Need help with wazuh-ansible

29 views
Skip to first unread message

Sylvain Maret

unread,
Sep 18, 2025, 1:31:22 PM (2 days ago) Sep 18
to Wazuh | Mailing List
Hey guys !


I've discovered recently this project and wanted to deploy one to
evaluate it's feature. I went with the wazuh ansible repo. Checked out
to a working version (4.12.0) and run it on local VMs.

Everything went fine but at the end I'm not able to log into the
dashboard. I didn't change the custom-user and the password from the
playbook so I don't know what's missing here.

How can I debug from cli ? with curl from manager/dashboard it seems to
work :

curl -u custom-user:SecretPassword1! -k -X GET
"https://127.0.0.1:55000/security/user/authenticate?raw=true"
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzU4MjAyMzYzLCJleHAiOjE3NTgyMDMyNjMsInN1YiI6ImN1c3RvbS11c2VyIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUuBqVkQx0DMgx7MFQZuwkITWRz_XX8QhpEbfBq52D6CLQs9Nc7fBq6Rr3hbDmjxfM71E5DGy4gSi8rwA_ljO1quAHfB4_SINq4VoHIxCb0rHVQY1BX2X-YAxaZbYf7TSRc4HU1I7QDfUh5TyHPK4thpwM109XJYTIJEmEYgronWaJgp

(no worries it's local testing so I can give logs as it's not in prod yet)

Regards

Javier Adán Méndez Méndez

unread,
Sep 18, 2025, 3:09:42 PM (2 days ago) Sep 18
to Wazuh | Mailing List
Hi Sylvain

Before we dig in — could you tell me which OS and version you installed on (e.g., Ubuntu 22.04, RHEL 8/9, Amazon Linux 2023, Debian 12), plus CPU arch (x86_64/ARM) and whether these are VMs or containers?

Also, a couple of checks to pinpoint the issue:

  1. Exact installation path & commands

    • Did you deploy directly with the wazuh-ansible repo (v4.12.0), or did you use the installer script (wazuh-install.sh) from the installation repository?

    • Please paste the exact commands you ran (mask any sensitive data).

  2. If you used the installer script
    Please share your config.yml (mask IPs). It should define Indexer, Server(s), and Dashboard nodes. Example with masked IPs:

    nodes:
      indexer:
        - name: indexer-1
          ip: "X.X.X.X"

      server:
        - name: manager-master
          ip: "X.X.X.X"
          node_type: master
        - name: manager-worker
          ip: "X.X.X.X"
          node_type: worker

      dashboard:
        - name: dashboard
          ip: "X.X.X.X"

    And confirm you generated the config/certs prior to deployment (for linux users):

    sudo bash ./wazuh-install.sh --generate-config-files
  3. Dashboard → API credentials (wazuh.yml)

    1. On the Dashboard node, please check:

      sudo cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

      Ensure it has the same API username/password you used in curl (custom-user / SecretPassword1!) and correct URL/port. For quick local testing you can set:

      insecure: true

      so the Dashboard doesn’t reject self-signed certs while we validate the rest.




  4. Quick local tests & logs
    # Restart and inspect Dashboard logs
    sudo systemctl restart wazuh-dashboard sudo tail -n 200 /var/log/wazuh-dashboard/wazuh-dashboard.log 
      # Test Dashboard → API from the Dashboard host
    curl -u custom-user:'SecretPassword1!' -k \ 'https://127.0.0.1:55000/security/user/authenticate?raw=true'
    # (Optional) Verify Dashboard → Indexer connectivity
    curl -k https://127.0.0.1:9200

  5. If it still fails, please share:

    • OS/version/arch details,

    • Your masked config.yml,

    • The first ~200 lines of /var/log/wazuh-dashboard/wazuh-dashboard.log,

    • /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml (mask the password if you prefer).

Reply all
Reply to author
Forward
0 new messages