Installation of Wazuh on Oracle Linux

[Ahmad Hassan]

I hope you are fine and doing well.

Can any body install wazuh SIEM on oracle Linux. if Yes please share your experience.

[Olusegun Adenrele Oyebo]

Hello Ahmad,

Since Red Hat Enterprise linux is one of the recommended operating systems for installing Wazuh components and Oracle linux is compiled from Red Hat source code, then you shouldn't have any challenge deploying the components on the OS.

You can also check the below link for other recommended operating systems:

• https://documentation.wazuh.com/current/quickstart.html#operating-system

I hope this provided clarity. If you have any other query, do not hesitate to ask

Best regards.

[Olusegun Adenrele Oyebo]

Hello Ahmad,

I don't know if you missed my response below.

There are a few things one can look at. What amount of resources did you assign to your Wazuh indexer server?   

Are you using an all-in-one deployment or distributed? You can check the below reference for information on the hardware requirements:

• https://documentation.wazuh.com/current/quickstart.html#requirements
• https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#hardware-recommendations

After confirming and making sure that your environment meets the above specification, and if the issue still persists, you can try to reconfigure the TimeoutStartSec in the Wazuh indexer service. Run the command systemctl edit --full wazuh-indexer.service and change TimeoutStartSec=0, save the changes and restart the service with command systemctl restart wazuh-indexer. With this setting, there will be no timeout settings for starting the service.

If issue still persists, kindly revert with the Wazuh indexer logs by running the below commands:

• cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
• journalctl -u wazuh-indexer

I hope this helps. If you have any other query, do not hesitate to ask.

Best regards.

[Olusegun Adenrele Oyebo]

Hello Ahmad,

There are a few things one can look at. What amount of resources did you assign to your Wazuh indexer server?   

Are you using an all-in-one deployment or distributed? You can check the below reference for information on the hardware requirements:

• https://documentation.wazuh.com/current/quickstart.html#requirements
• https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#hardware-recommendations

After confirming and making sure that your environment meets the above specification, and if the issue still persists, you can try to reconfigure the TimeoutStartSec in the Wazuh indexer service. Run the command systemctl edit --full wazuh-indexer.service and change TimeoutStartSec=0, save the changes and restart the service with command systemctl restart wazuh-indexer. With this setting, there will be no timeout settings for starting the service.

If issue still persists, kindly revert with the Wazuh indexer logs by running the below commands:

• cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
• journalctl -u wazuh-indexer

I hope this helps. If you have any other query, do not hesitate to ask.

Best regards.

On Fri, May 17, 2024 at 6:39 AM Ahmad Hassan <ahmadhas...@gmail.com> wrote:

Hello Olusegun

I hope you are doing well.

I am deploying wazuh on oracle linux but facing an issue while starting the wazuh indexer. It takes too much time and does not show any result.

https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html

Follow the below guide for wauh indexer .

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/HSNaxqLaTRE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/f121ae5c-b4e5-4168-89c9-98f8b8ef47can%40googlegroups.com.

[Olusegun Adenrele Oyebo]

Hello Ahmad,

checking on this query to know if the issue has been resolved or you'll still need further assistance.

Best Regards.

[Ahmad Hassan]

Thanks for your Response.

I have deployed wazuh on oracle linux and its successfully deployed and the GUI is working fine. Apart from that I am facing issues while installing the wazuh agent on windows. I have tried all the possible installation methods including GUI and CLI but the agent is not connecting. Secondly, when I try to install auth key through CLI it shows an error message Unable to connect to enrollment service at '[192.168.72.144]:1515', and I have also added a firewall rule 1515 on the windows firewall setting.

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/cf4ea0db-bdf4-4c62-bed2-24ae615a437cn%40googlegroups.com.

[Olusegun Adenrele Oyebo]

Hello Ahmad,

From the error you shared, the agent is unable to connect to the Wazuh server on registration/enrollment TCP port 1515. The port needs to be opened on the Wazuh server so that the agent will be enrolled. For example, if firewalld is active on the server, you can use the below procedures to enable the port.

• firewall-cmd --permanent --zone=public --add-port=1515/tcp
• firewall-cmd --reload
• systemctl restart firewalld.service

 You can also check the below link for other port requirements:

• https://documentation.wazuh.com/current/getting-started/architecture.html#required-ports

I hope this helps. If you have any other query, do not hesitate to contact us.

Best regards.