Two queries

140 views
Skip to first unread message

Rabail Naseer

unread,
Jun 29, 2021, 2:54:02 AM6/29/21
to Wazuh mailing list
Hi Team,

I have two queries.
1) first one is, is that possible to add some comments on wazuh dashboard security alerts to highlight that alert for later review or separate the alert from other alerts for later review.

2) second is my wazuh dashboard taking so much time to load on the browser , so I stop the services of elasticsearch ,wazuh manager ,filebeat and kibana and than start the services but services is now unable to start due to the error below. snapshot of error is also attached below.
error is Authorization not available. Check if polkit service is running or see debug message for more information. 
Note: There is no any space issue and wazuh even not receiving too much logs .
polkit.png

Federico Rodriguez

unread,
Jun 29, 2021, 8:00:12 AM6/29/21
to Wazuh mailing list
Hi!

1- Unfortunately it's not possible to add comments to Wazuh Dashboards or highlight one alert for later review. Feel free to open an issue in Wazuh repository suggesting the feature.

2- You can run systemctl status polkit to check if polkit is running and in case it is not, try to start it up again running systemctl start polkit  and retry to start the stack services

Rabail Naseer

unread,
Jun 30, 2021, 1:16:19 AM6/30/21
to Wazuh mailing list
Hi

Thank you for responding
I have started the polkit service and than all other services but the elasticsearch service is not starting 

Here is the snapshot for better understandingelastic failed.png

Rabail Naseer

unread,
Jul 1, 2021, 1:00:58 AM7/1/21
to Wazuh mailing list
please respond on my email. I need help to trouble shoot this issue 

Federico Rodriguez

unread,
Jul 1, 2021, 10:37:28 AM7/1/21
to Wazuh mailing list
Hi! sorry for the delay. The polkit error message refers to a centos daemon which grants certain priviliges to processes.

If you checked polkit is already running we need to gather more information on elasticsearch logs.
Can you check /var/log/elasticsearch/ to verify any error messages?

Also can you please provide how did you install elk and wazuh? did you follow the all-in-one guide?
Thanks!

Federico Rodriguez

unread,
Jul 1, 2021, 11:39:53 AM7/1/21
to Wazuh mailing list
If you need more information about elastic logs you can check elastic docs as its location may differ according to the environment  
https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html

Federico Rodriguez

unread,
Jul 5, 2021, 12:22:31 PM7/5/21
to Wazuh mailing list
Hi! I was wondering if you were able to solve the issue. Do you still need assistance?
Reply all
Reply to author
Forward
0 new messages