Vulnerability detection and software
Anastasia Bataeva
Md. Nazmur Sakib
Hello Anastasia!
Sorry for the late response. It seems for some reason your query was dropped, and we are not able to track it.
Are you still facing this issue?
If you are still facing this issue.
Restart your Wazuh Manager and check if Wazuh Manager can recreate those folders after a restart.
systemctl restart wazuh-manager
Wait for a few sec and check the ossec.log. Check if you have a log of vulnerability index created successfully.
cat /var/ossec/logs/ossec.log | grep -i -E "vulnerability|indexer-connector"
If you see any error or warning related to the indexer connector. Follow this troubleshooting step.
Review the <indexer> configuration block in ossec.conf based on this doc.
Wazuh manager configuration
Make sure to replace <host>https://10.0.52.86:9200</host> with the IP address or hostname of your Wazuh indexer node, as it is defined in the filebeat configuration. You can find this value in the Filebeat configuration file at /etc/filebeat/filebeat.yml. Ensure that the <certificate> and <key> names match the files located in /etc/filebeat/certs/.
Save the Wazuh indexer username and password in the Wazuh manager keystore.
echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo 'admin_PASSWORD' | /var/ossec/bin/wazuh-keystore -f indexer -k password
Replace admin_PASSWORD with the password of the admin user.
Now, restart the Wazuh manager and wait for a few minutes
systemctl restart wazuh-manager
Wait for a few sec and check the ossec.log. Check if you have a log of vulnerability index created successfully.
cat /var/ossec/logs/ossec.log | grep -i -E "vulnerability|indexer-connector"
If it still doesn't work, share the output of these commands.
head /etc/filebeat/filebeat.yml
ls /etc/filebeat/certs/
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
cat /var/ossec/logs/ossec.log | grep -i -E "vulnerability|indexer-connector"
Let me know the update on the issue.