2.3 KiB
Wazuh (KleinServer)
Open Source Endpoint and Cloud Workload Protection platform that reports potential security threaths. Wazuh unifies historically separate functions into a single agent and platform architecture. Protection is provided for public clouds, private clouds, and on-premise data centers.
___________________
Source
Website (https://wazuh.com/)
Docs (https://documentation.wazuh.com/current/index.html)
Access through
External URL (https://wazuh.kleinwizard.nl)
Internal URL (https://192.168.1.200:3020/)
Troubleshooting
Check Server Resources
Ensure that the server running the Wazuh dashboard has sufficient CPU, memory, and disk space. Inadequate resources can delay the startup process.
$ https://documentation.wazuh.com/current/quickstart.html#requirements
Check Wazuh Logs
Wazuh indexer
$ cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
Wazuh manager
$ cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
Wazuh dashboard
$ journalctl -u wazuh-dashboard
$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
Service Status
Verify that all necessary Wazuh services are running correctly. You can use the following commands to check the status:
1)
$ systemctl status wazuh-manager
or
$ systemctl status wazuh-manager|grep Active
2)
$ systemctl status wazuh-dashboard
or
$ systemctl status wazuh-dashboard|grep Active
3)
$ systemctl status wazuh-indexer
or
$ systemctl status wazuh-indexer|grep Active
4)
$ systemctl status filebeat
or
$ systemctl status filebeat|grep Active
5)
$ filebeat test output
Another common problem.
Wazuh-indexer may time out when starting the service and Wazuh-dashboard may not start. This can happen if the service does not start in the time Linux expects it to. We can extend this time with the following steps:
$ systemctl edit wazuh-indexer
and add the following lines
[Service]
TimeoutStartSec=180
Save the file and execute
$ systemctl daemon-reload
$ systemctl restart wazuh-indexer
$ systemctl restart wazuh-dashboard