It sucks that you cant create rules by group yet. The devs have submitted a feature request for it on my behalf so hopefully soon

@wirestyle22 said in Wazuh Manager Install - Ubuntu: A few things: The manager label is wrong. It says manger instead of manager. @IRJ said in Wazuh Manager Install - Ubuntu: Install Filebeat There are two entries for "Install Filebeat" I tried to install Filebeat going command by command and it can't find it. Thanks I fixed the guide. What you need to do is this: #*********************************************************** #Install GPG keys and add repository #*********************************************************** curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list #*********************************************************** # APT Update #*********************************************************** sudo apt update #*********************************************************** #Install Filebeat #*********************************************************** sudo apt install -y filebeat=6.7.1 #*********************************************************** #Download Filebeat config file to forward logs #*********************************************************** sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml #*********************************************************** #Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1) #*********************************************************** sed -i 's/YOUR_ELASTIC_SERVER_IP/192.168.122.181/' /etc/filebeat/filebeat.yml #*********************************************************** #Start Filebeat service and configure it to automatically start at boot #*********************************************************** sudo systemctl daemon-reload sudo systemctl enable filebeat.service sudo systemctl start filebeat.service make sure to change 192.168.122.181 with your ip or localhost if you are using a single server for wazuh and ELK

@JaredBusch said in Wazuh Agent Install - CentOS: Why are you disabling agent updates? Wazuh doesn't understand how to maintain their own repository, so when OSSIM updates their stuff, it breaks Wazuh. It's silly, easily fixable, and I don't have the time to maintain the thing myself.

@JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @scottalanmiller said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests: OK. I found I could run yum install java-1.8.0-openjdk to install version 8. After that, I was able to install logstash successfully. Is there a reason that you want an old version? Also wtf are you using yum for? It's wazuh's documentation. They have specific repos for other things too. Not sure why they are still using yum instead of dnf. Pull your head out of your ass and don't blindly type what any guide says. Even one of mine. If you are using Fedora, you use dnf period. Yes, currently Fedora still has a reroute/alias for it to dnf, but you should not assume it will be there. #chilloutbro You can leave off the first part of that sentence and still provide a constructive answer. You need to think, and you, clearly, are not. So yeah, perfectly fitting. So if I didn't know, it has nothing to do with not thinking. I just didn't know. Now I do.

@IRJ said in Wazuh - Agents.Error. globalAgent is null: @wrx7m said in Wazuh - Agents.Error. globalAgent is null: I didn't get the error when looking at the list of agents today. Looks like the update or reboot of the Wazuh server fixed it. I know this is a necropost, but it's good to mention that mismatched version of manager and agent will almost always cause issues. It is recommended to comment out the repository until you are ready to update agents and manager at the same time. That is interesting. I have been upgrading some of the agents on Linux systems when they are released, and later, upgrading the server side (I comment out/disable the repos for the server side, per their docs).

@wrx7m said in Wazuh on Fedora 28: Thanks @JaredBusch That seems to have solved the initial problem. For other newbs - After disabling SELinux, you should reboot. Well, that depends on how you disable it.

After asking the Wazuh employee I had been speaking to about Kibana 5.6.3, the GitHub repo was updated to include it.