Hello Thank you for the video but something seems not to be working with my kibana. it started but no log was dropping as it's in your video. also checked list of service running and i didn't find it there with the specified port ""
Hey Marcio, I just uploaded the below video: th-cam.com/video/zooouuzyF-Y/w-d-xo.html&ab_channel=OpenSecure Take a look and let me know if you have any more questions. Distributed deployment coming soon as well. Thanks for watching :)
Very nice video I have tried the same.. its really useful But I have one question.. how to remove the agent from Kibana dashboard I have remove the agent package from the server Even after, the agent showing disconnected status in Kibana How to remove that ?
Hey, you can use a binary script provided by wazuh followed by the agent id. For example, if I wanted to remove agent id 001 I would run "/var/ossec/bin/manage_agents" Select Remove Agent and then input the agent id. This is ran on the wazuh-manager. Thanks for watching!
note: incase filebeat dialup fails (connect: "no route to host"), you need to disable firewalld(systemctl disable firewalld, stop firew...) on the elasticsearch cluster too. 🙃
I faced this issue and unfortunately disabled firewalld didn't help. :( I can ping between wazuh machine and elastic machine, I run simple web server on elastic machine and I can reach it from wazuh machine but all tries reaching elastic on 9200 (telnet, curl, nc) failed... Port is defined correctly. Any ideas how to solve this problem? EDIT: I've found solution - just add "discovery.type: single-node" in eleasticsearch.yml
Make sure you are pointing to the right host. On the server running kibana navigate to /usr/share/kibana/data/wazuh/config/wazuh.yml...scroll to the bottom of the file and ensure it is pointing to the right IP address where your wazuh manager is running
Thank you for taking your time to reply. my mistake was using http instead of https. This the only place where we have to use https according the video in wazuh.yml
Thanks for putting your time and effort into this.
Hello Thank you for the video but something seems not to be working with my kibana. it started but no log was dropping as it's in your video. also checked list of service running and i didn't find it there with the specified port ""
awesome! subbed!
Thanks for watching!
Thankss!
Make a video showing the installation of Elasticsearch & Kibana unattended installation in the version 4.1 documentation
Hey Marcio, good idea! I will add that to the queue! Thanks for watching:)
@@taylorwalton_socfortress Can I create Elasticsearch & Kibana, without first creating the Wazuh server?
Hey Marcio, I just uploaded the below video: th-cam.com/video/zooouuzyF-Y/w-d-xo.html&ab_channel=OpenSecure
Take a look and let me know if you have any more questions. Distributed deployment coming soon as well.
Thanks for watching :)
Yes, you can create a Elasticsearch and Kibana server first. You just need the Wazuh Manager server deployed before you start deploying Wazuh Agents.
@@taylorwalton_socfortress Thanks
Hello, how can I adionar another SLK to my manager Wazuh manager?
Very nice video
I have tried the same.. its really useful
But I have one question.. how to remove the agent from Kibana dashboard
I have remove the agent package from the server
Even after, the agent showing disconnected status in Kibana
How to remove that ?
Hey, you can use a binary script provided by wazuh followed by the agent id. For example, if I wanted to remove agent id 001 I would run "/var/ossec/bin/manage_agents" Select Remove Agent and then input the agent id. This is ran on the wazuh-manager.
Thanks for watching!
note: incase filebeat dialup fails (connect: "no route to host"), you need to disable firewalld(systemctl disable firewalld, stop firew...) on the elasticsearch cluster too. 🙃
I faced this issue and unfortunately disabled firewalld didn't help. :( I can ping between wazuh machine and elastic machine, I run simple web server on elastic machine and I can reach it from wazuh machine but all tries reaching elastic on 9200 (telnet, curl, nc) failed... Port is defined correctly. Any ideas how to solve this problem?
EDIT: I've found solution - just add "discovery.type: single-node" in eleasticsearch.yml
I got a wazuh api connection error in kibana dashboard
Make sure you are pointing to the right host. On the server running kibana navigate to /usr/share/kibana/data/wazuh/config/wazuh.yml...scroll to the bottom of the file and ensure it is pointing to the right IP address where your wazuh manager is running
Thank you for taking your time to reply. my mistake was using http instead of https. This the only place where we have to use https according the video in wazuh.yml