Installation Error of Wazuh Dashboard

[KevinK Leung]

Dear Brothers,

 

I have tried to install the dashboard in the distribution mode, however when I reach the final step to install the Wazuh dashboard, it said “Failed to connect with node-1” connection refused.”

 

I have separate the installation of Wazuh-indexer, Wazuh-dashboard and Wazuh-server in 3 different server to host it. When I install the indexer and server, the steps are quite smooth.

 

The screen cap of the error are as below:

 

Anyone can have any idea? Thanks a lot.

 

[root@wazuh-dashboard ~]# bash wazuh-install.sh --wazuh-dashboard dashboard

13/05/2022 18:27:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.0

13/05/2022 18:27:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log

13/05/2022 18:27:48 INFO: Wazuh repository added.

13/05/2022 18:27:49 INFO: --- Wazuh dashboard ----

13/05/2022 18:27:49 INFO: Starting Wazuh dashboard installation.

13/05/2022 18:30:06 INFO: Wazuh dashboard installation finished.

13/05/2022 18:30:06 INFO: Wazuh dashboard post-install configuration finished.

13/05/2022 18:30:12 INFO: Starting service wazuh-dashboard.

13/05/2022 18:30:12 INFO: wazuh-dashboard service started.

13/05/2022 18:30:12 INFO: Initializing Wazuh dashboard web application.

13/05/2022 18:32:13 ERROR: Cannot connect to Wazuh dashboard.

13/05/2022 18:32:13 ERROR: Failed to connect with node-1. Connection refused.

13/05/2022 18:32:13 INFO: If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option

13/05/2022 18:32:13 INFO: --- Removing existing Wazuh installation ---

13/05/2022 18:32:13 INFO: Removing Wazuh dashboard.

13/05/2022 18:32:28 INFO: Wazuh dashboard removed.

13/05/2022 18:32:28 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue

 

 

The file of /var/log/Wazuh-install.log file are:

 

[root@wazuh-dashboard ~]# cat /var/log/wazuh-install.log

13/05/2022 18:27:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.0

13/05/2022 18:27:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log

[wazuh]

gpgcheck=1

gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH

enabled=1

name=EL-${releasever} - Wazuh

baseurl=https://packages.wazuh.com/4.x/yum/

protect=1

13/05/2022 18:27:48 INFO: Wazuh repository added.

13/05/2022 18:27:49 INFO: --- Wazuh dashboard ----

13/05/2022 18:27:49 INFO: Starting Wazuh dashboard installation.

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: mirror-hk.koddos.net

* extras: mirror-hk.koddos.net

* updates: mirror-hk.koddos.net

Resolving Dependencies

--> Running transaction check

---> Package wazuh-dashboard.x86_64 0:4.3.0-2 will be installed

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

Package                  Arch            Version          Repository      Size

================================================================================

Installing:

wazuh-dashboard          x86_64          4.3.0-2          wazuh          187 M

 

Transaction Summary

================================================================================

Install  1 Package

 

Total download size: 187 M

Installed size: 768 M

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : wazuh-dashboard-4.3.0-2.x86_64                               1/1

  Verifying  : wazuh-dashboard-4.3.0-2.x86_64                               1/1

 

Installed:

  wazuh-dashboard.x86_64 0:4.3.0-2

 

Complete!

13/05/2022 18:30:06 INFO: Wazuh dashboard installation finished.

13/05/2022 18:30:06 INFO: Wazuh dashboard post-install configuration finished.

13/05/2022 18:30:12 INFO: Starting service wazuh-dashboard.

Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.

13/05/2022 18:30:12 INFO: wazuh-dashboard service started.

13/05/2022 18:30:12 INFO: Initializing Wazuh dashboard web application.

sed: can't read /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml: No such file or directory

13/05/2022 18:32:13 ERROR: Cannot connect to Wazuh dashboard.

13/05/2022 18:32:13 ERROR: Failed to connect with node-1. Connection refused.

13/05/2022 18:32:13 INFO: If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option

13/05/2022 18:32:13 INFO: --- Removing existing Wazuh installation ---

13/05/2022 18:32:13 INFO: Removing Wazuh dashboard.

Loaded plugins: fastestmirror

Resolving Dependencies

--> Running transaction check

---> Package wazuh-dashboard.x86_64 0:4.3.0-2 will be erased

--> Finished Dependency Resolution

 

Dependencies Resolved

 

================================================================================

Package                 Arch           Version            Repository      Size

================================================================================

Removing:

wazuh-dashboard         x86_64         4.3.0-2            @wazuh         768 M

 

Transaction Summary

================================================================================

Remove  1 Package

 

Installed size: 768 M

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Stopping wazuh-dashboard service...  Erasing    : wazuh-dashboard-4.3.0-2.x86_64                               1/1

warning: /etc/wazuh-dashboard/opensearch_dashboards.yml saved as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmsave

  Verifying  : wazuh-dashboard-4.3.0-2.x86_64                               1/1

 

Removed:

  wazuh-dashboard.x86_64 0:4.3.0-2

 

Complete!

13/05/2022 18:32:28 INFO: Wazuh dashboard removed.

13/05/2022 18:32:28 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

Kevin Leung

IT Security Specialist

Easy Great Technology Limited

https://www.ecg-tech.com/

 

[Alberto Rodriguez]

Hello,It seems that the dashboard node can't connect to the Wazuh indexer cluster. Rememberer that after setting the Wazuh indexer cluster you need to start the security settings, to do this run the following command on any one of the indexer nodes:

bash wazuh-install.sh -s

After the cluster security has been initialized test the cluster status by doing the following API call to Wazuh indexer:

curl -XGET curl https://elasticsearch_ip:9200/_cluster/health -u admin:admin_password -k

Check that the cluster status is green and that the number of nodes is correct.Then check that the Wazuh dashboard node can connect to the Wazuh indexer cluster, run:

curl -XGET curl https://elasticsearch_ip:9200 -u admin:admin_password -k

If everything is correct install the Wazuh dashboard using the installation assistant:

bash wazuh-install.sh -wd wazuh-dashboard-node-name


Please let me know if it works. 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c46bb71871d8d56aa769d90a20e88bf2%40mail.gmail.com.

[KevinK Leung]

Dear Alberto

 

I just execute the first statement successfully.

 

What is my elastic search ip? Does it the same with Wazuh indexer?

 

Kevin Leung

IT Security Specialist

Easy Great Technology Limited

https://www.ecg-tech.com/

 

[Alberto Rodriguez]

Yes, you can use your internal IP which is the same. It was a mistake, to say "elasticsearch", we want to say "indexer", sorry for that. 

--

Alberto Rodriguez CICD/DevOps TL  The Open Source Security Platform

* This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. Any dissemination, copying or distribution to third parties without the express consent of the sender is strictly prohibited. If you have received this message in error, please delete it immediately and notify the sender. Thank you for your collaboration.

[KevinK Leung]

Hello Alberto,

 

While I type your suggested commands, it looks generate some errors/it go ahead to display the codes. What steps I goes wrong?

 

 

curl -XGET curl https://elasticsearch_ip:9200 -u admin:admin_password -k

curl -XGET curl https://elasticsearch_ip:9200/_cluster/health -u admin:admin_password -k

 

 

 

Kevin Leung

IT Security Specialist

Easy Great Technology Limited

https://www.ecg-tech.com/

+852 5483 2178

[Alberto Rodriguez]

Hello KevinK

We had a problem with the mail formatting, so curl use was repeated.

curl -XGET https://elasticsearch_ip:9200 -u admin:admin_password -k
curl -XGET https://elasticsearch_ip:9200/_cluster/health -u admin:admin_password -k

Use those please and sorry for the inconvenience.

Alberto Rodriguez DevOps/CICD/Installers manager

[KevinK Leung]

Dear Alberto

I have changed the scarnio. I reinstall the server and group all Wazuh component into a single host,

As the same with pervious try, the installation of indexer and server is success while the dashboard installation is failed.

This time I install with FD option, it finally can install the dashboard. But it said it can’t communicate to the indexer cluster server.

 

 

Before using the FD option, I have tried with the below steps which you have advised me to do last time, does it mean it was correct?

 

 

 

 

 

 

Kevin Leung

IT Security Specialist

Easy Great Technology Limited

https://www.ecg-tech.com/

+852 5483 2178

[Daniel Folch]

Hello,

That error usually indicates that the security settings are not initialized in the Wazuh indexer cluster, you can initialize them by running:

./wazuh-install.sh -s

In one of the Wazuh indexer nodes.

After this restart the Wazuh dashboard service or reinstall it using the -o|--overwrite option.

./wazuh-install.sh -wd dashboard-name -o

​