Wazuh for OpenDistro for Elastic Search
342 views
Skip to first unread message
Utkarsh Bhargava
May 17, 2020, 2:22:37 PM5/17/20
to Wazuh mailing list
Hello Community,
I am trying to install Wazuh on OpenDistro for Elasticsearch but facing many problems such as:
- no permissions for indices
- Selected index pattern not found
- No options on wazuh app
I have attached screenshots of the errors that I am facing please have a look and let me know how I may fix it.
If anyone can help me with some blog and documentation that would be really helpful.
regards
Elwali Karkoub
May 18, 2020, 4:29:22 AM5/18/20
to Wazuh mailing list
Hello Utkarsh,
It seems that the default role `kibanaserver` does not have enough permission to access them. Please would you try following :
If that does not fix it. Please share with the steps(information, versions) you took for the installation.
Hope this helps,
Regards,
Wali
It seems that the default role `kibanaserver` does not have enough permission to access them. Please would you try following :
- Add admin role and disable multitenancy :
sed -i 's/kibanaserver/admin/g' /etc/kibana/kibana.yml
sed -i 's/ #multitenancy_enabled: true/ multitenancy_enabled: false/g' /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml
sed -i 's/opendistro_security.multitenancy.enabled: true/opendistro_security.multitenancy.enabled: false/g' /etc/kibana/kibana.yml
- Restart Elasticsearch and Kibana :
systemctl restart elasticsearch.servicesystemctl restart kibana.service
If that does not fix it. Please share with the steps(information, versions) you took for the installation.
Hope this helps,
Regards,
Wali
Utkarsh Bhargava
Jun 12, 2020, 5:32:18 AM6/12/20
to Elwali Karkoub, Wazuh mailing list
Hello Elwali
sorry for my delayed response. I tried it yesterday and it worked for but these commands have disabled multi tenancy feature of OpenDistro.
I need that feature along with wazuh app.
Is there any way we can have multi tenancy feature ?
regards
Utkarsh
--You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/61d567ee-3b39-4a07-8923-f53eb3c72b42%40googlegroups.com.
Kieran Bowen
Jul 22, 2020, 12:30:55 PM7/22/20
to Wazuh mailing list
Hello Utkarsh,
Re-enabling multitenancy at this point should work without any problems. You can do so by running the following:
Re-enabling multitenancy at this point should work without any problems. You can do so by running the following:
sed
-i 's/ multitenancy_enabled: false/ multitenancy_enabled:
true/g'
/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml
sed
-i 's/opendistro_security.multitenancy.enabled:
false/opendistro_security.multitenancy.enabled: true/g'
/etc/kibana/kibana.ymlThen restart Kibana and Elasticsearch. If it proceeds to break, please share whatever errors you get and, as Wali suggested, the steps taken while installing OpenDistro.
Regards,
Kieran
Reply all
Reply to author
Forward
0 new messages