Managing Wazuh config in Wazuh App

203 views
Skip to first unread message

Louis Bohm

unread,
Apr 19, 2019, 11:02:04 AM4/19/19
to wa...@googlegroups.com
I have Wazuh 3.8 installed on one machine with Elasticsearch/Kibana on another server.  The API key is configured and working.

I was able to update the /var/ossec/etc/ossec.conf on the manager server to change the protocol from UDP to TCP and after restarting saw the change in the Wazuh App GUI.  However, that’s the only change I am able to see in the App GUI.  Other things I have change are:
Email Address
Rotate interval
Allowed-IPs
White list
Of the above list only the white list is visible in the App GUI after restarting wash-manager.

Also, while I can see the config info (weather updated or not) I am not able to edit the values in the App GUI.

So:
1. Why am I not seeing all the updates to the ossec.conf in the App GUI?
2. Why am I not able to edit the values shown in the App GUI?  Or is this not currently supported?

Thanks,
Louis

Juan Carlos Rodríguez

unread,
Apr 23, 2019, 6:28:23 AM4/23/19
to Wazuh mailing list

Hi Louis,

For the fields you have put here, Rotate interval and White list are updated when the Wazuh manager is restarted, as that configuration is loaded into memory, and you can find it in the Global Configuration section. Allowed-IPs is part of the remote component, and to configure it, the connection must be setted as syslog, and it is necessary to list at least one IP address when using the syslog connection type. You can find more information about the configuration file here: https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/, and more specifically about the remote component here: https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/remote.html

If you're still having problems, please let us know.

On the other hand, for showing the email configuration, we have opened this issue:

https://github.com/wazuh/wazuh-kibana-app/issues/1401
Keep up to date by following it, there we will update any progress on this.

You will also need to have your smtp server well configured. You can learn how to configure it here https://documentation.wazuh.com/3.x/user-manual/manager/manual-email-report/smtp_authentication.html

And finally, at the moment the configuration is read-only, but in our next version of Wazuh (3.9), which will be released very soon, you will be able to edit the ossec.conf and the ruleset custom files in an XML editor from inside the application. This and other interesting new features will be included in our nearby next release. Stay tuned!

Best regards,
Juan Carlos

Reply all
Reply to author
Forward
0 new messages