New CFN is not working

[manuasir]

Hello @naresh519 ,

It'd be helpful if you could paste some description, error outputs, screenshots or anything that may help us to catch any possible error. I'll be waiting for your feedback.

Regards

[naresh519]

CFN is failed with below error on us-west-1 region.

and i had observed instance status checks were failing on Logastash and Kibana.

[manuasir]

Hello @naresh519 ,

Thanks for providing that information, it seems that something is going wrong with the AMIs. We will investigate that and will let you know about any solution. As a workaround, you can edit the AMIs IDs in the Mapping section and use your own ones. Sorry for the inconveniences.

Regards

[naresh519]

Thanks @manuasir

Kibana is not working even after applying AMI workaround.

[manuasir]

Hello @naresh519 ,

Did you wait a prudential time after deploying the infrastructure? Due to the app has to do the optimize bundles process, which takes a lot of time, the Kibana interface may appear to be down but it's just doing stuff in the background. It can even take more than 10 minutes.

Can you attach here some logs of the instance that you think it's failing?

Regards

[Dev393]

Hi @manuasir ,

Wazuh manager is not getting reported to Kibana , Kibana has elastic search instances and Kibana instance but it does not have wazuh manager.Here are the allowed ports.

[manuasir]

Hello @Dev393 ,

The image that you attached here looks correct to me, but I miss some inbounds there. The latest version adds the following:

Can you please attach here more information about it? Like:

• Filebeat service is running correctly

  systemctl status filebeat

• Wazuh logs

  /var/ossec/logs/ossec.log

• Screenshots of the Kibana app

Regards

[Dev393]

Thanks for the reply @manuasir , i terminated the old CFN and when i launched the same again could see kibana instance is out of service, post login in Kibana instance if i try to check the status of Kibana says unrecognized service.Can you please help on this.

[manuasir]

Hello @Dev393 ,

When you say that you're using the old CFN I assume that you're using the legacy-version branch. I just commited a few fixes to that branch. Just bring the latest changes:

git checkout legacy-version
git pull

Then, try to deploy using the updated wazuh_template.yml.

Let me know if that helps.

Regards

[Dev393]

Hi @manuasir ,

ami-0233214e13e500f77 is being used in eu-central region and ami-0ff8a91507f77f867 in northern virgnia, if i deploy the CFN in N virgina it works but when i do in frankfurt it does not work for Kibana.

Kibana service is getting stopped after starting. Can you please guide me here

[manuasir]

Hello @Dev393

This environment was implemented on N.California region. I will open a new issue for including new mappings with AMIs of different regions.

Regards

[Dev393]

Thanks @manuasir , i have another doubt In a single architecture how many agents can we use?

[Dev393]

Hi @manuasir , When I stopped the Kibana instance and started back, before stopping the instance Kibana UI was working fine , now it says 503 error.

Can you guide me here please.

[Dev393]

Hi @manuasir ,

I could see that in kibana yml file its mentioned that

elasticsearch.url: "IP:9200" server.port: 5601 server.host: "localhost" server.ssl.enabled: false logging.dest: /var/log/kibana/kibana.log

But i do have 3 different elasticsearch Instances, Is it fine to give any one of the IPs for kibana.yml file?

elasticsearch.url: "IP:9200

[manuasir]

Hello @Dev393, @naresh519

We've recently uploaded our template and scripts. Were you able to resolve this?

Regards

[manuasir]

Hi @naresh519 ,

This issue will be closed since it has no activity for the last month. Feel free to open a new issue whenever you may need it, we will be glad to help.

Regards