ports prerequisite and distributed setup
286 views
Skip to first unread message
Kem A
Nov 15, 2023, 8:06:59 PM11/15/23
to Wazuh | Mailing List
Wazuh indexer 9200 TCP Wazuh indexer RESTful API 9300-9400 TCP Wazuh indexer cluster communication so while installing wazuh indexer it is required ?
Stuti Gupta
Nov 15, 2023, 11:30:55 PM11/15/23
to Wazuh | Mailing List
Hi Kem,
Hope you are doing well and thank you for using wazuh.
The Wazuh server uses Filebeat to send alert and event data to the Wazuh indexer, using TLS encryption. Filebeat reads the Wazuh server output data and sends it to the Wazuh indexer (by default listening on port 9200/TCP).
9200 TCP: This port is commonly associated with the Wazuh indexer RESTful API, which is often used as the backend for Wazuh. Indexer provides a RESTful interface, and port 9200 is the default port for HTTP communication with Indexers. If you're using Indexer with Wazuh, this port needs to be open for communication.
9300-9400 TCP: This range of ports is typically associated with communication between nodes in the Wazuh indexer cluster. If you are setting up an Indexer cluster for, you need to allow communication on this range of ports for inter-node communication.
When installing Wazuh, these ports may need to be open to allow communication between different components of the Wazuh architecture, such as the Wazuh manager, Wazuh Insexer, and other components.
Reference: https://documentation.wazuh.com/current/getting-started/architecture.html#wazuh-server-wazuh-indexer-communication
Hope this helps
Regards,
Hope you are doing well and thank you for using wazuh.
The Wazuh server uses Filebeat to send alert and event data to the Wazuh indexer, using TLS encryption. Filebeat reads the Wazuh server output data and sends it to the Wazuh indexer (by default listening on port 9200/TCP).
9200 TCP: This port is commonly associated with the Wazuh indexer RESTful API, which is often used as the backend for Wazuh. Indexer provides a RESTful interface, and port 9200 is the default port for HTTP communication with Indexers. If you're using Indexer with Wazuh, this port needs to be open for communication.
9300-9400 TCP: This range of ports is typically associated with communication between nodes in the Wazuh indexer cluster. If you are setting up an Indexer cluster for, you need to allow communication on this range of ports for inter-node communication.
When installing Wazuh, these ports may need to be open to allow communication between different components of the Wazuh architecture, such as the Wazuh manager, Wazuh Insexer, and other components.
Reference: https://documentation.wazuh.com/current/getting-started/architecture.html#wazuh-server-wazuh-indexer-communication
Hope this helps
Regards,
Reply all
Reply to author
Forward
0 new messages