Kibana server not yet ready

[Sanjoy Das]

Hi,

I followed the Wazuh installation instructions for installing Wazuh on AWS on Centos 7 but received the error " Kibana server is not yet ready " when running on  AWS 

https://184.73.253.14/

Anything I might have missed. Please help

[Jonathan Martín Valera]

Hi Sanjoy Das,

The message “Kibana server is not ready yet” usually appears when you just started or restarted Kibana. It can also be produced for one of the following reasons:

• Your service or Kibana configuration has some error that causes it to constantly reboot.

• Your elasticsearch service is not up or has some error.

• Host resources are insufficient. I recommend that at least to host the elasticsearch and kibana service, you should dedicate at least 4 GB of RAM and 2 CPU cores.

If you have just started the kibana service, please wait a few minutes and try again. If this is not the case, then you will have to check the status of the elasticsearch and kibana services. Also check if the hardware resources are sufficient.

Kibana

• Check the status service:

    systemctl status kibana -l
  

• Check the kibana logs

    journalctl -u kibana | egrep -i "error"
  

Elasticsearch

• Check the status service:

    systemctl status elasticsearch -l
  

• Check the elasticsearch logs

    egrep -i "error" /var/log/elasticsearch/elasticsearch.log
  

Please check if everything is OK. In case you still need help, you can share the output of all the above commands by saving them in files as follows:

systemctl status kibana -l > status.kibana.log
journalctl -u kibana | egrep -i "error" > kibana.error.log
systemctl status elasticsearch -l > status.elasticsearch.log
egrep -i "error" /var/log/elasticsearch/elasticsearch.log > elasticsearch.error.log

Best regards.

​

[Kr1shn4murt1]

I had the same problem  " Kibana server is not yet ready "  in the latest version of wazuh and also the previous one, using the preinstalled vm and also the step by step installation I had the same problem, the elasticsearch service wasn't starting correctly at boot so I started it manually and sometimes it worked, other times it wouldn't start no matter what. 

It's working fine since I increased ram to 8 Gb on the virtual machine and assigned an static ip to centos

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e1c48826-62d2-4f9b-9487-9c83eb90f5d0n%40googlegroups.com.

[Sanjoy Das]

Hi Jonathan,

Thanks for the update. I have configured the wazuh server as per the doc files with the suggested hardware requirement. This is for a lab environment and not meant for a production environment. I am sharing the log files with you,please do help to find the solution.

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/01gtoIZCrfY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e1c48826-62d2-4f9b-9487-9c83eb90f5d0n%40googlegroups.com.

--

---------------------------------------------------
Thanks & Regards
Sanjoy Das
Adept Software Avenues Pvt. Ltd.
Kolkata,INDIA.
Mail to: san...@aptsoftware.com
Mob: +919903482232
---------------------------------------------------

[Jonathan Martín Valera]

Hi,

Reviewing the Kibana logs, I find many lines with authentication failures like the following:

{"type":"log","@timestamp":"2021-10-22T07:50:29Z","tags":["error","elasticsearch","data"],"pid":577,"message":"[security_exception]: unable to authenticate user [elastic] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}

Are you using Open Distro o X-pack? There are many logs that the elastic user is not authenticated.

Check the credentials in the /etc/kibana/kibana.yml file:

elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver

For example, the default configuration is as follows

server.host: 0.0.0.0
server.port: 443
elasticsearch.hosts: https://localhost:9200
elasticsearch.ssl.verificationMode: certificate
elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: true
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/kibana/certs/kibana-key.pem"
server.ssl.certificate: "/etc/kibana/certs/kibana.pem"
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/root-ca.pem"]
server.defaultRoute: /app/wazuh?security_tenant=global

According to what you tell me, you have followed the guide in the documentation.

• Which version are you trying to install?
• Have you followed this guide https://documentation.wazuh.com/current/installation-guide/open-distro/all-in-one-deployment/all_in_one.html?
• Can you go through all the steps again and check the configuration?

Regards.

​

[Sanjoy Das]

HI Jonathan,

Thanks for your update. I will be checking our suggestions and will accordingly update you. I followed the following link for installing Wazuh on AWS.

https://documentation.wazuh.com/current/learning-wazuh/build-lab/build-vpc.html

Please update if the above link is okay for me.

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2d687f25-4fa1-4f82-84a9-53f5c73eb601n%40googlegroups.com.

[Jonathan Martín Valera]

Yes, that link shows you how to prepare the EC2 environment to be able to deploy your Wazuh environment. After all, you configure networks and communications, but in this case, what is really important is that you install and configure all the Wazuh setup + Filebeat + Elasticsearch + Kibana correctly.

To do this I recommend you to follow this guide https://documentation.wazuh.com/current/installation-guide/open-distro/index.html#start-deploying-wazuh-with-open-distro-for-elasticsearch.

You have two ways to do it:

• All-in-one deployment: Wazuh and Open Distro for Elasticsearch are installed on the same host.

• Distributed deployment: Each component is installed on a separate host as a single-node or multi-node cluster. This type of deployment provides high availability and scalability of the product, and it is convenient for large working environments.

You also have two installation methods:

• Unattended: You can install Wazuh using scripts that automate the installation process. The scripts also perform health checks to verify that the available system resources meet the minimal requirements.

• Step by step: This is a manual way of carrying out the installation that includes a detailed description of each step of the process.

Take a look at the general guide and choose the type of deployment and installation you want.

For the first contact with Wazuh, I recommend that you use All-in-one deployment - Unattended (Easier deployment and installation).

In the case of a manual installation, take into account all the configuration steps and in case of error, always check the logs and verify the configuration.

I hope this information helps you :)

​

[Sanjoy Das]

Hi Jonathan,

Thanks for the update. I will try this and let you know.

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a6cf8bea-1734-467a-a492-bf8c9ee7f8adn%40googlegroups.com.