Installation alternativesInstalling Wazuh with Elastic StackAll-in-one deployment

[Milan Patel]

Hello,

Hope you are doing well.

I have installed OVA recently and now I am trying to install Elastic on that by following this article but getting this error.

Article - https://documentation.wazuh.com/current/deployment-options/elastic-stack/all-in-one-deployment/index.html

Error I am getting.

Can you please help me to resolve it.

Also what is different between Wazuh and wazuh with kibana/elasticsearch ?

[Mateo Cervilla]

Hi,

About your issue:

The OVA you installed contains the following components:

• CentOS 7

• Wazuh manager 4.3.10

• Wazuh indexer 4.3.10

• Filebeat-OSS 7.10.2

• Wazuh dashboard 

So it is not necessary to install Elastic. It is not worth using the OVA if you are going to uninstall and install half of the modules.

But if you want to install it anyway, I would recommend you to make a clean installation of it, following the documentation you mentioned before.

As far I can see on the image you shared, you have some issues with the certificates.

If you want to continue with this installation, make sure you followed the steps correctly (mainly here) and the Wazuh Indexer was uninstalled before.

About Wazuh and Elastic Stack:

OpenSearch/Wazuh-Indexer is a package that contains ElasticSearch plus extra add-ons totally free, it works with the Dashboard/Wazuh-Dashboard which is Kibana with extra free add-ons also.
So basically here we are talking about Free vs Non-Free options.

Both options are production-ready products, reliable, and have a good team to support them. Regarding features we would need to check our needs and our budget, not always more is better, but sometimes less is. 

If you can afford the Platinum or Enterprise license of ELK, would be a great option, not only all features but also support to help you get on track.

 Check the official OpenSearch site for answers to other questions about OpenSearch.

Check Elastic stack features as well, they even have Getting Started videos (you must register first).

Both are great options, if you are starting, I would go with OpenSearch, moving to ElasticStack is possible in the future if it's really needed, but not the other way around, migrating from Elastic Stack to OpenSearch is quite simple but it's not feasible the other way around.

I hope a helped you, let me know if you need more help with this.

Regards,

Mateo

[Milan Patel]

The reason for that is I want to see network monitoring tab in wazuh I saw people who has elastic search wazuh has that tab . Can we get that kind of that on Wazuh OVA. I am using softflowd on pfsense fw to send network activity to wazuh but I can not see that activity on wazuh end. Just little bit confuse with all this.

How to deploy kibana on wazuh ova ?

thanks

[Mateo Cervilla]

Hi,

Can you give me an example of the network monitoring tab you mentioned?

Here there is the documentation for installing Kibana with Wazuh:

• https://documentation.wazuh.com/current/deployment-options/elastic-stack/distributed-deployment/kibana/index.html