IndexerConnector failed
David Lima
May 7, 2026 @ 09:16:01.000 indexer-connector WARNING IndexerConnector initialization failed for index 'wazuh-states-inventory-packages-wazuh', retrying until the connection is successful.
<enabled>yes</enabled>
<hosts>
<host>https://10.0.52.86:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/filebeat.pem</certificate>
<key>/etc/filebeat/certs/filebeat-key.pem</key>
</ssl>
</indexer>
Md. Nazmur Sakib
Hi David,
Review the <indexer> configuration block in ossec.conf based on this doc.
Wazuh manager configuration
Make sure to replace <host>https://10.0.52.86:9200</host> with the IP address or hostname of your Wazuh indexer node, as it is defined in the filebeat configuration. You can find this value in the Filebeat configuration file at /etc/filebeat/filebeat.yml. Ensure that the <certificate> and <key> names match the files located in /etc/filebeat/certs/.
Save the Wazuh indexer username and password in the Wazuh manager keystore.
echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo 'admin_PASSWORD' | /var/ossec/bin/wazuh-keystore -f indexer -k password
Replace admin_PASSWORD with the password of the admin user.
Now, restart the Wazuh manager and wait for a few minutes
systemctl restart wazuh-manager
Wait for a few sec and check the ossec.log. Check if you have a log of vulnerability index created successfully.
cat /var/ossec/logs/ossec.log | grep -i -E "vulnerability|indexer-connector"
If it still doesn't work, share the output of these commands.
head /etc/filebeat/filebeat.yml
ls /etc/filebeat/certs/
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
cat /var/ossec/logs/ossec.log | grep -i -E "vulnerability|indexer-connector"
Let me know the update on the issue.