Wazuh Dashboard install from backup
55 views
Skip to first unread message
German DiCasas
Jan 14, 2025, 7:46:23 AM1/14/25
to Wazuh | Mailing List
hi team,
I have wazuh 4.8.2-1 all in one. I deleted wazuh-dashboard by mistake and I want to restore that service from my backup of wazuh. Right now I installed wazuh-dashboard and I need restore the needed files from my backup.. but only restore dashboard not all as https://documentation.wazuh.com/current/migration-guide/restoring/wazuh-central-components.html
Let me know with files and folders are needed of my backup
Regards,
German
Julio Cesar Biset
Jan 14, 2025, 9:06:10 AM1/14/25
to Wazuh | Mailing List
Hi German.
If the only thing to reset is the Dashboard, in theory restoring only the Dashboard part (single-node or multi-node as appropriate) would be sufficient, since in your case the rest of the components are as they should be.
If you have any questions, please feel free to write back.
Regards!
German DiCasas
Jan 14, 2025, 10:47:47 AM1/14/25
to Wazuh | Mailing List
Hi Julio,
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
journalctl -u wazuh-dashboard | grep -iE "err|warn"
As first mail say I installed wazuh-dashboard. I restored etc/wazuh-dashboard/certs from backup, edited
/etc/wazuh-dashboard/opensearch_dashboards.yml,
/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml and not work. I have the legend of "Wazuh dashboard server is not ready yet" after go to webpage.
Not sure what more is needed on restore files and folders fo dashboard. Let me know if you need more information. I did the proccess https://documentation.wazuh.com/4.8/deployment-options/offline-installation.html#installing-the-wazuh-dashboard but I replace files and folders from backup
curl -XGET -k -u admin:pass "https://127.0.0.1:9200/_cluster/health"
{"cluster_name":"wazuh-cluster","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":187,"active_shards":187,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
{"cluster_name":"wazuh-cluster","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":187,"active_shards":187,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn|fail"
2025/01/14 10:42:38 wazuh-modulesd: WARNING: Response buffer size limit reached.
cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
a lot of this...
{"date":"2025-01-13T12:00:01.992Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:15:00.724Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:30:00.527Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:45:00.250Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:00:02.008Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:15:00.786Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:30:00.531Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:45:00.251Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:00:02.110Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:15:00.787Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:30:00.501Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:44:25.840Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];: cluster_block_exception: [cluster_block_exception] Reason: index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:44:25.841Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];: cluster_block_exception: [cluster_block_exception] Reason: index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:45:00.271Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:15:00.724Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:30:00.527Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T12:45:00.250Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:00:02.008Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:15:00.786Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:30:00.531Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T13:45:00.251Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:00:02.110Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:15:00.787Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:30:00.501Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:44:25.840Z","level":"error","location":"wazuh-check-updates:setSavedObject","message":"index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];: cluster_block_exception: [cluster_block_exception] Reason: index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:44:25.841Z","level":"error","location":"wazuh-check-updates:getUpdates","message":"index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];: cluster_block_exception: [cluster_block_exception] Reason: index [.kibana_4] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
{"date":"2025-01-13T14:45:00.271Z","level":"error","location":"monitoring:insertMonitoringDataElasticsearch","message":"cluster_block_exception: [cluster_block_exception] Reason: index [wazuh-monitoring-2025.3w] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}
whit
journalctl -u wazuh-dashboard | grep -iE "err|warn"
Jan 14 12:38:49 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:49Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:52 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:52Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:54 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:54Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:57 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:57Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:59 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:59Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:02 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:02Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:04 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:04Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:07 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:07Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:09 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:09Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:12 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:12Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:14 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:14Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:17 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:17Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:19 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:19Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:22 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:22Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:24 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:24Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:27 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:27Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:52 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:52Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:54 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:54Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:57 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:57Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:38:59 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:38:59Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:02 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:02Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:04 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:04Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:07 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:07Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:09 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:09Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:12 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:12Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:14 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:14Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:17 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:17Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:19 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:19Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:22 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:22Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:24 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:24Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Jan 14 12:39:27 hostname opensearch-dashboards[487673]: {"type":"log","@timestamp":"2025-01-14T15:39:27Z","tags":["error","opensearch","data"],"pid":487673,"message":"[ResponseError]: Response Error"}
Let me know.
German DiCasas
Jan 14, 2025, 1:47:59 PM1/14/25
to Wazuh | Mailing List
Ok, I fix the issue of initial web access. I did a reset of kibanaServer user and work ok .
The proccess that I did was: reinstall wazuh-dashboard, copy related files and folders from backup to the install. And the last, restore kibanapassword with:
bash wazuh-passwords-tool.sh -u kibanaserver -p NewPassword
echo
NewPassword | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
systemctl restart wazuh-dashboard
systemctl restart wazuh-dashboard
Thanks
Regards.
Julio Cesar Biset
Jan 15, 2025, 7:32:29 AM1/15/25
to Wazuh | Mailing List
Hi German.
Great that you were able to resolve it.
Regards!
Reply all
Reply to author
Forward
0 new messages