Re: ERROR: The wazuh-alerts template could not be inserted into the Wazuh indexer cluster.

[Ariel Maximiliano Martin]

Hi Dominik!

Let me have a look at your logs and get back to you ASAP.

On Thursday, August 1, 2024 at 9:38:11 AM UTC-3 Dominik Górniak wrote:

I install WAZUH Indexer 4.8.1-1 with documentation from page https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/installation-assistant.html. 

Ater run "the Wazuh installation assistant" with option --start-cluster

"bash wazuh-install.sh --start-cluster" i have information about error " ERROR: The wazuh-alerts template could not be inserted into the Wazuh indexer cluster."

My Wazuh instalation  is "1-Node instalation" with structure Wazuh Indexer (Serwer-1, IP 192.168.131.200) Wazuh Manger (Serwer-2, IP 192.168.131.201), Wazuh Dashboard (Serwer-2, IP 192.168.131.201). Serwers Operating Systems  are Ubuntu 24.04 LTS Serwer.

[Ariel Maximiliano Martin]

Hi! So the log doesn´t give much information about what's going on. What looks odd is that there is a half an hour gap between the error message and the previous one. I will have to look at the script and see what it is doing all that time. Meanwhile, it wouldn´t hurt if you checked for firewall issues. This error has been reported before and in some occasions a firewall was preventing a file from being downloaded from github. If by any chance that happens to be the case, please let us know. I will check the script, run some tests and get back to you.

[Ariel Maximiliano Martin]

Ok, I'm setting up a test lab myself to solve this.

On Thursday, August 1, 2024 at 5:10:49 PM UTC-3 Dominik Górniak wrote:

Tomorrow I will add an attachment with all file "wazuh-cluser.log". Maybe it helps resolved my problem.

czwartek, 1 sierpnia 2024 o 22:04:56 UTC+2 Dominik Górniak napisał(a):

After many failed attempts to use the script ""bash wazuh-install.sh --start-cluster" in my lab environment, I use the command "Sudo ufw disable". 

After that I use command "nc -zv 192.68.131.200 1-10000 | grep -v "refused""

to check open ports required by Wazuh (443. 9200, 9300). These ports are open.

Result after these operations was negative. 

By the way, on this server always perfectly work commands "apt update,apt upgrade or apt install "something".

[Ariel Maximiliano Martin]

Ok Dominik, I'm trying to replicate the issue.

On Monday, August 5, 2024 at 4:03:12 AM UTC-3 Dominik Górniak wrote:

I'm adding an attachment with "config.yml".  Maybe it helps resolved my problem.

piątek, 2 sierpnia 2024 o 15:26:32 UTC+2 Dominik Górniak napisał(a):

I'm adding an attachment with the entire "wazuh-cluser.log" file, as I planned yesterday.

Have a great weekend.

[Ariel Maximiliano Martin]

Your config.yml doesn´t look bad. I ran a test on Ubuntu 24.04 LTS. with only different ip addresses and everything went ok. I am analyzing the script to try to find the problem and I've asked the team for help to see if they can give some different insight. Have you tried step by step installation? It could help pinpoint the step in which the script fails.

[Ariel Maximiliano Martin]

Let's continue this in the github issue then.

On Monday, August 5, 2024 at 3:15:28 PM UTC-3 Dominik Górniak wrote:

I will try instalation step-by-step at work in  VMware ESXi vitrual environment.  In case of problems with the configuration, I will put the configuration files in this topic.

[Ariel Maximiliano Martin]

Thank you Dominik. We are analyzing the error.

On Tue, Aug 6, 2024 at 5:42 AM Dominik Górniak <janow...@gmail.com> wrote:

I got an error during my installation of wazuh-indexer step-by-step:

root@node-1:/etc/wazuh-indexer/certs# systemctl daemon-reload
root@node-1:/etc/wazuh-indexer/certs# systemctl enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.

root@node-1:/etc/wazuh-indexer/certs# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details.

All the steps of my installation are at www: 

https://github.com/wazuh/wazuh/issues/24987

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/tOHFILyvpHc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/10f26e77-d4c9-41c9-9f96-2cbd67758bban%40googlegroups.com.