Wazuh dashboard server is not ready yet, update to 4.9
95 views
Skip to first unread message
Alx Ch
Nov 2, 2024, 10:14:20 AM11/2/24
to Wazuh | Mailing List
Hi, nation!
Ok, lets start one more tread about updates
Ive just upgraded from ver 4.8 to 4.9 (via apt get update). All-in-one installation.
And I caught "Wazuh dashboard server is not ready yet"
Ive read treads about this issue, but I didn't find a solution
I updated all the passwords with wazuh-passwords-tool.sh.
Now I have:
All services are running:
status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-11-02 16:27:53 MSK; 10min ago
Main PID: 6675 (node)
Tasks: 11 (limit: 19093)
Memory: 186.3M
CPU: 16.038s
CGroup: /system.slice/wazuh-dashboard.service
└─6675 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Nov 02 16:38:11 opensearch-dashboards[6675]: {"type":"log","@timestamp":"2024-11-02T13:38:11Z","tags":["info","savedobjects-service"],"pid":6675,"message":"Detected mapping change in \"properties.homepage\""}
systemctl status wazuh-manager.service
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running)
systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running)
Filebeat:
filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK
version: 7.10.2
curl -u admin:<pwd> -k https://127.0.0.1:9200/_cat/indices
All indices are green
curl -u admin:<pwd> -k https://127.0.0.1:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 780,
"active_shards" : 780,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 9,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 98.85931558935361
}
cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
~# ls -la /etc/wazuh-dashboard/certs/
total 20
dr-x------ 2 wazuh-dashboard wazuh-dashboard 4096 Nov 2 15:32 .
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard 4096 Nov 2 16:25 ..
-r-------- 1 wazuh-dashboard wazuh-dashboard 1204 Aug 11 2023 root-ca.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1704 Aug 11 2023 wazuh-dashboard-key.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1289 Aug 11 2023 wazuh-dashboard.pem
Ok, lets start one more tread about updates
Ive just upgraded from ver 4.8 to 4.9 (via apt get update). All-in-one installation.
And I caught "Wazuh dashboard server is not ready yet"
Ive read treads about this issue, but I didn't find a solution
I updated all the passwords with wazuh-passwords-tool.sh.
Now I have:
All services are running:
status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-11-02 16:27:53 MSK; 10min ago
Main PID: 6675 (node)
Tasks: 11 (limit: 19093)
Memory: 186.3M
CPU: 16.038s
CGroup: /system.slice/wazuh-dashboard.service
└─6675 /usr/share/wazuh-dashboard/node/bin/node /usr/share/wazuh-dashboard/src/cli/dist
Nov 02 16:38:11 opensearch-dashboards[6675]: {"type":"log","@timestamp":"2024-11-02T13:38:11Z","tags":["info","savedobjects-service"],"pid":6675,"message":"Detected mapping change in \"properties.homepage\""}
systemctl status wazuh-manager.service
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running)
systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running)
Filebeat:
filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK
version: 7.10.2
curl -u admin:<pwd> -k https://127.0.0.1:9200/_cat/indices
All indices are green
curl -u admin:<pwd> -k https://127.0.0.1:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 780,
"active_shards" : 780,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 9,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 98.85931558935361
}
cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
~# ls -la /etc/wazuh-dashboard/certs/
total 20
dr-x------ 2 wazuh-dashboard wazuh-dashboard 4096 Nov 2 15:32 .
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard 4096 Nov 2 16:25 ..
-r-------- 1 wazuh-dashboard wazuh-dashboard 1204 Aug 11 2023 root-ca.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1704 Aug 11 2023 wazuh-dashboard-key.pem
-r-------- 1 wazuh-dashboard wazuh-dashboard 1289 Aug 11 2023 wazuh-dashboard.pem
curl -XGET -k -u kibanaserver:<> "https://localhost:9200/_cluster/health"
{"cluster_name":"wazuh-cluster","status":"red","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":408,"active_shards":408,"relocating_shards":0,"initializing_shards":4,"unassigned_shards":374,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":51.908396946564885}
Any ideas?
Alx Ch
Nov 2, 2024, 12:05:23 PM11/2/24
to Wazuh | Mailing List
Ok, I fixed. I saw in logs i had an issue with .kibana_1 index, so
curl -k -XDELETE -u <USER>:<PASS> https://<IndexerIP>:9200/.kibana_1
systemctl restart wazuh-dashboard
But now there is another problem: All my saved searches, all my visualizations gone away. There is nothing. Empty.
Create your first visualization
Really?
суббота, 2 ноября 2024 г. в 17:14:20 UTC+3, Alx Ch:
Emeka Michael Nzeopara
Nov 3, 2024, 10:42:38 PM11/3/24
to Wazuh | Mailing List
Hi Alx Ch,
Whenever the problem of the "Wazuh dashboard server is not ready yet", a way to go about it is to restart the Wazuh services. By doing this
sudo systemctl restart wazuh-*.service
Concerning the subsequent problem of losing all your visualization check out the procedure in this saved object for index pattern not found link.
Try out the procedure and if there are any other challenges kindly let us know
thank you
Whenever the problem of the "Wazuh dashboard server is not ready yet", a way to go about it is to restart the Wazuh services. By doing this
sudo systemctl restart wazuh-*.service
Concerning the subsequent problem of losing all your visualization check out the procedure in this saved object for index pattern not found link.
Try out the procedure and if there are any other challenges kindly let us know
thank you
Reply all
Reply to author
Forward
0 new messages