issue with API?

[killmasta93]

Hi Currently not sure what happened restarted the server and when i see the error Health Check. Error connecting to API: 2001 - Unexpected end of JSON input

the i check the services all is running up so im confused to what happened?

root@wazuh:~# sudo lsof -i -P -n | grep LISTEN
systemd-r  564 systemd-resolve   13u  IPv4   15293      0t0  TCP 127.0.0.53:53 (LISTEN)
node       685          kibana   18u  IPv4  175548      0t0  TCP *:443 (LISTEN)
java       710   elasticsearch   80u  IPv6   18183      0t0  TCP 127.0.0.1:9600 (LISTEN)
java       710   elasticsearch   90u  IPv6   18227      0t0  TCP *:9650 (LISTEN)
sshd       814            root    3u  IPv4   20595      0t0  TCP *:22 (LISTEN)
sshd       814            root    4u  IPv6   20597      0t0  TCP *:22 (LISTEN)
master    1007            root   13u  IPv4   20731      0t0  TCP *:25 (LISTEN)
master    1007            root   14u  IPv6   20732      0t0  TCP *:25 (LISTEN)
python3   1300           ossec   20u  IPv4   21982      0t0  TCP *:55000 (LISTEN)
ossec-aut 1340            root    5u  IPv4   18073      0t0  TCP *:1515 (LISTEN)
ossec-rem 1467          ossecr    6u  IPv4   21027      0t0  TCP *:1514 (LISTEN)
java      2629   elasticsearch  336u  IPv6  166854      0t0  TCP 127.0.0.1:9300 (LISTEN)
java      2629   elasticsearch  346u  IPv6  167561      0t0  TCP 127.0.0.1:9200 (LISTEN)

Thank you

[AdriiiPRodri]

Hi @killmasta93,

Firstly I want to let you know that from Wazuh version 4.0 the API is automatically installed with Wazuh and the performance, capabilities, as well as the amount of API configuration options are greatly improved. We recommend upgrading to the latest stable version to have all these features plus several bug fixes. Having said this, I give you an upgrade guide as well as a guide where the 3.x endpoints and their equivalent in 4.x and the migration of the 3.x API to 4.x:

• Upgrade guide: https://documentation.wazuh.com/current/upgrade-guide/
• Migration from Wazuh API 3.x: https://documentation.wazuh.com/current/user-manual/api/equivalence.html
• Equivalence table: https://documentation.wazuh.com/current/user-manual/api/equivalence.html#equivalence-table

As for the error in 3.x, we are going to configure the Wazuh API in debug mode, for this we must modify the file /var/ossec/api/configuration/config.js, inside this we will look for the line:

config.logs = "info";

and we will replace it with:

config.logs = "debug";

After doing this we will restart the API:

systemctl restart wazuh-api

The next step is to execute a request to check if the API is working or if there is a problem:

curl -u foo:bar "https://localhost:55000?pretty"

The output should be something like this:

{
    "error": 0,
    "data": {
        "msg": "Welcome to Wazuh HIDS API",
        "api_version": "v3.13.2",
        "hostname": "wazuh",
        "timestamp": "Mon Dec 03 2018 00:36:13 GMT+0000 (UTC)"
    }
}

Finally, we will check the API log messages by executing the following command:

tail -n 50 /var/ossec/logs/api.log

If everything has worked correctly it means that the API is working correctly, we will check if the Wazuh APP still gives the same error and once it does we will run this command again to see the error in detail:

tail -n 50 /var/ossec/logs/api.log

I look forward to hearing from you so I can help you better, if you have any questions about this process, please do not hesitate to ask.

Best regards, Adrián Peña

[AdriiiPRodri]

Close this issue due to inactivity, feel free to re-open it again if necessary.

Kind regards

[killmasta93]

thanks for the reply, sorry for the late reply didnt get an email on the alert, what i ended up doing is to reinstall wazuh for now its working