also, run this command and share the output:

head -n 400 /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"

Also, run the telnet command as follows:

Node 1: telnet <Node-2-IP> 9200
Node 2: telnet <Node-1-IP> 9200

and share the output with us.

[Carlos Ezequiel Bordon]

I think you have an error in the Wazuh indexer configuration. According to the documentation I shared with you, you need to add the node information to all nodes using this format:

https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html#configuring-the-wazuh-indexer

cluster.initial_master_nodes:

- "<EXISTING_WAZUH_INDEXER_NODE_NAME>"

- "<NEW_WAZUH_INDEXER_NODE_NAME>"

discovery.seed_hosts:

- "<EXISTING_WAZUH_INDEXER_IP>" 

- "<NEW_WAZUH_INDEXER_IP>"

plugins.security.nodes_dn:

- "CN=<EXISTING_WAZUH_INDEXER_NODE_NAME>,OU=Wazuh,O=Wazuh,L=California,C=US"

- "CN=<NEW_WAZUH_INDEXER_NODE_NAME>,OU=Wazuh,O=Wazuh,L=California,C=US"

Make these changes and after a restart, both wazuh-indexer nodes:

systemctl restart wazuh-indexer

After this, execute the security admin script.

/usr/share/wazuh-indexer/bin/indexer-security-init.sh

[Raguram Reddy]

I made the changed which you have mentioned

This is my existing  wazuh config


network.host: "0.0.0.0"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
- "node-2"
cluster.name: "wazuh-cluster"
node.master: true
discovery.seed_hosts:
  - "**.**.*.234"
  - "**.**.*.117"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false


This is my new indexer node( Which is to be added)  config 


network.host: "0.0.0.0"
node.name: "node-2"
cluster.initial_master_nodes:
- "node-1"
- "node-2"
cluster.name: "wazuh-cluster"
node.master: false
discovery.seed_hosts:
  - "**.**.*.234"
  - "**.**.*.117"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
                                                            

I have restarted tried but still getting the same error

Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying ...
  Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTi
meoutException)
   * Try running securityadmin.sh with -icl (but no -cn) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
   * Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
   * If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
   * Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

[Raguram Reddy]

Hi Team,
I have a wazuh setup and I am using a single node for complete wazuh.
As I am using a single indexer node my cluster became yellow due to unassigned shard.
Now I am adding one more indexer node to my existing wazuh single noded cluster. While adding a new indexer node I am getting the following error
I have checked and both existing wazuh and new indexer nodes are communicating properly , no issue with communication and no issues with ports 9200 and 9300.
I am sharing the config file snippet. Please check the config files and help me to resolve this issue
Existing wazuh ip is **.**.*.234
new indexer node  ip is **.**.*.117

[Carlos Ezequiel Bordon]

I've run some local tests successfully, and I was able to add the new node without any issues.

I'll share the steps I took so you can check your configuration:

Node 1: All in One:

```
vagrant@cbordon-4330:~$ sudo bash wazuh-install.sh -a
21/04/2025 13:11:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.11.2 (x86_64/AMD64)
21/04/2025 13:11:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
21/04/2025 13:11:48 INFO: Verifying that your system meets the recommended minimum hardware requirements.
21/04/2025 13:11:48 INFO: Wazuh web interface port will be 443.
21/04/2025 13:11:53 INFO: --- Dependencies ----
21/04/2025 13:11:53 INFO: Installing apt-transport-https.
21/04/2025 13:11:57 INFO: Installing debhelper.
21/04/2025 13:12:20 INFO: Wazuh repository added.
21/04/2025 13:12:20 INFO: --- Configuration files ---
21/04/2025 13:12:20 INFO: Generating configuration files.
21/04/2025 13:12:20 INFO: Generating the root certificate.
21/04/2025 13:12:20 INFO: Generating Admin certificates.
21/04/2025 13:12:21 INFO: Generating Wazuh indexer certificates.
21/04/2025 13:12:21 INFO: Generating Filebeat certificates.
21/04/2025 13:12:21 INFO: Generating Wazuh dashboard certificates.
21/04/2025 13:12:21 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
21/04/2025 13:12:21 INFO: --- Wazuh indexer ---
21/04/2025 13:12:21 INFO: Starting Wazuh indexer installation.
21/04/2025 13:13:56 INFO: Wazuh indexer installation finished.
21/04/2025 13:13:56 INFO: Wazuh indexer post-install configuration finished.
21/04/2025 13:13:56 INFO: Starting service wazuh-indexer.
21/04/2025 13:14:07 INFO: wazuh-indexer service started.
21/04/2025 13:14:07 INFO: Initializing Wazuh indexer cluster security settings.
21/04/2025 13:14:10 INFO: Wazuh indexer cluster security configuration initialized.
21/04/2025 13:14:10 INFO: Wazuh indexer cluster initialized.
21/04/2025 13:14:10 INFO: --- Wazuh server ---
21/04/2025 13:14:10 INFO: Starting the Wazuh manager installation.
21/04/2025 13:15:31 INFO: Wazuh manager installation finished.
21/04/2025 13:15:31 INFO: Wazuh manager vulnerability detection configuration finished.
21/04/2025 13:15:31 INFO: Starting service wazuh-manager.
21/04/2025 13:15:47 INFO: wazuh-manager service started.
21/04/2025 13:15:47 INFO: Starting Filebeat installation.
21/04/2025 13:16:07 INFO: Filebeat installation finished.
21/04/2025 13:16:10 INFO: Filebeat post-install configuration finished.
21/04/2025 13:16:10 INFO: Starting service filebeat.
21/04/2025 13:16:11 INFO: filebeat service started.
21/04/2025 13:16:11 INFO: --- Wazuh dashboard ---
21/04/2025 13:16:11 INFO: Starting Wazuh dashboard installation.
21/04/2025 13:17:17 INFO: Wazuh dashboard installation finished.
21/04/2025 13:17:17 INFO: Wazuh dashboard post-install configuration finished.
21/04/2025 13:17:17 INFO: Starting service wazuh-dashboard.
21/04/2025 13:17:17 INFO: wazuh-dashboard service started.
21/04/2025 13:17:18 INFO: Updating the internal users.
21/04/2025 13:17:23 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
21/04/2025 13:17:34 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
21/04/2025 13:18:03 INFO: Initializing Wazuh dashboard web application.
21/04/2025 13:18:04 INFO: Wazuh dashboard web application initialized.
21/04/2025 13:18:04 INFO: --- Summary ---
21/04/2025 13:18:04 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: .w+6q7iJuZ4qv+ARaPiSZrt5Qn3IMZ94
21/04/2025 13:18:04 INFO: Installation finished.
```

After this, move forward with this documentation: https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html#all-in-one-deployment

This is how my new config.yml  looks like.

```

config.yml
nodes:
# Wazuh indexer nodes
  indexer:
    - name: wazuh-indexer
      ip: 192.168.57.242
    - name: wazuh-indexer-2
      ip: 192.168.57.178

# Wazuh server nodes
  server:
    - name: wazuh-server
      ip: 192.168.57.242

# Wazuh dashboard nodes
  dashboard:
    - name: wazuh-dashboard
      ip: 192.168.57.242
```

After this, I could create the new certificates and copy these new certificates to the new node:

Once this is done, follow the steps indicated here: https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html#configuring-existing-components-to-connect-with-the-new-node

```
env_variables.sh
export NODE_NAME1=wazuh-indexer
export NODE_NAME2=wazuh-server
export NODE_NAME3=wazuh-dashboard
```

```
deploy-certificates.sh
#!/bin/bash

# Source the environmental variables from the external file
source ~/env_variables.sh

rm -rf /etc/wazuh-indexer/certs
mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME1.pem ./$NODE_NAME1-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME1.pem /etc/wazuh-indexer/certs/wazuh-indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME1-key.pem /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs

rm -rf /etc/filebeat/certs
mkdir /etc/filebeat/certs
tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME2.pem ./$NODE_NAME2-key.pem ./root-ca.pem
mv -n /etc/filebeat/certs/$NODE_NAME2.pem /etc/filebeat/certs/wazuh-server.pem
mv -n /etc/filebeat/certs/$NODE_NAME2-key.pem /etc/filebeat/certs/wazuh-server-key.pem
chmod 500 /etc/filebeat/certs
chmod 400 /etc/filebeat/certs/*
chown -R root:root /etc/filebeat/certs

rm -rf /etc/wazuh-dashboard/certs
mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME3.pem ./$NODE_NAME3-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME3.pem /etc/wazuh-dashboard/certs/wazuh-dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME3-key.pem /etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
```

Edit the opensearch.yml and filebeat.yml files as follows:

```
/etc/wazuh-indexer/opensearch.yml
network.host: "192.168.57.242"
node.name: "wazuh-indexer"
cluster.initial_master_nodes:
- "wazuh-indexer"
- "wazuh-indexer-2"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "192.168.57.242"
  - "192.168.57.178"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-key.pem

plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh-indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh-indexer-2,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
```

```
root@cbordon-4330:~# cat /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch.hosts:
        - 192.168.57.242:9200
        - 192.168.57.178:9200
#        - <elasticsearch_ip_node_3>:9200

output.elasticsearch:
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/wazuh-server.pem"
  ssl.key: "/etc/filebeat/certs/wazuh-server-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

logging.metrics.enabled: false

seccomp:
  default_action: allow
  syscalls:
  - action: allow
    names:
    - rseq
```


After restarting all services as instructed in the documentation, proceed with this step: https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html#wazuh-indexer-node-s-installation


This is how the new node is configured:

```
cat /etc/wazuh-indexer/opensearch
cat: /etc/wazuh-indexer/opensearch: No such file or directory
root@cbordon-59:~# cat /etc/wazuh-indexer/opensearch.yml
network.host: "192.168.57.178"
node.name: "wazuh-indexer-2"
cluster.initial_master_nodes:
- "wazuh-indexer-2"
- "wazuh-indexer"
#- "node-3"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "192.168.57.178"
  - "192.168.57.242"
#  - "node-3-ip"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"

plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh-indexer-2,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh-indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
```

Once the certificates have been deployed to the new node, start the security admin without problems:

Node 1

```
root@cbordon-4330:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7

Will connect to 192.168.57.242:9200 ... done

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...

Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
Done with success
```

Node 2

```
root@cbordon-59:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7

Will connect to 192.168.57.178:9200 ... done

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...

Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 2
Number of data nodes: 2
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
Done with success
```

Filebeat

```
filebeat test output
elasticsearch: https://192.168.57.242:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.57.242
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
elasticsearch: https://192.168.57.178:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.57.178
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
```

Test Wazuh indexer:

```
curl -XGET https://192.168.57.242:9200/_cluster/health?pretty -u admin:admin -k
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 2,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 11,
  "active_shards" : 19,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,

  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,

  "active_shards_percent_as_number" : 100.0
}

```

[Raguram Reddy]

Dear Team,
I did same as you mentioned but still getting error

This is opensearch.yml for my new node(**.**.*.117)

/etc/wazuh-indexer/opensearch.yml
network.host: "10.26.2.117"
node.name: "node-2"
cluster.initial_master_nodes:
- "node-2"
- "node-1"
cluster.name: "wazuh-cluster"
  GNU nano 6.2                                                               opensearch.yml
network.host:  "**.**.*.117"
node.name: "node-2"
cluster.initial_master_nodes:
- "node-2"
- "node-1"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "**.**.*.117"
  - "**.**.*.234"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true

This is my existing node opensearch.yml (**.**.*.234)

opensearch.yml
network.host: " **.**.*.234  "

node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
- "node-2"
cluster.name: "wazuh-cluster"

discovery.seed_hosts:
  - " **.**.*.234  "
  - " **.**.*.117 "

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:

- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"

#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anoma>

This is my filebeat config file

 /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file

output.elasticsearch:
  hosts: ["**.**.*.234:9200", "**.**.*.117:9200"]

  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem

  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"

setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:

Error

usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7

Will connect to **.**.*:9200 ... done

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...

Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying ...
  Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTi
meoutException)
   * Try running securityadmin.sh with -icl (but no -cn) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
   * Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
   * If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
   * Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

please check these files and help me to resolve the error I am facing, I was an emergency situation for me to resolve the error

[Raguram Reddy]

I have installed wazuh  separately indexer cluster dashboard monitor
I have not used All in one method

Still issue is not resolved I am sharing the error and the config file, please go through it  

Error I am facing

usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7

Will connect to **.**.*:9200 ... done

Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...

Cannot retrieve cluster state due to: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE]. This is not an error, will keep on trying ...
  Root cause: java.net.SocketTimeoutException: 30,000 milliseconds timeout on connection http-outgoing-2 [ACTIVE] (java.net.SocketTimeoutException/java.net.SocketTi
meoutException)
   * Try running securityadmin.sh with -icl (but no -cn) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
   * Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
   * If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
   * Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

opensearch.yml for existing node(**.**.*.234)

  GNU nano 6.2                                                               opensearch.yml

network.host: "**.**.*.234"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
- "node-2"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "**.**.*.234"
  - "**.**.*.117"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:

- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"

#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anoma>

opensearch.yml for new node (**.**.*.117)

  GNU nano 6.2                                                               opensearch.yml
network.host: "**.**.*.117"
node.name: "node-2"
cluster.initial_master_nodes:
- "node-2"
- "node-1"
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
  - "**.**.*.117"
  - "**.**.*.234"

node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:

- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"

#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anoma>

Filebeat config (**.**.*.234)

 /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file

output.elasticsearch:
  hosts: ["**.**.*.234:9200", "**.**.*.117:9200"]

  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem

  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"

setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:

Dear Team, It was an emergency situation for me to resolve the issue , kindly consider my request and help me to resolve the error

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/p7AIDGH8j4I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.

To view this discussion visit https://groups.google.com/d/msgid/wazuh/3ea719a0-a8c7-4aa2-8a39-f6412ddbfdd9n%40googlegroups.com.

[Carlos Ezequiel Bordon]

Please share all the steps you performed on each node in a separate text file. Also, share the steps you followed to create the certificates for the new node in a separate text file.