Wazuh API seems to be down

268 views
Skip to first unread message

stganmat FCB

unread,
Jun 22, 2022, 3:46:07 AM6/22/22
to Wazuh mailing list
Hello to all,


But now I get the following errors:

2022-06-22 09_44_10-Wazuh API down _ Wazuh.png

Can anyone help me? 
When inserting this command:

curl -k -X GET "https://<api_url>:55000/" -H "Authorization: Bearer $(curl -u <api_user>:<api_password> -k -X GET 'https://<api_url>:55000/security/user/authenticate?raw=true')"

I get this error:

2022-06-22 09_45_02-SRV-WAZUH.png

Appreciate any help thank you!


Christian Bassey

unread,
Jun 22, 2022, 5:09:41 AM6/22/22
to Wazuh mailing list
Hi  Stganmat!

Thank you for using Wazuh!

- The official installation guide can be found here (https://documentation.wazuh.com/current/installation-guide/index.html).
- We also provide a quickstart installation guide here (https://documentation.wazuh.com/current/quickstart.html).
- You can also download our OVA already set up with the Wazuh manager and run here (https://documentation.wazuh.com/current/deployment-options/virtual-machine/virtual-machine.html).

If the API is down, you need to check and confirm that the manager is running. Please do:
systemctl status wazuh-manager

If the manager is not installed, you can install it using the guide here (https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html).

Also, There is a slight error in the command you inserted on your terminal:

curl -k -X GET "https://<api_url>:55000/" -H "Authorization: Bearer $(curl -u <api_user>:<api_password> -k -X GET 'https://<api_url>:55000/security/user/authenticate?raw=true')"
- In the command, you should substitute <api_url> for your Wazuh server IP. So https://<10.4.200.59>:55000 that you have there now should be https://10.4.200.59:55000
- Additionally, <api_user> and <api_password> should be replaced with the Wazuh username and password. The default is typically wazuh:wazuh.


Please let me know if this helps. Best.

stganmat FCB

unread,
Jun 22, 2022, 5:28:35 AM6/22/22
to Wazuh mailing list
Thank you for your help!

Now I was able to insert the curl command but I get this notification here:

2022-06-22 11_27_58-SRV-WAZUH.png

And the API is still not reachable..
Appreciate your help thanks!

stganmat FCB

unread,
Jun 22, 2022, 5:30:11 AM6/22/22
to Wazuh mailing list
PS: The wazu manager is up and running!

Atul Chadha

unread,
Jun 22, 2022, 5:42:27 AM6/22/22
to Wazuh mailing list

I read this thread just in time before posting my issue.

Jun 22 09:06:32 somehostname env: Starting Wazuh v4.3.4...
Jun 22 09:06:44 somehostname env: wazuh-apid did not start correctly.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service: control process exited, code=exited status=1
Jun 22 09:06:44 somehostname systemd: Failed to start Wazuh manager.
Jun 22 09:06:44 somehostname systemd: Unit wazuh-manager.service entered failed state.
Jun 22 09:06:44 somehostname systemd: wazuh-manager.service failed.

I have tried reading logs from /var/ossec/logs and ran the "/var/ossec/bin/wazuh-control enable debug" command too however couldn't figure out the reason. Any help is much appreciated.

Christian Bassey

unread,
Jun 22, 2022, 5:52:18 AM6/22/22
to Wazuh mailing list
Did you create any new credentials while performing the installation?

That message is typically as a result of wrong credentials. 

From the guide, it looks like you are using the installation with Elastic option. Did you perform the user creations? (from the guide it looks like the credentials are admin:admin)

Also, has the filebeat configuration file been updated with the elastic user information? https://documentation.wazuh.com/current/deployment-options/elastic-stack/all-in-one-deployment/index.html#:~:text=Edit%20the%20file,the%20following%20line%3A

Christian Bassey

unread,
Jun 22, 2022, 5:53:24 AM6/22/22
to Wazuh mailing list
Hi Atulchadha,

I recommend you open a new thread with your issue so this one is kept clean. A member of the team will help you.

Thanks!

Atul Chadha

unread,
Jun 22, 2022, 5:57:37 AM6/22/22
to Wazuh mailing list

Thank you ! Will open a new thread

stganmat FCB

unread,
Jun 22, 2022, 6:23:07 AM6/22/22
to Wazuh mailing list
I performed the automatic installation like in the link that I posted first... (not more)
I don't know if I have performed the user creations (I don't think so - was automated).

The filebeat test gave me following output:

2022-06-22 12_22_21-SRV-WAZUH.png

Christian Bassey

unread,
Jun 22, 2022, 6:37:10 AM6/22/22
to Wazuh mailing list
Just to be clear, you used Option 1: Automated install of Wazuh Server on Ubuntu 20.04|18.04 using script https://computingforgeeks.com/how-to-install-wazuh-server-on-ubuntu/?unapproved=11212&moderation-hash=10ffd30c89ef51aac536ff9660f6e731#comment-11212:~:text=lsb%2Drelease%20gnupg2-,Option%201,-%3A%20Automated%20install%20of ?

- Did you try to install kibana etc?
- Can I see your Login interface (so I can be certain of the installation option you used i.e Wazuh indexer or Elastic with kibana)?
- Please provide the config file /usr/share/kibana/data/wazuh/config/wazuh.yml (remove passwords e.t.c.). From this file, it looks like you are using elastic though. 





stganmat FCB

unread,
Jun 22, 2022, 7:36:57 AM6/22/22
to Wazuh mailing list
Yes exactly used this guide.

-Yes I installed kibana etc.
-exactly used kibana with elastic2022-06-22 13_33_59-Elastic.png
-Ok in this file I have only these things (the other was excluded blue font)

default:
port: 55000
username: wazuh
pasosword: ***
run_as: false

more I don't have in this file.

Thank you Christian for your help!

Christian Bassey

unread,
Jun 22, 2022, 8:22:34 AM6/22/22
to Wazuh mailing list
Please check  /usr/share/kibana/plugins/wazuh/wazuh.yml and confirm that the username and password in  /usr/share/kibana/data/wazuh/config/wazuh.yml is the same.

Also, please share the output of the command below:

cat /usr/share/kibana/plugins/wazuh/package.json | grep -i -E "version|revision"

stganmat FCB

unread,
Jun 22, 2022, 8:34:08 AM6/22/22
to Wazuh mailing list
Thank you.
I checked the two files.
In this file was nothing into:  /usr/share/kibana/plugins/wazuh/wazuh.yml  
I inserted the same like in the other file.

This is the output of the asked command:

2022-06-22 14_32_36-SRV-WAZUH.png

Christian Bassey

unread,
Jun 22, 2022, 8:43:48 AM6/22/22
to Wazuh mailing list
Ok. 

Please restart Kibana and let me know if the API connects now.

Also, it looks like you are installing v4.2.5. The latest is v4.3.4. Since you do not have any events or agents connected yet, would you prefer to use the uninstallation guide(https://documentation.wazuh.com/current/user-manual/uninstall/open-distro.html) to remove all components, then reinstall Wazuh v4.3.4 ( https://documentation.wazuh.com/current/quickstart.html#installing-wazuh)?



stganmat FCB

unread,
Jun 22, 2022, 10:01:54 AM6/22/22
to Wazuh mailing list
Yes now it works, but I don't have anymore elastic search. But i'ts ok for the moment.
Thank you for your help!

Christian Bassey

unread,
Jun 22, 2022, 11:56:30 AM6/22/22
to Wazuh mailing list
Great!

Glad to have helped.

To explore Wazuh features, you may want to checkout our proof of concept guide here(https://documentation.wazuh.com/current/proof-of-concept-guide/index.html).
Reply all
Reply to author
Forward
0 new messages