Wazuh-Dashboard Upgrade Certificate Issues
241 views
Skip to first unread message
ru...@amberfintech.com
May 26, 2025, 3:40:54 AM5/26/25
to Wazuh | Mailing List
Good day
I've upgraded and using the provided documentation and I'm getting the following error on the Wazuh-dashboard:
I've upgraded and using the provided documentation and I'm getting the following error on the Wazuh-dashboard:
May 26 08:52:55 wazuh.amberfintech.com opensearch-dashboards[2273757]: {"type":"log","@timestamp":"2025-05-26T06:52:55Z","tags":["error","opensearch","data"],"pid":2273757,"message":"[ConnectionError]: unable to verify the first certificate"}
This is my current config: (I've user the dashboard.pem+key provided as well. Same error)
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://127.0.0.1:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/privkey.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/fullchain.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
This is my current config: (I've user the dashboard.pem+key provided as well. Same error)
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://127.0.0.1:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/privkey.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/fullchain.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
Bony V John
May 26, 2025, 4:38:45 AM5/26/25
to Wazuh | Mailing List
Hi,
Based on the details you've shared, the issue appears to be related to Wazuh Dashboard SSL/TLS certificates. Please follow the steps below to verify and resolve the certificate-related issue.
First check the Wazuh dashboard configuration and the current certificates are working or not:
Check the certificates directory on the Wazuh Dashboard server by running:
ll /etc/wazuh-dashboard/certs/
Then, open the Dashboard configuration file:
vi /etc/wazuh-dashboard/opensearch_dashboards.yml
Ensure that the certificate filenames referenced in this file match exactly with the filenames present in /etc/wazuh-dashboard/certs/. If they don’t match, update the paths in the configuration file accordingly.
After verifying or updating the configuration, restart the Wazuh Dashboard service:
systemctl restart wazuh-dashboard
Then check whether the issue is resolved.
If the issue still there, then check if the certificates are working correctly, run the following curl command from the Wazuh Dashboard server:
curl -u
kibanaserver :<pass> --cacert <path.pem> --cert <path-client.pem> --key <path-client-key.pem> -X GET "https://<IP>:9200/_cluster/health"
Replace the placeholders:
-
<password> – password for the kibanaserver user
-
<path-to-root-ca.pem> – path to your CA certificate
-
<path-to-client-cert.pem> – path to the client certificate
-
<path-to-client-key.pem> – path to the client private key
-
<indexer-IP> – IP address of the Wazuh indexer node
For an example:
curl -u kibanaserver:7+Z?fykQLBtDLxBj5In?rMyBlclzAtk2 --cacert /etc/wazuh-dashboard/certs/root-ca.pem --cert /etc/wazuh-dashboard/certs/wazuh-dashboard.pem --key /etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem -X GET "https://127.0.0.1:9200/_cluster/health"
If you don’t know the kibanaserver user password, extract it from the installation archive (on the Wazuh Indexer server):
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
If the certificate test fails, regenerate the Wazuh Dashboard certificates using your existing Root CA. Refer to the Wazuh documentation on how to generate new certificates using the pre-existing Root CA.
Message has been deleted
Message has been deleted
ru...@amberfintech.com
May 27, 2025, 4:31:59 AM5/27/25
to Wazuh | Mailing List
Good day
Thank you. I've resolved the certificate issue thank you. Regenerating fixed the issue but now Wazuh-dasboard is in a not ready state.
Wazuh-dashboard service is running but with a response error:
May 27 09:08:00 opensearch-dashboards[2295431]: {"type":"log","@timestamp":"2025-05-27T07:08:00Z","tags":["error","opensearch","data"],"pid":2295431,"message":"[ResponseError]: Response Error"}
The pid is linked to:
2295431 ? Ssl 0:12 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
Wazuh Indexer and Manager services are running and been restarted.
Wazuh-dashboard service is running but with a response error:
May 27 09:08:00 opensearch-dashboards[2295431]: {"type":"log","@timestamp":"2025-05-27T07:08:00Z","tags":["error","opensearch","data"],"pid":2295431,"message":"[ResponseError]: Response Error"}
The pid is linked to:
2295431 ? Ssl 0:12 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
Wazuh Indexer and Manager services are running and been restarted.
Any idea on how to troubleshoot this?
curl -u kibanaserver:********* --cacert root-ca.pem --cert dashboard.pem --key dashboard-key.pem -X GET https://127.0.0.1:9200/_cluster/health?
{"cluster_name":"wazuh-indexer-cluster","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":521,"active_shards":521,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
Bony V John
May 27, 2025, 6:06:58 AM5/27/25
to Wazuh | Mailing List
Hi,
Based on the information you’ve provided, it looks like you have regenerated new certificates for the Wazuh Dashboard. Could you please confirm whether you regenerated them using an existing Root CA certificate or created them from scratch?
Next, verify if the Wazuh Dashboard can successfully communicate with the Wazuh Indexer using the new certificates. You can do this by running the following command on the Wazuh Dashboard server:
curl -u kibanaserver :<pass> --cacert <path.pem> --cert <path-client.pem> --key <path-client-key.pem> -X GET "https://<IP>:9200/_cluster/health"
Replace the placeholders:
<password> – password for the kibanaserver user
<path-to-root-ca.pem> – path to your CA certificate
<path-to-client-cert.pem> – path to the client certificate
<path-to-client-key.pem> – path to the client private key
<indexer-IP> – IP address of the Wazuh indexer node
For an example:
curl -u kibanaserver:7+Z?fykQLBtDLxBj5In?rMyBlclzAtk2 --cacert /etc/wazuh-dashboard/certs/root-ca.pem --cert /etc/wazuh-dashboard/certs/wazuh-dashboard.pem --key /etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem -X GET "https://127.0.0.1:9200/_cluster/health"
Also, check the Wazuh Dashboard logs by running the command:
journalctl -u wazuh-dashboard
Please share the full output of the above command with us.
Additionally, clarify the status of your Wazuh Manager and Indexer services. Run the following commands:
Check the Wazuh manager status:
systemctl status wazuh-manager
Check the status of Wazuh indexer:
systemctl status wazuh-indexer
If the Wazuh Manager is not running, please share the log file located at: /var/ossec/logs/ossec.log
If the Wazuh Indexer is not running, please share the log file located at: /var/log/wazuh-indexer/wazuh-cluster.log
Please provide the requested details and log files so we can assist you further.
ru...@amberfintech.com
May 27, 2025, 7:27:59 AM5/27/25
to Wazuh | Mailing List
Hi
I've regenerated the certificates from scratch and replaced the respective certificates in wazuh-dashboard and wazuh-indexer.
I've regenerated the certificates from scratch and replaced the respective certificates in wazuh-dashboard and wazuh-indexer.
The command provided the output below:
curl -u kibanaserver:********* --cacert root-ca.pem --cert dashboard.pem --key dashboard-key.pem -X GET https://127.0.0.1:9200/_cluster/health?
{"cluster_name":"wazuh-indexer-cluster","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":521,"active_shards":521,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_
{"cluster_name":"wazuh-indexer-cluster","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":521,"active_shards":521,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_
percent_as_number":100.0}
Wazuh-Manager and Wazuh-Indexer services are running
journalctl -xeu wazuh-dashboard provides the output below:
Wazuh-Manager and Wazuh-Indexer services are running
journalctl -xeu wazuh-dashboard provides the output below:
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"applicationConfig\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"cspHandler\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"dataSource\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"visTypeXy\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"workspace\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"registering middleware to inject context to AsyncLocalStorage"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-system"],"pid":2299536,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,apmOss,management,indexPatternManagement,dataSourceManagement,reportsDashboards,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins","queryEnhancements"],"pid":2299536,"message":"queryEnhancements: Setup complete"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"initiating start()"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"finished start()"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","savedobjects-service"],"pid":2299536,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 27 13:04:00 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:00Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:00 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:00Z","tags":["error","savedobjects-service"],"pid":2299536,"message":"Unable to retrieve version information from OpenSearch nodes."}
May 27 13:04:02 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:02Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:05 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:05Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:07 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:07Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:10 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:10Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:12 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:12Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:15 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:15Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:17 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:17Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:20 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:20Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:22 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:22Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:25 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:25Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"cspHandler\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"dataSource\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"visTypeXy\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-service"],"pid":2299536,"message":"Plugin \"workspace\" is disabled."}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"registering middleware to inject context to AsyncLocalStorage"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins-system"],"pid":2299536,"message":"Setting up [50] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,queryEnhancements,home,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,apmOss,management,indexPatternManagement,dataSourceManagement,reportsDashboards,indexManagementDashboards,customImportMapDashboards,alertingDashboards,notificationsDashboards,console,advancedSettings,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","plugins","queryEnhancements"],"pid":2299536,"message":"queryEnhancements: Setup complete"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"initiating start()"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","dynamic-config-service"],"pid":2299536,"message":"finished start()"}
May 27 13:03:59 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:03:59Z","tags":["info","savedobjects-service"],"pid":2299536,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
May 27 13:04:00 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:00Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:00 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:00Z","tags":["error","savedobjects-service"],"pid":2299536,"message":"Unable to retrieve version information from OpenSearch nodes."}
May 27 13:04:02 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:02Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:05 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:05Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:07 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:07Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:10 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:10Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:12 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:12Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:15 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:15Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:17 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:17Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:20 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:20Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:22 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:22Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
May 27 13:04:25 wazuh.amberfintech.com opensearch-dashboards[2299536]: {"type":"log","@timestamp":"2025-05-27T11:04:25Z","tags":["error","opensearch","data"],"pid":2299536,"message":"[ResponseError]: Response Error"}
Bony V John
May 29, 2025, 3:25:37 AM5/29/25
to Wazuh | Mailing List
Hi,
Apologies for the late response. From the output of the shared curl command, it appears that the Wazuh Indexer service is active. However, based on the Wazuh Dashboard logs, it seems the Dashboard service is failing to connect properly to the OpenSearch nodes.
The key error is: "Unable to retrieve version information from OpenSearch nodes."
This typically indicates that the Wazuh Dashboard cannot communicate with the Wazuh Indexer service.
Check your Wazuh Dashboard opensearch_dashboards.yml file in the Wazuh Dashboard server. For that, run the below command:
cat /etc/wazuh-dashboard/opensearch_dashboards.yml
Make sure that the opensearch.hosts field is correctly configured with the Wazuh Indexer server IP address and port as shown below:
opensearch.hosts: https://<indexr-IP>:9200
Also, check the certificates configuration in the opensearch_dashboards.yml file. Make sure that the certificates configured in the opensearch_dashboards.yml file have the correct certificate path and name.
For checking the correct certificate name, you can run the below command:
ll /etc/wazuh-dashboard/certs/
Revalidate the opensearch_dashboards.yml file configuration with the above command output.
Then restart the Wazuh Dashboard service:
systemctl restart wazuh-dashboard
Reply all
Reply to author
Forward
Message has been deleted
0 new messages