Is it possible to change my Wazuh server port number 443 to another port number?
2,505 views
Skip to first unread message
Joshua John Consulta
Jan 30, 2023, 12:42:29 PM1/30/23
to Wazuh mailing list
Hi I would like to ask if I can change my port? Because we need it to register to our firewall.
Thanks in advance for the answer :)
Thanks in advance for the answer :)
Lucio Donda
Jan 30, 2023, 1:12:53 PM1/30/23
to Wazuh mailing list
Hi Joshua,
You're looking for a change in the port server.port: 443 to another one? in that case, the port you're trying to change, is the one that the dashboard uses (more info here) ?
Or are you trying to change the agent connection service port to 443?
In that case, you may get a coalition, do check here the list of ports used by Wazuh?
Let me know!
You're looking for a change in the port server.port: 443 to another one? in that case, the port you're trying to change, is the one that the dashboard uses (more info here) ?
Or are you trying to change the agent connection service port to 443?
In that case, you may get a coalition, do check here the list of ports used by Wazuh?
Let me know!
Joshua John Consulta
Jan 31, 2023, 3:20:42 AM1/31/23
to Wazuh mailing list
Im trying to change the server port to another. Because we need it to put it in our firewall
Lucio Donda
Jan 31, 2023, 7:16:15 AM1/31/23
to Wazuh mailing list
OK, I don't know if we're talking about the same port, but there are 2 chances,
- server.port used by the dashboard: for wazuh version 4.3 and beyond change it in /etc/wazuh-dashboard/opensearch_dashboards.yml - more info here - (by default 443 is set).
- port used for remote connection: you can change it in the manager in /var/ossec/etc/ossec.conf (more info here), but if you want to set it to 443 you will have to change the dashboard (named earlier) before in order to avoid any problems.
Joshua John Consulta
Jan 31, 2023, 12:41:51 PM1/31/23
to Wazuh mailing list
I can't locate the wazuh-dashboard folder because i used the lower version of wazuh 4.1.5
Do you have an idea where i can locate it in the 4.1.5?
Lucio Donda
Jan 31, 2023, 12:54:04 PM1/31/23
to Wazuh mailing list
Indeed because that was changed on newer versions.
Before we resolved this by using directly kibana. In that case you will find it in /etc/kibana/kibana.yml .
Before we resolved this by using directly kibana. In that case you will find it in /etc/kibana/kibana.yml .
Joshua John Consulta
Jan 31, 2023, 1:02:14 PM1/31/23
to Wazuh mailing list
Can you give me an example on how to change the ports and ips?
Lucio Donda
Jan 31, 2023, 1:27:26 PM1/31/23
to Wazuh mailing list
First of all be carefull when sharing sensitive information as IP or related. This is a public group so anyone can access this data.
Changing the port number is simply changing the value to the one you need, is a plain text so there's no complication, open the file, edit the line where says port and save it.
After that, as I mentioned earlier, you will have to restart manager service.
But If you're not 100% sure of the consequence of the changes you're about to do, please take a look a this documentation:
* Remote Port on ossec.conf:
- agent enrollment
* Kibana port
- Kibana installation
Are you sure that the best approach isn't to add the needed port to the firewall allow rules?
In some OSes (e.g. centos7) some ports are added to the firewall in prder to allow correct communication.
Changing the port number is simply changing the value to the one you need, is a plain text so there's no complication, open the file, edit the line where says port and save it.
After that, as I mentioned earlier, you will have to restart manager service.
But If you're not 100% sure of the consequence of the changes you're about to do, please take a look a this documentation:
* Remote Port on ossec.conf:
- agent enrollment
* Kibana port
- Kibana installation
Are you sure that the best approach isn't to add the needed port to the firewall allow rules?
In some OSes (e.g. centos7) some ports are added to the firewall in prder to allow correct communication.
Joshua John Consulta
Feb 1, 2023, 4:34:44 AM2/1/23
to Wazuh mailing list
I tried to change the port, it works but it stops to send data from the agents to the manager.
Lucio Donda
Feb 1, 2023, 6:21:37 AM2/1/23
to Wazuh mailing list
Indeed,
forgot to mention, in that case you will need to also change (or add) the new port to the enrollment section in the ossec.conf of the agent:
it will lokk something like this:
<client>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
<enrollment>
<port>52000</port>
</enrollment>
</client>
here for more information.
After that do restart the agent service.
forgot to mention, in that case you will need to also change (or add) the new port to the enrollment section in the ossec.conf of the agent:
it will lokk something like this:
<client>
<server>
<address>example.hostname</address>
<protocol>udp</protocol>
</server>
<notify_time>30</notify_time>
<time-reconnect>120</time-reconnect>
<auto_restart>yes</auto_restart>
<enrollment>
<port>52000</port>
</enrollment>
</client>
here for more information.
After that do restart the agent service.
Lucio Donda
Feb 1, 2023, 8:05:08 AM2/1/23
to Wazuh mailing list
Hi Joshua,
Why did you install again the wazuh server? You weren't able to solve the issue with the info in the mail I sent earlier?
If you trying to install wazuh again but changing the port for kibana and the one used for registration of the agents then:
* follow the step-by-step guide -> https://documentation.wazuh.com/4.1/installation-guide/open-distro/all-in-one-deployment/all_in_one.html#step-by-step-installation
* Change the port on the ossec.conf used by the manager (as I said before)
* Change the port used by kibana (as I mentioned before) -> https://documentation.wazuh.com/4.1/installation-guide/open-distro/all-in-one-deployment/all_in_one.html#installing-kibana
Remember to update the agent's port also.
Another question is, why are you using trying to install 4.1? and in which OS and configuration?
If that filebeat error persists then you could share some information or logs about filebeat itself (filebeat test output or logs from the manager )
If you continue without changing the port and you get another error, then I encourage you to create another thread or mail on this group.
Hope that this helps!
Why did you install again the wazuh server? You weren't able to solve the issue with the info in the mail I sent earlier?
If you trying to install wazuh again but changing the port for kibana and the one used for registration of the agents then:
* follow the step-by-step guide -> https://documentation.wazuh.com/4.1/installation-guide/open-distro/all-in-one-deployment/all_in_one.html#step-by-step-installation
* Change the port on the ossec.conf used by the manager (as I said before)
* Change the port used by kibana (as I mentioned before) -> https://documentation.wazuh.com/4.1/installation-guide/open-distro/all-in-one-deployment/all_in_one.html#installing-kibana
Remember to update the agent's port also.
Another question is, why are you using trying to install 4.1? and in which OS and configuration?
If that filebeat error persists then you could share some information or logs about filebeat itself (filebeat test output or logs from the manager )
If you continue without changing the port and you get another error, then I encourage you to create another thread or mail on this group.
Hope that this helps!
Reply all
Reply to author
Forward
0 new messages