Upgrade wazuh y elk

45 views
Skip to first unread message

Felipe Andres Concha Sepúlveda

unread,
Jun 18, 2019, 11:05:21 AM6/18/19
to Wazuh mailing list
Hello good afternoon,

Have some idea of this topic
We are migrating the system we have and we are not receiving information in Kibana, although we see old alerts, but the new is not coming.
After the update we have:

Wazuh 3.9
Elk 6.8.0

 filebeat configuración


Error los elasticsearch
[2019-06-18T16:22:25,087][WARN ][o.e.g.DanglingIndicesState] [nodo-01] [[.monitoring-es-6-2019.06.18/fbi5rXxPQOKPnfUsTZhkUg]] can not be imported as a dangling index, as index with same name already exists in cluster metadata

Juan Carlos Rodríguez

unread,
Jun 19, 2019, 4:26:02 AM6/19/19
to Wazuh mailing list

Hi Felipe

It seems that the Warning that appears in the logs is of an index (.monitoring) created by the Elastic X-Pack monitoring component, and that does not have much relation with the problem that you are reporting of not indexing new alerts after updating.

At this point, it occurs to me that you may have some error in the Filebeat configuration or even that the Filebeat service is not running. So, could you paste here the output of this commands?

systemctl status filebeat -l
filebeat test output

And on the other hand, check if new alerts are been generating in this file:

cat /var/ossec/logs/alerts/alerts.json

Let us know the results.

Regards,
Juan Carlos

Felipe Andres Concha Sepúlveda

unread,
Jun 19, 2019, 5:01:40 AM6/19/19
to Juan Carlos Rodríguez, Wazuh mailing list
Hello Juan Carlos,

I have configured the sending of filebeat to logstash and I have given it a time and now it works very well
The have the same error, but as you say it has no relation.



Thanks!!!!!





Regards,

Felipe


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/8a8e7b45-6453-4960-8f37-278e076fca74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages