any future support for ARM
862 views
Skip to first unread message
Matt Dunlop
Oct 3, 2019, 9:40:17 AM10/3/19
to Wazuh mailing list
I have been working with Wazuh and the ELK stack along with Suricata on servers and intel single board computers.
I have also worked with Rasberry PI. And I can get suricata to run I can't get filebeat to compile for ARM. Now I could just
forward the syslogs to a wazuh cluster but I would rather use filebeat to ship the logs.
Now that the Raspberry PI has 4 gigs of ram It looks more attractive to deploy on small networks.
David Vidriales
Oct 4, 2019, 6:42:20 AM10/4/19
to Wazuh mailing list
Hi Matt,
I hope this helps. Don't hesitate to write us back if that works for you or if you have any further problems regarding this topic.
Kind regards,
Currently, both Wazuh manager and agent can be compiled for Raspberry PI (if you have any trouble doing this please contact us so we can help you).
Probably, you can't get filebeat to compile for ARM because some dependencies can't be installed (this seems more like a Filebeat issue). You could try to use logstash instead of filebeat if you install Elasticsearch and Wazuh manager in the same host as seen in https://documentation.wazuh.com/3.10/installation-guide/installing-elastic-stack/transform_logstash.html
I hope this helps. Don't hesitate to write us back if that works for you or if you have any further problems regarding this topic.
Kind regards,
David
Matt Dunlop
Oct 4, 2019, 9:00:56 AM10/4/19
to Wazuh mailing list
Do you have a repository that we should use for the wazuh agent? as we tried the other day and it compiled with errors.
David Vidriales
Oct 4, 2019, 9:39:45 AM10/4/19
to Wazuh mailing list
Hi again,
We just compiled a Wazuh manager (master branch) in a Raspberry PI 4 (2 GB) with the latest version of Raspbian.
In order to help you, could you tell me your Raspberry PI model and OS? Could you also attach the errors you had while compiling? It'd really appreciated.
Best regards,
David
Matt Dunlop
Oct 4, 2019, 10:35:22 AM10/4/19
to Wazuh mailing list
We are also running PI 4 (4 GB) and 2019-09-26-raspbian-buster-full.
We where following this page.
this time with out any errors. now we can test that the wazuh agent can forward the suricata alerts.
David Vidriales
Oct 4, 2019, 11:01:47 AM10/4/19
to Wazuh mailing list
That's great. Let us know if that worked for you.
Regards,
David
Reply all
Reply to author
Forward
0 new messages