Wazuh Kibana plugin disappeared from side bar.
1,263 views
Skip to first unread message
Gert Verhoog
Jul 3, 2017, 8:53:05 PM7/3/17
to Wazuh mailing list
Hi all,
We performed an `apt-get dist-upgrade` on our wazuh / ELK server. Unfortunately, that seems to have confused Kibana: it doesn't show the Wazuh plugin/app icon in the side bar any longer. (FWIW, I have "Discover", "Visualise", "Dashboard", "Timelion", "Dev Tools", and "Management" — There used to be an entry "Wazuh" as well). Clicking on "Dashboard" still shows the "OSSEC Alerts" dashboard, but I can't access any of the wazuh dashboards any longer.
The Wazuh plugin was originally installed (after installing ELK) with the following command. I haven't yet tried to run this again, preferring rather to understand what went wrong before doing this:
Requesting https://my.server/app/wazuh (or anything under /app/wazuh/) returns a JSON document that says:
{statusCode: 404, error: "Not Found", message: "Unknown app wazuh"}On the server itself, it seems to think that it's still installed:
$ /usr/share/kibana/bin/kibana-plugin list
wazuh@2.0.0
$
The files are still there:
$ ls -lsa /usr/share/kibana/plugins/wazuh
4 drwxr-xr-x 7 root root 4096 May 12 14:12 .
4 drwxrwxr-x 3 kibana kibana 4096 May 12 14:12 ..
4 drwxr-xr-x 2 root root 4096 May 12 14:12 configuration
4 drwxr-xr-x 8 root root 4096 May 12 14:12 .git
4 -rw-r--r-- 1 root root 1187 May 12 14:12 index.js
4 -rw-r--r-- 1 root root 288 May 12 14:12 init.js
20 -rw-r--r-- 1 root root 18046 May 12 14:12 LICENSE
4 drwxr-xr-x 13 root root 4096 May 12 14:12 node_modules
4 -rw-r--r-- 1 root root 748 May 12 14:12 package.json
4 drwxr-xr-x 9 root root 4096 May 12 14:12 public
4 -rw-r--r-- 1 root root 2163 May 12 14:12 README.md
4 drwxr-xr-x 4 root root 4096 May 12 14:12 server
Does anyone understand what might've gone wrong? Where does Kibana store the side bar information?
Many thanks!
Gert
alberto....@wazuh.com
Jul 4, 2017, 7:04:45 AM7/4/17
to Wazuh mailing list
Hello Gert
When you installed the Wazuh App you did it with a "correlative" version between Wazuh app and Kibana. After a upgrade of the operative system this correlation is broken. It's necessary to update the Wazuh, so please follow these steps:
/usr/share/kibana/bin/kibana-plugin remove wazuhrm -rf /usr/share/kibana/optimize/bundles//usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.4.3.zipHope it helps.
Best regards,
Talis
Jul 10, 2017, 3:33:25 PM7/10/17
to Wazuh mailing list
Same thing happened to me.
I tried uninstalling and reinstalling wazuh plugin and got error message:
'Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.5.0]; found [5.4.3]"'
The wazuh plugin is set to work with Kibana 5.4.3, but Kibana just updated to 5.5.0.
If you look at my post I got a reply saying the Wazuh team should have updated wazuh plugin soon ("I believe It will be ready in some hours" is the exact response I got).
I tried uninstalling and reinstalling wazuh plugin and got error message:
'Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.5.0]; found [5.4.3]"'
The wazuh plugin is set to work with Kibana 5.4.3, but Kibana just updated to 5.5.0.
If you look at my post I got a reply saying the Wazuh team should have updated wazuh plugin soon ("I believe It will be ready in some hours" is the exact response I got).
alberto....@wazuh.com
Jul 11, 2017, 3:47:27 AM7/11/17
to Wazuh mailing list
Hello Talis
Indeed, the trick indicated in the previous message is not valid for the new update: Kibana 5.5.0. ELK has released the new version and we are working on it. When the new version be available, the instruction indicated in the previous message will be valid changing the version of the Wazuh App package: "wazuhapp-2.0_5.5.0.zip". Thanks your patience and please stay tuned for the new WazuhApp.
Best regards,
Manuel Albarral
Jul 11, 2017, 8:27:59 AM7/11/17
to Wazuh mailing list
Hello Gert,
A new plugin version has been released to support Kibana 5.5.0, you can download it here https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.5.0.zip.
To update it, please remove first the bundles folder rm -rf /usr/share/kibana/optimize/bundles/.
Now, you can install the App /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.5.0.zip
Thanks for waiting, any feedback is welcome,
Manuel.
On Tuesday, July 4, 2017 at 2:53:05 AM UTC+2, Gert Verhoog wrote:
Gert Verhoog
Aug 27, 2017, 11:54:46 PM8/27/17
to Wazuh mailing list
Hi Manuel,
We just hit this issue again after upgrading our server. Is there anything we can do to automate finding the correct version to install? We provision our wazuh server through puppet, and basically every time we run puppet the Wazuh Kibana plugin breaks.
Cheers,
Gert
Manuel Albarral
Aug 28, 2017, 2:08:26 AM8/28/17
to Wazuh mailing list
Hello Gert,
It is a manual process. Kibana only supports plugins with the same version, so when it is updated, you have to update the Wazuh App too. Also, if you have upgraded the Wazuh version to 2.1, it is mandatory to update the App version.
Best regards,
Manuel
Reply all
Reply to author
Forward
0 new messages