Hi there, great series. In this video you mentioned the clustering for filebeat and the indexers, can I ask where is it? I looked all your video but do not see it. Thanks alot
Hey Taylor. Sorry for the late question. I could see the load balancer is switching the connection, but will the dashboard work when the master node is switched off?. I was trying the clister installation and it says API not available when the master server node is powered off.
Hi man! Very appreciate your works on this video. Just wondering, is there any way to make the Master nodes HA? I saw no HA on the nodes except the Workers. Cheers mate!
Hey Aaron, clustering of the masters could be done with keepalived: www.redhat.com/sysadmin/keepalived-basics This allows you to create a virtual IP that both master nodes share, if one node goes down. the other node gets assigned the virtual IP. Great tool for HA!
Hi Taylor, what´s up!? I have a question.... What´s the best scenario when you plan to start with 1000 Windows Server agents and scale up to 10000 servers? What would be the ideal number of master nodes and workers and its resources (vCPU, Storage, Memory). Thank you, your videos are amazing.
Hey Ricardo, I'd recommend starting with a 2 node cluster (one master and one worker). 6 Cores, 6GB mem, and 150GB disk should be a good starting point. Make sure you rotate the alerts.json logs (/var/ossec/logs/alerts/2022/*) frequently or you risk running out of room on disk which impacts the ability for storing this logs into Elasticsearch. As you start to grow, you can add a new worker node to the cluster with no downtime. If you would like our Professional Services assistance, shoot me an email at taylor.walton@socfortress.co Thanks for watching and happy defending :)
@@taylorwalton_socfortress thank you so much for the tips and information. You're doing a great job and you've certainly helped the opensource community a lot.
Hey Gabriel, For creating a cluster of Wazuh Managers you do not need re create the backend infrastructure (Elasticsearch and Kibana). The Wazuh Managers will point to the same Elasticsearch server or cluster of Elasticsearch servers. For example, if I were to stand up a new environment, I would create a Wazuh Manager, Elasticsearch, Kibana, and Filebeat. Now If I want to add another Wazuh Manager to the cluster, I would just create a Wazuh Manager and Filebeat. No need to create a new Elasticsearch and Kibana server, but we need to make sure the Filebeat service on the new Wazuh Manager points to the Elasticsearch server we previously created. Hope that helps but let me know if you have any further questions. Thanks for watching!
@@taylorwalton_socfortress thank you very much for the answer, I will use this to plan in the future! I'm currently using ansible to deploy a cluster with 2 wazuh nodes (manager and worker), 3 ODFE and a kibana + ODFE. I provisioned this infrastructure with Vagrant, all very quickly. I think this is a good idea for a video! Thank again!!
@@gabrielguedes197 Hey Gabriel, I appreciate the recommendation and I am glad I could help. I will add your recommendation to the list :) Thanks for watching!
Hi there, great series.
In this video you mentioned the clustering for filebeat and the indexers, can I ask where is it? I looked all your video but do not see it.
Thanks alot
Hey Taylor. Sorry for the late question. I could see the load balancer is switching the connection, but will the dashboard work when the master node is switched off?. I was trying the clister installation and it says API not available when the master server node is powered off.
Hi man! Very appreciate your works on this video. Just wondering, is there any way to make the Master nodes HA? I saw no HA on the nodes except the Workers.
Cheers mate!
Hey Aaron, clustering of the masters could be done with keepalived: www.redhat.com/sysadmin/keepalived-basics
This allows you to create a virtual IP that both master nodes share, if one node goes down. the other node gets assigned the virtual IP. Great tool for HA!
@@taylorwalton_socfortress please try to make a video on HA of wazuh and elasticsearch.
can this be automated if its done using kubernetes setup?
Hi Taylor, what´s up!? I have a question.... What´s the best scenario when you plan to start with 1000 Windows Server agents and scale up to 10000 servers? What would be the ideal number of master nodes and workers and its resources (vCPU, Storage, Memory). Thank you, your videos are amazing.
Hey Ricardo, I'd recommend starting with a 2 node cluster (one master and one worker). 6 Cores, 6GB mem, and 150GB disk should be a good starting point. Make sure you rotate the alerts.json logs (/var/ossec/logs/alerts/2022/*) frequently or you risk running out of room on disk which impacts the ability for storing this logs into Elasticsearch. As you start to grow, you can add a new worker node to the cluster with no downtime.
If you would like our Professional Services assistance, shoot me an email at taylor.walton@socfortress.co
Thanks for watching and happy defending :)
@@taylorwalton_socfortress thank you so much for the tips and information. You're doing a great job and you've certainly helped the opensource community a lot.
Are you using all in one installation to deploy this two?
Hey Gabriel,
For creating a cluster of Wazuh Managers you do not need re create the backend infrastructure (Elasticsearch and Kibana). The Wazuh Managers will point to the same Elasticsearch server or cluster of Elasticsearch servers.
For example, if I were to stand up a new environment, I would create a Wazuh Manager, Elasticsearch, Kibana, and Filebeat. Now If I want to add another Wazuh Manager to the cluster, I would just create a Wazuh Manager and Filebeat. No need to create a new Elasticsearch and Kibana server, but we need to make sure the Filebeat service on the new Wazuh Manager points to the Elasticsearch server we previously created.
Hope that helps but let me know if you have any further questions.
Thanks for watching!
@@taylorwalton_socfortress thank you very much for the answer, I will use this to plan in the future! I'm currently using ansible to deploy a cluster with 2 wazuh nodes (manager and worker), 3 ODFE and a kibana + ODFE. I provisioned this infrastructure with Vagrant, all very quickly. I think this is a good idea for a video! Thank again!!
@@gabrielguedes197 Hey Gabriel, I appreciate the recommendation and I am glad I could help. I will add your recommendation to the list :)
Thanks for watching!
Thank you for tutorial
You're welcome 😊
Como realizo o desbloqueio do ip, que foi banido?
Hey Marcio, apologies but can you ask the question in English and I’d be happy to help :)
@@taylorwalton_socfortress oh, sorry,sorry.