Wazuh Dashboard Server Fails After 4.8 Upgrade
42 views
Skip to first unread message
John
Jul 2, 2024, 6:34:57 AM (21 hours ago) Jul 2
to Wazuh | Mailing List
Hello! I'm looking for some help to restore my Wazuh.
I upgraded my stand-alone Wazuh server from v4.7 to 4.8. The upgrade went fine without error; however, when I restarted services, the Dashboard did not come back up.
Wazuh dashboard server is not ready yet
I'm seeing Java errors thrown by the indexer service as shown below. additionally, I'm unable to get a response from any curl commands, such as:
```
[root@wazuh-server ossec]# curl -X GET "localhost:9200/_cluster/health?pretty"
curl: (52) Empty reply from server
curl: (52) Empty reply from server
```
Wazuh Services Status:
```
[wazuh-user@wazuh-server ~]$ systemctl status wazuh-*
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:12:53 UTC; 4min 51s ago
Main PID: 4048 (node)
CGroup: /system.slice/wazuh-dashboard.service
└─4048 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-...
Jul 02 10:17:10 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:13 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:15 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:18 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:33 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:36 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:39 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:40 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:40 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:42 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:17:19 UTC; 25s ago
Docs: https://documentation.wazuh.com
Main PID: 22264 (java)
CGroup: /system.slice/wazuh-indexer.service
└─22264 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.ca...
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.MasterSe...6)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.TaskBatc...4)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.TaskBatc...2)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.T...9)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.P...2)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.P...5)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.util.concurrent.ThreadPo...6)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.util.concurrent.ThreadPo...5)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.lang.Thread.run(Thread.j...3)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: For complete error details, refer to the l...og
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:15:53 UTC; 1min 51s ago
Process: 21593 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/wazuh-manager.service
├─14968 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14969 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14972 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14975 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14999 /var/ossec/bin/wazuh-integratord
├─15020 /var/ossec/bin/wazuh-authd
├─15041 /var/ossec/bin/wazuh-db
├─15105 /var/ossec/bin/wazuh-execd
├─15183 /var/ossec/bin/wazuh-maild
├─15190 /var/ossec/bin/wazuh-analysisd
├─15200 /var/ossec/bin/wazuh-syscheckd
├─16088 /var/ossec/bin/wazuh-remoted
├─17166 /var/ossec/bin/wazuh-logcollector
├─17224 /var/ossec/bin/wazuh-monitord
└─18314 /var/ossec/bin/wazuh-modulesd
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-db already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-execd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-maild already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-analysisd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-syscheckd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-remoted already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-logcollector already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-monitord already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-modulesd already running...
Jul 02 10:15:53 wazuh-server env[21593]: Completed.
Hint: Some lines were ellipsized, use -l to show in full.
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:12:53 UTC; 4min 51s ago
Main PID: 4048 (node)
CGroup: /system.slice/wazuh-dashboard.service
└─4048 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-...
Jul 02 10:17:10 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:13 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:15 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:18 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:33 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:36 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:39 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:40 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:40 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
Jul 02 10:17:42 wazuh-server opensearch-dashboards[4048]: {"type":"log","@timestamp":"2024-07-02T1..."}
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:17:19 UTC; 25s ago
Docs: https://documentation.wazuh.com
Main PID: 22264 (java)
CGroup: /system.slice/wazuh-indexer.service
└─22264 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.ca...
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.MasterSe...6)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.TaskBatc...4)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.cluster.service.TaskBatc...2)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.T...9)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.P...2)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at org.opensearch.common.util.concurrent.P...5)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.util.concurrent.ThreadPo...6)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.util.concurrent.ThreadPo...5)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: at java.base/java.lang.Thread.run(Thread.j...3)
Jul 02 10:17:21 wazuh-server systemd-entrypoint[22264]: For complete error details, refer to the l...og
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:15:53 UTC; 1min 51s ago
Process: 21593 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/wazuh-manager.service
├─14968 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14969 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14972 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14975 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─14999 /var/ossec/bin/wazuh-integratord
├─15020 /var/ossec/bin/wazuh-authd
├─15041 /var/ossec/bin/wazuh-db
├─15105 /var/ossec/bin/wazuh-execd
├─15183 /var/ossec/bin/wazuh-maild
├─15190 /var/ossec/bin/wazuh-analysisd
├─15200 /var/ossec/bin/wazuh-syscheckd
├─16088 /var/ossec/bin/wazuh-remoted
├─17166 /var/ossec/bin/wazuh-logcollector
├─17224 /var/ossec/bin/wazuh-monitord
└─18314 /var/ossec/bin/wazuh-modulesd
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-db already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-execd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-maild already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-analysisd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-syscheckd already running...
Jul 02 10:15:50 wazuh-server env[21593]: wazuh-remoted already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-logcollector already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-monitord already running...
Jul 02 10:15:51 wazuh-server env[21593]: wazuh-modulesd already running...
Jul 02 10:15:53 wazuh-server env[21593]: Completed.
Hint: Some lines were ellipsized, use -l to show in full.
```
Filebeat Service Status
```
[wazuh-user@wazuh-server ~]$ systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:13:16 UTC; 5min ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 6130 (filebeat)
CGroup: /system.slice/filebeat.service
└─6130 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.y...
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-07-02 10:13:16 UTC; 5min ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 6130 (filebeat)
CGroup: /system.slice/filebeat.service
└─6130 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.y...
```
Thank you!
Message has been deleted
Alan Baltic
Jul 2, 2024, 7:18:48 AM (20 hours ago) Jul 2
to Wazuh | Mailing List
Victor Carlos Erenu
Jul 2, 2024, 8:12:21 AM (19 hours ago) Jul 2
to Wazuh | Mailing List
Hello John
It seems that Wazuh Dashboard is not able to access Wazuh indexer. You should check that the indexer is accessible and that your configuration in the file /usr/share/wazuh-dashboard/opensearch_dashboards.yml is correct.
To test the availability of Wazuh indexer you can test it with cURL:
$ curl -u admin:<ADMIN_PASSWORD> https://<INDEXER_IP>:9200/_cluster/health?pretty -k
Also you can access from the browser in incognito to test if it is not a data cache problem from the previous version.
It seems that Wazuh Dashboard is not able to access Wazuh indexer. You should check that the indexer is accessible and that your configuration in the file /usr/share/wazuh-dashboard/opensearch_dashboards.yml is correct.
To test the availability of Wazuh indexer you can test it with cURL:
$ curl -u admin:<ADMIN_PASSWORD> https://<INDEXER_IP>:9200/_cluster/health?pretty -k
Also you can access from the browser in incognito to test if it is not a data cache problem from the previous version.
John
Jul 2, 2024, 8:13:36 PM (7 hours ago) Jul 2
to Wazuh | Mailing List
Hello, Victor Carlos Erenu.
Here's what I see:
```
```
curl -u admin:<masked> https://localhost:9200/_cluster/health?pretty -k
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 947,
"active_shards" : 947,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 947,
"active_shards" : 947,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
```
Reply all
Reply to author
Forward
0 new messages