Wazuh on Elastic Cloud
692 views
Skip to first unread message
Ashit Kumar
Oct 4, 2017, 3:49:08 PM10/4/17
to Wazuh mailing list
I am trying to set up Wazuh on the Elastic Cloud. Is there a way i can recreate what comes with the Wazuhapp for kibana? ES Cloud does not permit installation of apps.
Thanks
Ash
Santiago Bassett
Oct 4, 2017, 8:26:42 PM10/4/17
to Ashit Kumar, Wazuh mailing list
Hi Ashit,
unfortunately I don't think Elastic Cloud allows users the installation of a Kibana plugin. You can always import dashboards and visualizations but I doubt you will be able to install the plugin. This means you won't be able to use features based on our integration with Wazuh API (e.g. to monitor agents status and configuration).
In any case I will reach Elastic team and try to learn if there is a way around this.
Best regards,
Santiago.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5e0d170f-9354-4cc0-9048-392e1a3a7c4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ashit Kumar
Oct 6, 2017, 10:33:18 AM10/6/17
to Wazuh mailing list
Thanks Santiago,
Could I use a local kibana instance and point it to the ES cluster?
Regards
Ash
alberto....@wazuh.com
Oct 17, 2017, 8:52:40 PM10/17/17
to Wazuh mailing list
Hello Ashit
I have built a trial cloud in https://cloud.elastic.co and then, I have used the credentials in one of my AWS machines with only Kibana installed and it works. I see the information of my Elastic cloud in my "local" kibana.
Hope it help.
Best regards,
Ashit Kumar
Oct 20, 2017, 9:52:45 AM10/20/17
to Wazuh mailing list
Albert,
I used the following kibana.yml but get an error
server.host: "10.10.10.10"
server.name: "kibana"
elasticsearch.url: "https://12333.....4354353.us-east-2.aws.found.io:9243"
elasticsearch.username: "kibanauser"
elasticsearch.password: "kibanapassword"
x.pack.security.enabled: true
The error I see is :
{"type":"log","@timestamp":"2017-10-20T13:50:08Z","tags":["warning","elasticsearch","admin"],"pid":26441,"message":"Unable to revive connection: https://3432....51.us-east-2.aws.found.io:9243/"}
{"type":"log","@timestamp":"2017-10-20T13:50:08Z","tags":["warning","elasticsearch","admin"],"pid":26441,"message":"No living connections"}
Could you share with me the config that worked?
Regards
Ash
alberto....@wazuh.com
Oct 27, 2017, 2:02:37 AM10/27/17
to Wazuh mailing list
Hello
The only difference I see in our configuration files is the server.host (I have 0.0.0.0 in order to allow access from all sites).
The error that you see is due to an incorrect start of the service.
Please check your connectivity with elastic cloud typing this in your console (Kibana instance):
The error that you see is due to an incorrect start of the service.
Please check your connectivity with elastic cloud typing this in your console (Kibana instance):
curl -u elastic:mypassword https://43avsdfsdfsdbsvse454h5e5.us-east-1.aws.found.io:9243/_cluster/health?pretty
the output must be like this:
{
"cluster_name" : "88aa2ce0e20af1b4f3a6d4b72dbc7325",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 38,
"active_shards" : 38,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 37,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 50.66666666666667
}Review your elastic search in order to find if it's not working or have any issue.
If Elastic and the connectivity with curl are ok, please verify if you have any process of Kibana running.
If Elastic and the connectivity with curl are ok, please verify if you have any process of Kibana running.
For stopping the service:
systemctl stop kibana
or
service kibana stop
For other proceses verification:
ps -xa | grep kibana
If kibana is running in any process, kill it with kill -9 number_of_process.
Now, verify your kibana.yml configuration. I saw nothing incorrect in the configuration that you have pasted.
Then, try to start the kibana service with:
systemctl start kibana
or
service kibana start
and verify that Kibana is listening in the 5601 port with
netstat -tunap | grep 5601
If nothing appears, please review the log file located in /var/log/kibana and let us know what is the content.
Hope it help.
BR
Alberto R.
Ashit Kumar
Nov 1, 2017, 3:38:40 PM11/1/17
to Wazuh mailing list
Thanks Alberto,
To round off the discussion, This is the configuration that works and is the most generalized
server.host: "0"
server.name: "kibana"
elasticsearch.url: "https://12333.....4354353.us-east-2.aws.found.io:9243"
elasticsearch.username: "kibanauser"
elasticsearch.password: "kibanapassword"
elasticsearch.ssl.verificationMode: none
When started, this pops up a request for credentials. Any valid credentials work at that point.
The elasticsearch.ssl.verificationMode is required if you are using a reverse proxy that terminates the ssl session for inspection and recrypts with a self signed certificate.
Cheers
Ash
Reply all
Reply to author
Forward
0 new messages