Closed bn1980 closed 1 month ago
Hello. This error is expected when the Wazuh manager IndexerConnector module is not accessible to the Wazuh indexer. A few questions here:
docker-compose.yml
correctly?Personally, I deployed the Wazuh docker deployment changing the Wazuh dashboard port and I did not have any problems. Please, make sure you are changing the Wazuh dashboard port correctly in the docker-compose.yml
file.
Thanks for the reply @davidcr01
I simply changed the port in docker-compose.yml and that is all.
I cannot access the Wazuh UI at all. The errors keep generating until I shut the docket compose down.
But even with the port set to 443 I am receiving the same error.
Hello. Did you follow the official documentation of the Docker deployment?
Please, could you share the content of:
/etc/wazuh-indexer/opensearch.yml
of the Wazuh indexer container. You can access to it with the docker exec -it single-node-wazuh.indexer-1 bash
if your deployment is single-node./etc/wazuh-dashboard/opensearch-dashboards.yml
of the Wazuh dashboard container. You can access to it with the docker exec -it single-node-wazuh.dashboard-1 bash
if your deployment is single-node.docker logs single-node-wazuh.indexer-1
.Also, you can use the container IDs of your deployments instead of the names. You can get the container IDs with the docker ps -a
command.
FYI my opensearch.yml is in /usr/share/wazuh-indexer.
wazuh-indexer@wazuh:~$ pwd
**/usr/share/wazuh-indexer**
wazuh-indexer@wazuh:~$ cat opensearch.yml
network.host: "0.0.0.0"
node.name: "wazuh.indexer"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
discovery.type: single-node
http.port: 9200-9299
transport.tcp.port: 9300-9399
compatibility.override_main_response_version: true
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
wazuh-indexer@wazuh:~$
and opensearch_dashboards was in /usr/share/wazuh-dashboards/config/
wazuh-dashboard@wazuh:~/config$ pwd
**/usr/share/wazuh-dashboard/config**
wazuh-dashboard@wazuh:~/config$ cat opensearch_dashboards.
opensearch_dashboards.keystore opensearch_dashboards.yml
wazuh-dashboard@wazuh:~/config$ cat opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 5601
opensearch.hosts: https://wazuh.indexer:9200
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
wazuh-dashboard@wazuh:~/config$
Here is the log from wazuh indexer container https://logpaste.com/W5ARkp0y
Thank you for your help on this.
Hello.
$
or "
? Maybe the hash is incorrect and is making the trouble.curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u kibanaserver:kibanaserver -k
If you previously specified another password for these users (you changed the passwords), please change the commands.
I am having issues deploying wazuh-docker 4.7.4
I am running wazuh.dashboard on port 1443
But I am getting these errors.
Full log is here https://[logpaste.com/JCqAWAys](https://logpaste.com/JCqAWAys)