"Vulnerability detection seems to be disabled or has a problem" after a upgrade
3,228 views
Skip to first unread message
Arthur Henrique Oliveira Aparício
Jun 13, 2024, 2:25:01 PM6/13/24
to Wazuh | Mailing List
Good afternoon people!
It is the only problem that remained after managing to complete the entire upgrade process (the others have already been resolved). And even the configuration screen itself shows that it is enabled.
Thanks in advance for your help.
Today I updated my all in one server from version 4.7.3 to 4.8.0. I had some problems (mainly the need to change localhost to 127.0.0.1 and the name of certificate files), and I also changed the vulnerability detection block. I deleted the old indexer block and replaced it with the new one, but this is my screen when opening the new page. There is no duplication of the indexer block and the vulnerability detection block is the same as the guide.
Francisco Tuduri
Jun 13, 2024, 2:55:33 PM6/13/24
to Wazuh | Mailing List
Hello Arthur!
We recently published a troubleshooting guide. Your current problem is one of the common issues listed in the guide:
Please, review the steps mentioned and let us know if you are still having problems.
Regards!
Arthur Henrique Oliveira Aparício
Jun 14, 2024, 7:05:58 AM6/14/24
to Wazuh | Mailing List
Hello!
I hadn't seen this troubleshooting tab (just the default one). The error that was occurring was connecting to the indexer, which was as localhost but I changed it to 127.0.0.1 to test, and in the same way as in other places, it started to work.
I hadn't seen this troubleshooting tab (just the default one). The error that was occurring was connecting to the indexer, which was as localhost but I changed it to 127.0.0.1 to test, and in the same way as in other places, it started to work.
Thank you for your help!
Francisco Tuduri
Jun 14, 2024, 7:51:15 AM6/14/24
to Wazuh | Mailing List
That's great to know.
Regards!
Arie
Jun 17, 2024, 3:30:59 AM6/17/24
to Wazuh | Mailing List
Hi all,
We resolved this by setting the passwords ass mentioned (this is by default the admin login and password in our situation)
and correcting the ssl filenames for filebeat in the ossec.conf file.
check /etc/filebeat/certs/ for the correct names if you have a connection error that looks like:
"indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuhohdsrk.localdomain', retrying until the connection is successful.
"
Op vrijdag 14 juni 2024 om 13:51:15 UTC+2 schreef Francisco Tuduri:
Reply all
Reply to author
Forward
0 new messages