API Version Mismatch

[Erik Vetters]

Hi,

I have upgraded the Wazuh Installation from 3.3.0 to 3.4.0 today without any errors.

Expected that I get an Api Version mismatch in the Wazuh App.

I have tried to reinstall the Wazuh again (as described in other Posts and on the docu) But I still get the Api Version Mismatch.

Any hints on this issue.

Many Greetings

Erik

[Juanjo Jiménez]

Hello Erik,

That error means you've updated only the Wazuh app or only the Wazuh API, so you're using different versions of those components.

Could you please paste here the output of the following commands? (omitting sensitive information)

curl -XGET -u <API_USER>:<API_PASSWORD> http(s)://<API_URL>:55000/version?pretty
cat /usr/share/kibana/plugins/wazuh/package.json | grep version

Best regards,

Juanjo

[Erik Vetters]

Am Mittwoch, 8. August 2018 14:15:20 UTC+2 schrieb Juanjo Jiménez:

Hi Juanjo,

for the first command I get "401 Unauthorized"  -  I am pretty sure I have the right password. Deleteing the password in the GUI I get

I get also some errors in the logfile:

Something went wrong here I think.

Many thx for the help

Erik

[Juanjo Jiménez]

Hi again,

Are you using X-Pack on your Kibana installation? Looks like your using a user to log-in and it doesn't have the right permissions to delete an API entry.

Regards,

Juanjo

[Erik Vetters]

Hi,

no ... I did not install x-pack. I upgraded from elasticstack 6.2. to 6.3.2 as suggested in documentation here

https://documentation.wazuh.com/current/installation-guide/upgrading/latest_wazuh3_minor.html#upgrading-latest-minor

If I want to install x-pack Version, my elastic stack version says

$:/usr/share/elasticsearch# sudo bin/elasticsearch-plugin install x-pack
ERROR: this distribution of Elasticsearch contains X-Pack by default

I assume then I just have to configure x-pack ...

Many Greetings

Erik

[Erik Vetters]

Hallo,

I did this here and now everything is gone ... hmmm .. Strange   .. Do not know what happend.

https://github.com/elastic/kibana/issues/20031

curl -XGET -u user:pass http://localhost:55000/version?pretty
{
   "error": 0,
   "data": "v3.4.0"
}

cat /usr/share/kibana/plugins/wazuh/package.json | grep version
    "version": "3.4.0",
        "version": "6.3.2"

Many thx for the help

ERik

[Juanjo Jiménez]

Hello again Erik,

Thanks for sharing with us your findings. Looks like a possible bug regarding Elasticsearch and its indices.

In any case, are you still facing the "API version mismatch" error? According to the command's output, you're using the same compatible versions for the Wazuh API and the Wazuh app.

We can try to restore your Wazuh app to a fresh state and insert again the API credentials.

Keep in mind, the following commands will erase your current stored APIs on the Settings tab, so you'll have to add them again:

1. Stop the Kibana service:

systemctl stop kibana

2. Delete the .wazuh and .wazuh-version indices. Those indices contain information about your current Wazuh app installation and the stored API credentials.

curl -XDELETE localhost:9200/.wazuh
curl -XDELETE localhost:9200/.wazuh-version

3. Restart the Kibana service

systemctl restart kibana

4. Now open again the Kibana interface on an incognito window, and try again to add the API credentials. Let me know if you're still facing some kind of error, we'll be glad to help you.

Thanks for your patience.

Regards,

Juanjo