klein-projects/KleinDocs
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
KleinDocs/topics/KleinOps/apps/Wazuh.md
Rudi 96361dcaf3 Many doc updates
2025-03-02 13:15:10 +01:00

90 lines
2.1 KiB
Markdown
Raw Blame History

<primary-label ref="document"/>
# Wazuh (KleinServer)
Open Source Endpoint and Cloud Workload Protection platform that reports potential security threaths.
Wazuh unifies historically separate functions into a single agent and platform architecture.
Protection is provided for public clouds, private clouds, and on-premise data centers.
## ___________________
### Access through
[](https://wazuh.kleinwizard.nl)
[](https://192.168.1.2/)
### Troubleshooting
#### Check Server Resources
Ensure that the server running the Wazuh dashboard has sufficient CPU, memory, and disk space.
Inadequate resources can delay the startup process.
```
$ https://documentation.wazuh.com/current/quickstart.html#requirements
```
#### Check Wazuh Logs
##### Wazuh indexer
```
$ cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
```
##### Wazuh manager
```
$ cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
```
##### Wazuh dashboard
```
$ journalctl -u wazuh-dashboard
$ cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
```
##### Service Status
Verify that all necessary Wazuh services are running correctly. You can use the following commands to check the status:
```
1)
$ systemctl status wazuh-manager
or
$ systemctl status wazuh-manager|grep Active
2)
$ systemctl status wazuh-dashboard
or
$ systemctl status wazuh-dashboard|grep Active
3)
$ systemctl status wazuh-indexer
or
$ systemctl status wazuh-indexer|grep Active
4)
$ systemctl status filebeat
or
$ systemctl status filebeat|grep Active
5)
$ filebeat test output
```
#### Another common problem.
Wazuh-indexer may time out when starting the service and Wazuh-dashboard may not start.
This can happen if the service does not start in the time Linux expects it to. We can extend this time with the
following steps:
```
$ systemctl edit wazuh-indexer
```
and add the following lines
```
[Service]
TimeoutStartSec=180
```
Save the file and execute
```
$ systemctl daemon-reload
$ systemctl restart wazuh-indexer
$ systemctl restart wazuh-dashboard
```
<a href="FrontPage.md#shorts" >Shortcut to pages overview</a>
Reference in New Issue View Git Blame Copy Permalink