KleinDocs/topics/KleinOps/apps/Wazuh.md

<primary-label ref="document"/>

# Wazuh

Endpoint and Cloud Workload Protection
Wazuh unifies historically separate functions into a single agent and platform architecture.
Protection is provided for public clouds, private clouds, and on-premise data centers.
## ___________________

### Troubleshooting

#### Check Server Resources

Ensure that the server running the Wazuh dashboard has sufficient CPU, memory, and disk space. 
Inadequate resources can delay the startup process.
```
$ https://documentation.wazuh.com/current/quickstart.html#requirements
```
#### Check Wazuh Logs
##### Wazuh indexer
```
$ cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
```

##### Wazuh manager
```
$ cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
```

##### Wazuh dashboard
```
$ journalctl -u wazuh-dashboard
$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
```

##### Service Status 

Verify that all necessary Wazuh services are running correctly. You can use the following commands to check the status:
```
1)
$ systemctl status wazuh-manager 
or 
$ systemctl status wazuh-manager|grep Active

2)
$ systemctl status wazuh-dashboard 
or 
$ systemctl status wazuh-dashboard|grep Active

3)
$ systemctl status wazuh-indexer 
or 
$ systemctl status wazuh-indexer|grep Active

4)
$ systemctl status filebeat 
or 
$ systemctl status filebeat|grep Active

5)
$ filebeat test output
```

#### Another common problem. 

Wazuh-indexer may time out when starting the service and Wazuh-dashboard may not start. 
This can happen if the service does not start in the time Linux expects it to. We can extend this time with the 
following steps:

```
$ systemctl edit wazuh-indexer 
```
and add the following lines

```
[Service]  
TimeoutStartSec=180  
```

Save the file and execute
```
$ systemctl daemon-reload  
$ systemctl restart wazuh-indexer  
$ systemctl restart wazuh-dashboard
```

<a  href="FrontPage.md#shorts" >Shortcuts to pages</a>