ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Wazuh Manager Install - Ubuntu

    IT Discussion
    wazuh ubuntu linux wazuh-manager
    2
    3
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by IRJ


      Pull down latest repository updates


      sudo apt update
      

      Install curl, apt-transport-https, and lsb-release


      sudo apt install curl
      sudo apt install apt-transport-https
      sudo apt install lsb-release
      

      Create symbolic link to python


      if [ ! -f /usr/bin/python ]; then ln -s /usr/bin/python3 /usr/bin/python; fi
      
      

      Install GPG Key


      curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
      

      Add repository


       echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
      

      Pull down latest package information


      apt update
      

      Install wazuh


      apt install wazuh-manager
      

      Confirm Wazuh is running


       systemctl status wazuh-manager
      

      Install Wazuh API



      Add Node JS repository


      curl -sL https://deb.nodesource.com/setup_8.x | bash -
      

      Install Node JS


      sudo apt install nodejs
      

      Install Wazuh API


      sudo apt install wazuh-api
      

      Check status


       sudo systemctl status wazuh-api
      

      Disable Wazuh automatic updates


      sudo sed -i "s/^deb/deb/" /etc/apt/sources.list.d/wazuh.list
      sudo apt update
      

      Install GPG keys and add repository


      curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
      echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list
      

      APT Update


      sudo apt update
      

      Install Filebeat


      sudo apt install filebeat=6.7.1
      

      Download Filebeat config file to forward logs


      sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml
      
      

      Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1)


      sed -i 's/YOUR_ELASTIC_SERVER_IP/127.0.0.1/' /etc/filebeat/filebeat.yml
      

      Start Filebeat service and configure it to automatically start at boot


      sudo systemctl daemon-reload
      sudo systemctl enable filebeat.service
      sudo systemctl start filebeat.service
      

      Disable Elasticsearch repository updates


      sudo sed -i "s/^deb/deb/" /etc/apt/sources.list.d/elastic-6.x.list
      sudo apt update
      
      
      1 Reply Last reply Reply Quote 3
      • wirestyle22W
        wirestyle22
        last edited by wirestyle22

        A few things:

        The manager label is wrong. It says manger instead of manager.

        @IRJ said in Wazuh Manager Install - Ubuntu:

        Install Filebeat

        There are two entries for "Install Filebeat"

        I tried to install Filebeat going command by command and it can't find it.

        IRJI 1 Reply Last reply Reply Quote 1
        • IRJI
          IRJ @wirestyle22
          last edited by IRJ

          @wirestyle22 said in Wazuh Manager Install - Ubuntu:

          A few things:

          The manager label is wrong. It says manger instead of manager.

          @IRJ said in Wazuh Manager Install - Ubuntu:

          Install Filebeat

          There are two entries for "Install Filebeat"

          I tried to install Filebeat going command by command and it can't find it.

          Thanks I fixed the guide.

          What you need to do is this:

          #***********************************************************
          #Install GPG keys and add repository
          #***********************************************************
          
          curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
          echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list
          
          #***********************************************************
          # APT Update
          #***********************************************************
          
          sudo apt update
          
          #***********************************************************
          #Install Filebeat
          #***********************************************************
          sudo apt install -y filebeat=6.7.1
          
          #***********************************************************
          #Download Filebeat config file to forward logs
          #***********************************************************
          
          sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml
          
          
          #***********************************************************
          #Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1)
          #***********************************************************
          
          sed -i 's/YOUR_ELASTIC_SERVER_IP/192.168.122.181/' /etc/filebeat/filebeat.yml
          
          #***********************************************************
          #Start Filebeat service and configure it to automatically start at boot
          #***********************************************************
          sudo systemctl daemon-reload
          sudo systemctl enable filebeat.service
          sudo systemctl start filebeat.service
          

          make sure to change 192.168.122.181 with your ip or localhost if you are using a single server for wazuh and ELK

          1 Reply Last reply Reply Quote 1
          • 1 / 1
          • First post
            Last post