talk to server Error...400
98 views
Skip to first unread message
Emre Erdem
Apr 17, 2024, 9:56:50 AMApr 17
to Wazuh | Mailing List
Hello everyone,
I hope everyone is fine. Unfortunately I have a problem. Wazuh does not show any warnings on the dashboard. I would be very pleased if you could help me with this.
Kind regards,
I hope everyone is fine. Unfortunately I have a problem. Wazuh does not show any warnings on the dashboard. I would be very pleased if you could help me with this.
Kind regards,
Damian Nicastro
Apr 17, 2024, 4:40:18 PMApr 17
to Wazuh | Mailing List
Hello Emre:
Please, let me check this and I will be back to you as soon as possible.
Please, let me check this and I will be back to you as soon as possible.
Thanks
Damian Nicastro
Apr 18, 2024, 8:23:52 AMApr 18
to Wazuh | Mailing List
Hello Emre:
I hope you are fine.
The error shown "Invalid Index name" suggests that there is an incompatibility between your filebeat package and the wazuh-indexer.
Please, send me the versions of both packages:
# rpm -q filebeat
# apt list -a filebeat
# rpm -q wazuh-indexer
# apt list -a wazuh-indexer
# rpm -q wazuh-dashboard
# apt list -a wazuh-dashboard
Also send the logs of filebeat to see if we can have more details:
# less /var/log/filebeat/filebeat | grep -iE 'WARN|ERROR'
# journalctl -u filebeat --no-pager | grep -iE 'WARN|ERROR'
I hope this helps.
Thanks
Emre Erdem
Apr 18, 2024, 8:43:33 AMApr 18
to Wazuh | Mailing List
Hello Damian Nicastro,
First of all, thank you for taking the time to help me.
The attached documents contain the outputs you requested. I'll be waiting to hear from you.
journalctl -u filebeat --no-pager | grep -iE 'WARN|ERROR' --> Unfortunately, I did not get any output from this command.
Kind Regards
First of all, thank you for taking the time to help me.
The attached documents contain the outputs you requested. I'll be waiting to hear from you.
journalctl -u filebeat --no-pager | grep -iE 'WARN|ERROR' --> Unfortunately, I did not get any output from this command.
Kind Regards
18 Nisan 2024 Perşembe tarihinde saat 15:23:52 UTC+3 itibarıyla Damian Nicastro şunları yazdı:
Damian Nicastro
Apr 18, 2024, 11:35:40 AMApr 18
to Wazuh | Mailing List
Hello Emre:
The pictures are not clear and I cannot which version is for each package. Include the commands in the views
Please, send it in text format if it is possible.
Thanks
Emre Erdem
Apr 19, 2024, 2:06:48 AMApr 19
to Wazuh | Mailing List
Hello Damian Nicastro,
Sorry Domian , I am sending it as an attachment in the requested format. As I said before, unfortunately I could not get any output from this command;
journalctl -u filebeat --no-pager | grep -iE 'WARN|ERROR'
Kind regards,
Thanks
Sorry Domian , I am sending it as an attachment in the requested format. As I said before, unfortunately I could not get any output from this command;
journalctl -u filebeat --no-pager | grep -iE 'WARN|ERROR'
Thanks
18 Nisan 2024 Perşembe tarihinde saat 18:35:40 UTC+3 itibarıyla Damian Nicastro şunları yazdı:
Damian Nicastro
Apr 19, 2024, 11:15:09 AMApr 19
to Wazuh | Mailing List
Hello Emre:
I hope you are fine.
As I suspected, the filebeat version 8.13.2 installed is not compatible with the wazuh-indexer 4.7.x
First, ensure that you have a copy of the filebeat certificate.
Then, you have to remove this package:
# apt remove filebeat
After this, please set the Wazuh repository following this document:
And install the supported version of filebeat that is 7.10.2. following the instructions step by step in the following document:
The previous certificate should work with the new installation.
I hope this helps.
Thanks
Reply all
Reply to author
Forward
0 new messages