No Logs after Upgrade on Wazuh Dashboard
26 views
Skip to first unread message
Miran Ul Haq
2:15 AM (18 hours ago) 2:15 AM
to Wazuh | Mailing List
Hi Everyone,
2 days ago, I updated the Wazuh from 4.12 to 4.14.
The process went smooth except the only following step gave error:
7. Upload the new Wazuh template and pipelines for Filebeat:
The error was something like this:
error connecting to Elasticsearch at http://192.168.23.231:9200: Get "http://
192.168.23.231:9200": EOF
After the upgrade, the logs are not appearing Wazuh Dashboard. I checked the indexes and no index have been created after the upgrade.
After taking few troubleshooting steps, this is from terminal:
[root@wazuh-server alerts]# curl -u miran.ulhaq -X GET "https://192.168.23.231:9200/_cluster/health"
Enter host password for user 'miran.ulhaq':
curl: (7) Failed to connect to 192.168.23.231 port 9200 after 0 ms: Could not connect to server
[root@wazuh-server alerts]# curl https://192.168.23.231:9200/_cat/indices/wazuh-alerts-* -u miran.ulhaq -k
Enter host password for user 'miran.ulhaq':
curl: (7) Failed to connect to 192.168.23.231 port 9200 after 0 ms: Could not connect to server
[root@wazuh-server alerts]# filebeat test output
elasticsearch: http://192.168.23.231:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS... WARN secure connection disabled
talk to server... ERROR Get "http://192.168.23.231:9200": EOF
Enter host password for user 'miran.ulhaq':
curl: (7) Failed to connect to 192.168.23.231 port 9200 after 0 ms: Could not connect to server
[root@wazuh-server alerts]# curl https://192.168.23.231:9200/_cat/indices/wazuh-alerts-* -u miran.ulhaq -k
Enter host password for user 'miran.ulhaq':
curl: (7) Failed to connect to 192.168.23.231 port 9200 after 0 ms: Could not connect to server
[root@wazuh-server alerts]# filebeat test output
elasticsearch: http://192.168.23.231:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS... WARN secure connection disabled
talk to server... ERROR Get "http://192.168.23.231:9200": EOF
Can anyone please help on what could be the issue for connection error.
Best Regards,
Miran
Awwal Ishiaku
2:46 AM (17 hours ago) 2:46 AM
to Wazuh | Mailing List
Hi Miran,
Please show the status of the central components:
systemctl status wazuh-manager
systemctl status wazuh-manager
systemctl status wazuh-indexer
systemctl status wazuh-dashboard
If any of the above is not running, execute the restart command
systemctl restart <component_name>
And then share potential error messages from the affected component:
And then share potential error messages from the affected component:
Wazuh manager
cat /var/ossec/logs/ossec.log | grep -iE "ERR|WARN"
Wazuh indexer
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "ERR|WARN"
Reply all
Reply to author
Forward
0 new messages