Indices

23 views
Skip to first unread message

Vicente millán

unread,
Sep 20, 2021, 4:04:00 PM9/20/21
to Wazuh mailing list
wazuh has not shown the alerts for 12 hours and is not creating the indexes I have done everything that I have achieved on the internet and in the wazuh doc and nothing that I solve, if someone could help me version 4.1.5

Alberto Rodriguez

unread,
Sep 20, 2021, 4:47:20 PM9/20/21
to Wazuh mailing list
If you are not seeing alerts, it could be due to the following reasons: 
  1. Your wazuh manager is not running. Please check it with `systemctl status wazuh-manager` or `service wazuh-manager status`. 
  2. Filebeat is not sending alerts to Elasticsearch. Please check filebeat service with `systemctl status filebeat` or `service filebeat status`. 
If the wazuh manager was not working, please share the `/var/ossec/logs/ossec.log` file in order to determine who stopped it. To start it, run `systemctl start wazuh-manager` or `service wazuh-manager start`. 
If  filebeat was not working,  please share the `/var/logs/filebeat` file in order to determine who stopped it. To start it, run `systemctl start filebeat` or `service filebeat start`. 

Regards, 
Alberto R
Reply all
Reply to author
Forward
0 new messages