Wazuh.yml does not exits

[taddee zeufack]

Hello every one.

I'm new with Wazuh and i need your help

I'm testing the installation of wazuh on 02 VM (1 with wazuh server and wazuh indexer add the other one with wazuh dashboard)

This is the problem. After following the document (the one step by step) all the components had been well installed; but when i want to configure this file, /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

it doesn't exists.

So please i need your help

The version i install is wazuh 4.4 and server is ubuntu 20.04 and i use VirtualBox 

[Alexander Bohorquez]

Hi Teaddee,

Thank you for using Wazuh!

Did you follow this guide: https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html to perform the installation of your Wazuh dashboard component? 

If the answer is yes, after deploying the certificates. Did you start your Wazuh dashboard service by running:

# systemctl start wazuh-dashboard

If the service is running, the configuration file should be there under: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml.

I look forward to your comments!

[taddee zeufack]

Hello Alexander (it is taddee not teaddee but the is no problem)

Like i said i have respect all the step in the documentation but the file does not exits

nb : i have copy the wazuh-certificates.tar under (etc/wazuh-dashboard) could this be the problem??

I'm waiting for your response

Thanks 

[Alexander Bohorquez]

Hello Taddee,

Could you please confirm that your Wazuh-dashboard and Wazuh-indexer component services are up and running? 

Please share with me the following log outputs:

grep -iE 'WARN|ERR' /var/log/wazuh-indexer/wazuh-cluster.log

(Please replace wazuh-cluster with the name of your cluster).

journalctl -u wazuh-dashboard -f -n 100

Feel free to hide any relevant information from your environment.

And about the certificates, they should be copied to /etc/wazuh-indexer/certs and /etc/wazuh-dashboard/certs. 

I look forward to your comments!

[taddee zeufack]

Hello Alexander,

Thanks again for your reaction, 

But i have decide to reinstall wazuh by using the https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/installation-assistant.html 

for every component and it has function. So i cant do what you want me to do

But i will restart another day and i will give you the feedback

Thanks again

[taddee zeufack]

Hello Alexander.

I have restart the installation and i  still have the same problem and this are the output you have asked 

And a new one have appear on the server node.

Regards

[Ragnar Barnsby]

For anyone else finding this years later...

1. Open the file 'opensearch_dashboards.yml'
nano /etc/wazuh-dashboard/opensearch_dashboards.yml

2. Find the line 3rd line that by default reads 'opensearch.hosts: https://localhost:9200'

3. Change this line to use the actual IP of your Indexer. It can't be 'localhost' and it can't be '127.0.0.1'
E.g. opensearch.hosts: https://192.168.1.100:9200

The reason is if you leave it as localhost it tries to use IPV6, and if you change it to 127.0.0.1 it gets a connection refused error.

You can check for errors by running the service and looking at the status after a few seconds.
systemctl start wazuh-dashboard
systemctl status wazuh-dashboard

You may need to press the right arrow to read the full status log messages.