ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Wazuh Setup

    Scheduled Pinned Locked Moved IT Discussion
    6 Posts 3 Posters 522 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • notverypunnyN
      notverypunny
      last edited by

      Trying to use the docs here : https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/unattended/index.html

      Just trying to roll out a 2 server setup (one manager, one elasticstack / kibana) and it doesn't get past the "Initializing Kibana" step, it just appears to stick in a loop or something with as many lines of progress dots in the console as I'll let run.....

      I'm planning on using x.x.x.140 for the manager and x.x.x.141 for the elasticstack server.

      In the config I'm using the 141 IP for <elasticsearch_ip> and <kibana_ip>, 140 for the <wazuh_master_server_IP>

      When running

      bash ~/elastic-stack-installation.sh -k -n <node_name>

      I'm using the server's hostname as <node_name>

      The instructions specify that node_name should be the same as used in the config.yml, but I don't have any references to that in the config.yml....

      At this point I'm either missing something or losing my mind.... well honestly the options aren't mutually exclusive, but any info or help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • hobbit666H
        hobbit666
        last edited by

        I'll have a look tomorrow, I got one setup but on a single server.
        But might help.

        1 Reply Last reply Reply Quote 0
        • notverypunnyN
          notverypunny
          last edited by

          Followed the step by step instructions and it worked like a charm.... only problems I ran into was in the elasticsearch tuning section. curl didn't want to work correctly with http so had to use https with the -k switch to deal with the self-signed certs.

          1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller
            last edited by

            ElasticSearch is no longer open. I won't touch them. Look at OpenSearch now instead.

            notverypunnyN 1 Reply Last reply Reply Quote 0
            • notverypunnyN
              notverypunny @scottalanmiller
              last edited by

              @scottalanmiller said in Wazuh Setup:

              ElasticSearch is no longer open. I won't touch them. Look at OpenSearch now instead.

              Looks like they're already using elasticsearch-oss and opendistroforelasticsearch instead of the closed source stuff. https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-single-node-cluster

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @notverypunny
                last edited by

                @notverypunny said in Wazuh Setup:

                @scottalanmiller said in Wazuh Setup:

                ElasticSearch is no longer open. I won't touch them. Look at OpenSearch now instead.

                Looks like they're already using elasticsearch-oss and opendistroforelasticsearch instead of the closed source stuff. https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-single-node-cluster

                That's good.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post