Change the name of the wazuh servers
Facu Basgall
Hi, I have a distributed environment on verison 4.14.1. running on redhat
- Server1: Wazuh manager
- Server2: Wazuh indexer and dashboard
I would like to know what would be involved in renaming both servers, what should I take into account and if you have any step by step guide.
Thanks
Stuti Gupta
If you only change the Linux hostname of each server, Wazuh will continue working normally, and you do not need to modify any Wazuh configurations or regenerate certificates. Manager, Wazuh Indexer, Filebeat, and the Dashboard do not use the operating system hostname for their identity or trust. They depend on the node name and IP defined in the certificate generation config.yml at installation time.
If you change the node name or the IP address mentioned in your certificate config.yml (or any other yml file, like opensearch.yml, filebeat.yml) then you must regenerate the certificates and redeploy them, because those values are used for TLS certificates. This only applies when the node name or IP defined in that config.yml changes.
So please clarify this. In case you want to change the node name or IP address, then please make sure to define the name in the config.yml and generate the certs: https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html#generating-the-ssl-certificates
Then deploy and configure the components YAML file again:
wazuh indexer:
deploying-certificates
Configure
Filebeat:
configuring-filebeat
deploying-certificates
Wazuh Dashboard:
configuring-the-wazuh-dashboard
deploying-certificates
Facu Basgall
Yes changing the hostname of the linux works and Wazuh still works but I only see the events after the hostname change
I lost in the Threat Hunting the events before the change. If I can see them in Discover
The attached screenshots are from the same time frame.
