error
94 просмотра
Перейти к первому непрочитанному сообщению
stetnt4
15 сент. 2023 г., 10:20:0515.09.2023
– Wazuh | Mailing List
Wazuh dashboard server is not ready yet
stetnt4
15 сент. 2023 г., 10:41:5915.09.2023
– Wazuh | Mailing List
пятница, 15 сентября 2023 г. в 17:20:05 UTC+3, stetnt4:
stetnt4
15 сент. 2023 г., 10:44:1115.09.2023
– Wazuh | Mailing List
пятница, 15 сентября 2023 г. в 17:41:59 UTC+3, stetnt4:
Olusegun Adenrele Oyebo
15 сент. 2023 г., 11:35:0715.09.2023
– Wazuh | Mailing List
Hello,
Thank you for using Wazuh.
What changes did you make on your Wazuh environment before encountering this error?
Kindly run the below commands on your Wazuh components and revert with the output:
Can you also run the below commands on your Wazuh components to restart the services and check if that resolves the issue
You can also check the link on more troubleshooting steps for your perusal.
Will be expecting your feedback so as to assist you further.
Best regards
Thank you for using Wazuh.
What changes did you make on your Wazuh environment before encountering this error?
Kindly run the below commands on your Wazuh components and revert with the output:
- journalctl -u wazuh-dashboard
- journalctl -u wazuh-indexer
- cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
- cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
- cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
Can you also run the below commands on your Wazuh components to restart the services and check if that resolves the issue
- systemctl restart wazuh-indexer
- systemctl restart wazuh-manager
- systemctl restart filebeat
- systemctl restart wazuh-dashboard.
You can also check the link on more troubleshooting steps for your perusal.
Will be expecting your feedback so as to assist you further.
Best regards
Olusegun Adenrele Oyebo
16 сент. 2023 г., 11:48:3816.09.2023
– Wazuh | Mailing List
Hello,
Thank you for your response.
It seems some of the logs/information requested are missing:
Will be expecting your feedback so as to assist you further.
Best regards.
Thank you for your response.
It seems some of the logs/information requested are missing:
- Was there any change(s) made in your environment prior to this error?
- The output of journalctl -u wazuh-dashboard
- The output of journalctl -u wazuh-indexer
- filebeat test output
- df -h (free disk space)
- top (memory and CPU utilization)
Will be expecting your feedback so as to assist you further.
Olusegun Adenrele Oyebo
17 сент. 2023 г., 09:58:2117.09.2023
– Wazuh | Mailing List
Hello,
Thanks for your response.
What steps did you follow to install your Wazuh central components? We have an official documentation on step by step installation and also a Quickstart that guides on the installation steps. Kindly confirm that was what you used as guide.
I can see that there seems to be some certificate related issues from your filebeat test output you shared "Error x509: certificate signed by unknown authority". Can you confirm that you have the wazuh server certificates in the directory /etc/filebeat/certs/ and also confirm that they have the Wazuh server node certificate name as specified in the config.yml when you were creating the certificates. Here is a section that describes how to deploy the certificates to the filebeat directory. You can also check this link on more information on how to create and deploy certificates.
Also from the Wazuh indexer logs you shared, there is this line "exception in thread main settingsexception failed to load settings from opensearch.yml". This error could be as a result of a misconfiguration in your /etc/wazuh-indexer/opensearch.yml file. Can you review it again and make sure that all configurations are in place. You can use this guide which should assist you on the necessary configurations to make in the file.
I hope this was helpful. Do not hesitate to get back to us again if you're still facing the issue or you have any other query.
Thanks for your response.
What steps did you follow to install your Wazuh central components? We have an official documentation on step by step installation and also a Quickstart that guides on the installation steps. Kindly confirm that was what you used as guide.
I can see that there seems to be some certificate related issues from your filebeat test output you shared "Error x509: certificate signed by unknown authority". Can you confirm that you have the wazuh server certificates in the directory /etc/filebeat/certs/ and also confirm that they have the Wazuh server node certificate name as specified in the config.yml when you were creating the certificates. Here is a section that describes how to deploy the certificates to the filebeat directory. You can also check this link on more information on how to create and deploy certificates.
Also from the Wazuh indexer logs you shared, there is this line "exception in thread main settingsexception failed to load settings from opensearch.yml". This error could be as a result of a misconfiguration in your /etc/wazuh-indexer/opensearch.yml file. Can you review it again and make sure that all configurations are in place. You can use this guide which should assist you on the necessary configurations to make in the file.
I hope this was helpful. Do not hesitate to get back to us again if you're still facing the issue or you have any other query.
stetnt4
17 сент. 2023 г., 10:51:1217.09.2023
– Wazuh | Mailing List
Hello!Looks like I made a mistake with the certificates
воскресенье, 17 сентября 2023 г. в 16:58:21 UTC+3, Olusegun Adenrele Oyebo:
stetnt4
17 сент. 2023 г., 11:52:0317.09.2023
– Wazuh | Mailing List
I redid the certificates, but filebeat does not connect to elasticsearch, Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)).wazuh-indexer does not start
воскресенье, 17 сентября 2023 г. в 17:51:12 UTC+3, stetnt4:
stetnt4
18 сент. 2023 г., 03:55:2518.09.2023
– Wazuh | Mailing List
воскресенье, 17 сентября 2023 г. в 18:52:03 UTC+3, stetnt4:
stetnt4
18 сент. 2023 г., 08:14:3918.09.2023
– Wazuh | Mailing List
понедельник, 18 сентября 2023 г. в 10:55:25 UTC+3, stetnt4:
Olusegun Adenrele Oyebo
21 сент. 2023 г., 06:36:2121.09.2023
– Wazuh | Mailing List
Hello,
It seems there actually is some certificate related issue with your filebeat. Kindly confirm that your filebeat config file /etc/filebeat/filebeat.yml has the paths to where the filebeat certificate files are and also you have the necessary certificate files in the directory when you run the command ls -al /etc/filebeat/certs/. Screenshots are attached for your reference and guide.
Also the guide gives more insight on how to go about it. You can also check the deploying certificates section.
I can see that you shared the service status for both Wazuh indexer and elasticsearch. Are you running both on one server?
Let us know the feedback after verifying and in case you'll need any other help.
Best regards.
It seems there actually is some certificate related issue with your filebeat. Kindly confirm that your filebeat config file /etc/filebeat/filebeat.yml has the paths to where the filebeat certificate files are and also you have the necessary certificate files in the directory when you run the command ls -al /etc/filebeat/certs/. Screenshots are attached for your reference and guide.
Also the guide gives more insight on how to go about it. You can also check the deploying certificates section.
I can see that you shared the service status for both Wazuh indexer and elasticsearch. Are you running both on one server?
Let us know the feedback after verifying and in case you'll need any other help.
Best regards.
stetnt4
21 сент. 2023 г., 06:58:5621.09.2023
– Wazuh | Mailing List
Thank you! I already figured it out
четверг, 21 сентября 2023 г. в 13:36:21 UTC+3, Olusegun Adenrele Oyebo:
Olusegun Adenrele Oyebo
23 сент. 2023 г., 11:28:2323.09.2023
– Wazuh | Mailing List
Hello,
I trust you're doing well.
This is good news. It will also be nice if you're able to revert back to us how you were able to resolve the issue.
Will be expecting your feedback. In case you need any other assistance going forward, do not hesitate to reach out.
Best regards.
I trust you're doing well.
This is good news. It will also be nice if you're able to revert back to us how you were able to resolve the issue.
Will be expecting your feedback. In case you need any other assistance going forward, do not hesitate to reach out.
Best regards.
Ответить всем
Отправить сообщение автору
Переслать
0 новых сообщений