ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Wazuh Manager Install - Ubuntu

    IT Discussion
    wazuh ubuntu linux wazuh-manager
    2
    3
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by IRJ

      Pull down latest repository updates

      sudo apt update

      Install curl, apt-transport-https, and lsb-release

      sudo apt install curl
sudo apt install apt-transport-https
sudo apt install lsb-release

      Create symbolic link to python

      if [ ! -f /usr/bin/python ]; then ln -s /usr/bin/python3 /usr/bin/python; fi

      Install GPG Key

      curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -

      Add repository

       echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list

      Pull down latest package information

      apt update

      Install wazuh

      apt install wazuh-manager

      Confirm Wazuh is running

       systemctl status wazuh-manager

      Install Wazuh API

      Add Node JS repository

      curl -sL https://deb.nodesource.com/setup_8.x | bash -

      Install Node JS

      sudo apt install nodejs

      Install Wazuh API

      sudo apt install wazuh-api

      Check status

       sudo systemctl status wazuh-api

      Disable Wazuh automatic updates

      sudo sed -i "s/^deb/deb/" /etc/apt/sources.list.d/wazuh.list
sudo apt update

      Install GPG keys and add repository

      curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list

      APT Update

      sudo apt update

      Install Filebeat

      sudo apt install filebeat=6.7.1

      Download Filebeat config file to forward logs

      sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml

      Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1)

      sed -i 's/YOUR_ELASTIC_SERVER_IP/127.0.0.1/' /etc/filebeat/filebeat.yml

      Start Filebeat service and configure it to automatically start at boot

      sudo systemctl daemon-reload
sudo systemctl enable filebeat.service
sudo systemctl start filebeat.service

      Disable Elasticsearch repository updates

      sudo sed -i "s/^deb/deb/" /etc/apt/sources.list.d/elastic-6.x.list
sudo apt update
      1 Reply Last reply Reply Quote 3
      • wirestyle22W
        wirestyle22
        last edited by wirestyle22

        A few things:

        The manager label is wrong. It says manger instead of manager.

        @IRJ said in Wazuh Manager Install - Ubuntu:

        Install Filebeat

        There are two entries for "Install Filebeat"

        I tried to install Filebeat going command by command and it can't find it.

        IRJI 1 Reply Last reply Reply Quote 1
        • IRJI
          IRJ @wirestyle22
          last edited by IRJ

          @wirestyle22 said in Wazuh Manager Install - Ubuntu:

          A few things:

          The manager label is wrong. It says manger instead of manager.

          @IRJ said in Wazuh Manager Install - Ubuntu:

          Install Filebeat

          There are two entries for "Install Filebeat"

          I tried to install Filebeat going command by command and it can't find it.

          Thanks I fixed the guide.

          What you need to do is this:

          #***********************************************************
#Install GPG keys and add repository
#***********************************************************

curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list

#***********************************************************
# APT Update
#***********************************************************

sudo apt update

#***********************************************************
#Install Filebeat
#***********************************************************
sudo apt install -y filebeat=6.7.1

#***********************************************************
#Download Filebeat config file to forward logs
#***********************************************************

sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml


#***********************************************************
#Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1)
#***********************************************************

sed -i 's/YOUR_ELASTIC_SERVER_IP/192.168.122.181/' /etc/filebeat/filebeat.yml

#***********************************************************
#Start Filebeat service and configure it to automatically start at boot
#***********************************************************
sudo systemctl daemon-reload
sudo systemctl enable filebeat.service
sudo systemctl start filebeat.service

          make sure to change 192.168.122.181 with your ip or localhost if you are using a single server for wazuh and ELK

          1 Reply Last reply Reply Quote 1
          • 1 / 1
          • First post
            Last post