[API CONNECTION] No API available to connect (Request failed with status code 403)

[Naufal Arkaan]

I currently upgrade wazuh from version 4.7.1 to 4.8.0 and after that i want to see the wazuh dashboard looks like error like this. 

Currently i have check the wazuh-manager service and it seems no error found, 

then i check using command curl -u wazuh-wui:<password> -k -X POST "https://localhost:55000/security/user/authenticate?raw=true" and session it get a session.

 Any ideas for solve this?

[Farouk Musa]

Hello,

It will be helpful to see more information, it is possible the API was still coming up when you attempted to connect with the dashbpard. Please confirm:

1. If you run a single node or cluster.

2. is the dashboard available after restarting the centra components (in this order): indexer, manager, dashboard

3. Check for error logs in the ossec and api logs

tail -100 /var/ossec/logs/api.log

cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"

[Naufal Arkaan]

Hi,

1. I run Wazuh All in One from aws marketplace https://aws.amazon.com/marketplace/pp/prodview-eju4flv5eqmgq

2. I do restarting but still forbidden, but the data from the server use wazuh agent still receive when I check in Discover menu

3.  I think I can't find the 403 in the api.log  : 

2024/07/02 00:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.020s: 200
2024/07/02 00:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 00:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 00:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.002s: 401
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.787s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.535s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.053s: 200
2024/07/02 00:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.031s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.031s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.022s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.020s: 200
2024/07/02 00:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.018s: 200
2024/07/02 00:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 00:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.012s: 200
2024/07/02 00:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 00:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.014s: 200
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.004s: 401
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.003s: 401
2024/07/02 00:45:00 INFO: unknown_user 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.004s: 401
2024/07/02 00:45:00 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.755s: 200
2024/07/02 00:45:00 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.760s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.407s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.181s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.016s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.088s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.013s: 200
2024/07/02 00:45:01 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.013s: 200
2024/07/02 00:50:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.036s: 200
2024/07/02 00:50:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.023s: 200
2024/07/02 00:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.027s: 200
2024/07/02 00:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.014s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.042s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.032s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.018s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.016s: 200
2024/07/02 01:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.017s: 200
2024/07/02 01:05:01 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 01:05:01 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.010s: 401
2024/07/02 01:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.960s: 200
2024/07/02 01:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.686s: 200
2024/07/02 01:05:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.055s: 200
2024/07/02 01:05:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.015s: 200
2024/07/02 01:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.024s: 200
2024/07/02 01:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.016s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.030s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.022s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.019s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.029s: 200
2024/07/02 01:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.029s: 200
2024/07/02 01:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.039s: 200
2024/07/02 01:20:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.030s: 200
2024/07/02 01:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.006s: 401
2024/07/02 01:25:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.007s: 401
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.773s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.557s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.089s: 200
2024/07/02 01:25:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.027s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.032s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.037s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.026s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.019s: 200
2024/07/02 01:30:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.022s: 200
2024/07/02 01:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.033s: 200
2024/07/02 01:35:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.017s: 200
2024/07/02 01:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.020s: 200
2024/07/02 01:40:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.012s: 200
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.003s: 401
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.004s: 401
2024/07/02 01:45:00 INFO: unknown_user 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.004s: 401
2024/07/02 01:45:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 1.140s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 1.303s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.841s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.249s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.167s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.042s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.024s: 200
2024/07/02 01:45:02 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.033s: 200
2024/07/02 01:50:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.049s: 200
2024/07/02 01:50:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.028s: 200
2024/07/02 01:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.021s: 200
2024/07/02 01:55:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.011s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.098s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.081s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.060s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.043s: 200
2024/07/02 02:00:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.015s: 200
2024/07/02 02:05:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.002s: 401
2024/07/02 02:05:00 INFO: unknown_user 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.002s: 401
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.764s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "POST /security/user/authenticate" with parameters {} and body {} done in 0.554s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.073s: 200
2024/07/02 02:05:01 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.028s: 200
2024/07/02 02:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.050s: 200
2024/07/02 02:10:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.030s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/remoted" with parameters {} and body {} done in 0.028s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /manager/stats/analysisd" with parameters {} and body {} done in 0.027s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /cluster/status" with parameters {} and body {} done in 0.020s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "1", "q": "id!=000"} and body {} done in 0.016s: 200
2024/07/02 02:15:00 INFO: wazuh-wui 127.0.0.1 "GET /agents" with parameters {"offset": "0", "limit": "500", "q": "id!=000"} and body {} done in 0.018s: 200

4. I think this is warn from my virustotal api to connect the wazuh and it can't help for the issue

[Farouk Musa]

Hello. I am not able to see any logs to help with the issue. I suggest you look at the  /var/ossec/logs/api.log log file to identify any errors or warnings.