Multi-site implementation

[Cosmin Popa]

Hello,

I have been facing an issue with my current Wazuh implementation.

Currently, I have 3 different servers, each in different networks, that were created and Wazuh was installed at different times.

• Server1 is the latest server, it only has wazuh-dashboard (I plan to use this one as the main dashboard), it can communicate with Server1 and Server2;
• Server2 has only wazuh-indexer and wazuh-manager installed, currently, I can see the logs for this site in the dashboard on Server1;
• Server3 is the oldest server, it had wazuh-indexer, wazuh-manager and wazuh-dashboard installed (I have now disabled wazuh-dashboard), I have tried integrating it with Server1, so that I can see the logs from Server3 and Server2 at the same time on the dashboard from Server1 (each as their own site, following this guide -  https://wazuh.com/blog/wazuh-multi-site-implementation/)

Server2 and Server3 can't communicate with eachother and I plan to keep it that way. The problem that I am currently facing is that, after changing the certificates on Server3 with the ones generated from Server1 (the same that I did for Server2) and changing the configurations as per the guide, when starting the wazuh-dashboard on Server1, I get the same errors:

 {"type":"log","@timestamp":"2025-10-14T14:22:33Z","tags":["error","opensearch","data"],"pid":707244,"message":"[ResponseError]: Response Error"}

{"type":"log","@timestamp":"2025-10-14T14:22:33Z","tags":["error","savedobjects-service"],"pid":707244,"message":"Unable to retrieve version information from OpenSearch nodes."}

This only happens when Server3 is added to the opensearch_dashboards.yml file. I have confirmed that it doesn't work on its own (removing Server2 from the config). When Server2 is also alone in the config, the erros disappear. I can still access the dashboard while both servers are written to the opensearch_dashboards.yml file, but I can only see logs for Server2, but nothing for Server3.

I am looking for some assistance in troubleshooting this issue or finding out if I am missing some information regarding this kind of implementation.

Thank you,

Cosmin

[Ian Yenien Serrano]

Hi, I understand that you are having problems when connecting the two nodes to the dashboard. From what I have been researching, it may be an error when defining the opensearch.hosts configuration in the opensearch_dashboards.yml file. Could you share your configuration with me, changing any sensitive data?

[Cosmin Popa]

Hello,

This is the current opensearch_dashboards.yml file from my Server1 - which has the wazuh-dashboard:

server.host: Server1 IP
server.port: 443
opensearch.hosts: ["https://Server2IP:9200", "https://Server3IP:9200"]
opensearch.ssl.verificationMode: certificate
#opensearch.username: "kibanaserver"
#opensearch.password: 'PasswordFromServer3'
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/private.key"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/certificate.crt"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
#opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_securit>
opensearch_security.session.keepalive: false
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.cookie.secure: true
#opensearch_security.cookie.isSameSite: "Strict"
server.customResponseHeaders:
  X-Content-Type-Options: "nosniff"

Thank you,

Cosmin