Re: Wazuh instalation not working, wazuh-agent pending
238 views
Skip to first unread message
Dimitri Fagart
Feb 23, 2023, 1:11:17 PM2/23/23
to wa...@googlegroups.com
Hello
I have installed elasticsearch kibana filebeat wazuh-manager on a ubuntu 22.04 VM .
I use the 7.17.6 version for kibana elastic and filebeat and version 4.3.10 for wazuh
I installed the wazuh_kibana-4.3.10_7.17.6-1.zip plugin
kibana/elastic web page works.
when selecting the Wazuh menu the checks are ok
but if selectiong the agent I get an error message :
=> "The field "timestamp" associated with this object no longer exists in the index pattern. Please use another field."
then 1 can see that 10 agent are "seen" but never connected.
On agent side they are "pending"
And on the log it seem's agent connection are rejected...
Any idee where is the error in my conf?
In google the timestamp error seem's link to the plugin (but I have installed it)
Is there some terminal command to checks that the template is realy installed?
Thanks
Chantal Belen Kelm
Feb 23, 2023, 1:39:45 PM2/23/23
to Wazuh mailing list
Hello how are you? let's try doing the following:
Go to Kibana -> Stack management -> index patterns and delete the wazuh-alerts-* one.
Then log in to the Wazuh App, and check if the problem has been solved.
I will be here waiting for your answer
Go to Kibana -> Stack management -> index patterns and delete the wazuh-alerts-* one.
Then log in to the Wazuh App, and check if the problem has been solved.
I will be here waiting for your answer
Message has been deleted
Ewok2
Feb 24, 2023, 3:48:24 AM2/24/23
to Wazuh mailing list
I have perform the instruction
=> When going back to Wazuh the check fail the first time with the folowing message
INFO: Index pattern id in cookie: no
INFO: Getting list of valid index patterns...
INFO: Valid index patterns found: 0
INFO: Found default index pattern with title [wazuh-alerts-*]: no
INFO: Checking if index pattern [wazuh-alerts-*] exists...
INFO: Index pattern id [wazuh-alerts-*] exists: no
INFO: Creating index pattern [wazuh-alerts-*]...
ACTION: Created index pattern [wazuh-alerts-*]
I
NFO: Getting list of valid index patterns...
INFO: Valid index patterns found: 0
INFO: Checking the integrity of saved objects. Validating wazuh-alerts-* can be found...
INFO: Integrity of saved objects: [ok]
INFO: Index pattern set in cookie: [wazuh-alerts-*]
INFO: Checking the app default pattern exists: id [wazuh-alerts-*]...
INFO: Default pattern with id [wazuh-alerts-*] exists: yes
ACTION: Default pattern id [wazuh-alerts-*] set as default index pattern
ERROR: The selected index-pattern is not present
INFO: Index pattern id in cookie: yes [wazuh-alerts-*]
INFO: Checking if the index pattern id [wazuh-alerts-*] exists...
INFO: Index pattern id [wazuh-alerts-*] found: yes title [wazuh-alerts-*]
INFO: Checking if exists a template compatible with the index pattern title [wazuh-alerts-*]
INFO: Template found for the selected index-pattern title [wazuh-alerts-*]: yes
I try to check again the "error" and on the second time it works
I arrive again on the page with my 10 agent never connect and with the same "timestamp" error message ...
here is the full log message :
KbnError@https://wazuh.mydomain.com/47018/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js:1:21058
SavedFieldNotFound@https://wazuh.mydomain.com/47018/bundles/plugin/kibanaUtils/kibana/kibanaUtils.plugin.js:1:21721
FieldParamType/this.write@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:361872
d/<@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:324773
d@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:324750
write@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:313506
toDsl@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:314193
toDsl/<@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:141274
toDsl@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:140375
eo/re/<@https://wazuh.mydomain.com/47018/bundles/plugin/wazuh/4.3.10-4311/wazuh.chunk.3.js:54:1156071
mergeProp@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:65935
mergeProps/<@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:66746
mergeProps@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:66722
flatten@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:67811
fetch$/r<@https://wazuh.mydomain.com/47018/bundles/plugin/data/kibana/data.plugin.js:1:62553
__kbnSharedDeps_npm__</c</t.prototype._next@https://wazuh.mydomain.com/47018/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:374:283069
__kbnSharedDeps_npm__</l</t.prototype.next@https://wazuh.mydomain.com/47018/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:21:15939
i/</<@https://wazuh.mydomain.com/47018/bundles/kbn-ui-shared-deps-npm/kbn-ui-shared-deps-npm.dll.js:427:1281806
any other idea ?
Chantal Belen Kelm
Feb 24, 2023, 9:12:05 AM2/24/23
to Wazuh mailing list
Regarding the registration process, what registration method did you use to register the agents?
You can find more information about the registration methods here: https://documentation.wazuh.com/3.10/user-manual/registering/registration-process.html#registration-methods
You can find more information about the registration methods here: https://documentation.wazuh.com/3.10/user-manual/registering/registration-process.html#registration-methods
Dimitri Fagart
Feb 25, 2023, 5:40:29 AM2/25/23
to Chantal Belen Kelm, Wazuh mailing list
Hello
I just try the manual process on two different agent.
No error when entering the command.
no log in the "/var/ossec/logs/ossec.log"
But the agent are still seen "never connected"..
By the way in the "/var/ossec/logs/ossec.log" there are trace of automatic connecting agent like
"WARNING: Duplicate name 'vm-xxx', rejecting enrollment. Agent '025' key already exists on the manager."
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/HBYeo1yhssY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3bdf0682-b915-427d-a1db-c91de4b640f0n%40googlegroups.com.
Ewok2
Feb 25, 2023, 5:46:51 PM2/25/23
to Wazuh mailing list
Argh....
Stupid error,
I try to get the "/etc/filebeat/wazuh-template.json" from
in stead of :
=> my wazuh manager is 4.3
Sorry...
And thanks for helping me ;-)
Chantal Belen Kelm
Feb 27, 2023, 1:00:37 PM2/27/23
to Wazuh mailing list
I'm glad you solved it
Thanks so much for using Wazuh!!!
Greetings!!!
Thanks so much for using Wazuh!!!
Greetings!!!
Reply all
Reply to author
Forward
0 new messages