{"id":12399,"date":"2022-04-29T23:43:33","date_gmt":"2022-04-29T20:43:33","guid":{"rendered":"https:\/\/kifarunix.com\/?p=12399"},"modified":"2024-03-09T11:43:40","modified_gmt":"2024-03-09T08:43:40","slug":"install-and-configure-wazuh-manager-on-ubuntu-22-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-configure-wazuh-manager-on-ubuntu-22-04\/","title":{"rendered":"Install and Configure Wazuh Manager on Ubuntu 22.04"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to install and configure Wazuh Manager on Ubuntu 22.04. According to the <a href=\"https:\/\/documentation.wazuh.com\/current\/\" target=\"_blank\" rel=\"noreferrer noopener\">documentation<\/a>, <em>Wazuh is a free and open source platform for threat detection, security monitoring, incident response and regulatory compliance.<\/em><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#install-and-configure-wazuh-manager-on-ubuntu-22-04\">Install and Configure Wazuh Manager on Ubuntu 22.04<\/a><ul><li><a href=\"#install-elastic-stack-on-ubuntu-22-04\">Install Elastic Stack on Ubuntu 22.04<\/a><\/li><li><a href=\"#install-wazuh-manager-on-ubuntu-22-04\">Install Wazuh Manager on Ubuntu 22.04<\/a><\/li><li><a href=\"#integrate-wazuh-manager-with-elk-stack\">Integrate Wazuh Manager with ELK Stack<\/a><\/li><li><a href=\"#restart-kibana-elasticsearch-filebeat-ans-wazuh-manager\">Restart Kibana, Elasticsearch, Filebeat ans Wazuh-manager<\/a><\/li><li><a href=\"#accessing-kibana-web-interface\">Accessing Kibana Web Interface<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-and-configure-wazuh-manager-on-ubuntu-22-04\">Install and Configure Wazuh Manager on Ubuntu 22.04<\/h2>\n\n\n\n<p><em>Wazuh can be used to monitor endpoints, cloud services and containers, and to aggregate and analyze data from external sources. Wazuh provides the following capabilities<\/em>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Security Analytics<\/em><\/li>\n\n\n\n<li><em>Intrusion Detection<\/em><\/li>\n\n\n\n<li><em>Log Data Analysis<\/em><\/li>\n\n\n\n<li><em>File Integrity Monitoring<\/em><\/li>\n\n\n\n<li><em>Vulnerability Detection<\/em><\/li>\n\n\n\n<li><em>Configuration Assessment<\/em><\/li>\n\n\n\n<li><em>Incident Response<\/em><\/li>\n\n\n\n<li><em>Regulatory Compliance<\/em><\/li>\n\n\n\n<li><em>Cloud Security Monitoring<\/em><\/li>\n\n\n\n<li><em>Containers Security<\/em><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-elastic-stack-on-ubuntu-22-04\">Install Elastic Stack on Ubuntu 22.04<\/h3>\n\n\n\n<p>In order to fully utilize Wazuh manager capabilities and have a nice UI for visualization, Wazuh has to be integrated with Elastic Stack and to be precise, <strong>Kibana<\/strong>, for visualization, <strong>Elasticsearch<\/strong>, for data storage and search engine, <strong>Filebeat<\/strong> for collecting Wazuh manager event data and pushing them to Elasticsearch search engine.<\/p>\n\n\n\n<p>Thus, in order to install and configure Wazuh manager, you need to begin by setting up Elastic Stack; Kibana, Elasticsearch and Filebeat.<\/p>\n\n\n\n<p>According to the Wazuh <a href=\"https:\/\/documentation.wazuh.com\/current\/upgrade-guide\/compatibility-matrix\/index.html#components-compatibility\" target=\"_blank\" rel=\"noreferrer noopener\">components compatibility matrix page<\/a>, current stable release versions of Wazuh (<strong>v4.4.1<\/strong>) supports upto ELK 7.17.9 as of this writing.<\/p>\n\n\n\n<p>This should therefore guide us on the version of Elastic stack to deploy.<\/p>\n\n\n\n<p>To install Elastic Stack components on Ubuntu 22.04, proceed as follows.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Elastic Stack APT repositories on Ubuntu 22.04;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release gnupg2<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch \\\n| sudo gpg --dearmor -o \/etc\/apt\/trusted.gpg.d\/elastic.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/artifacts.elastic.co\/packages\/7.x\/apt stable main\" \\\n&gt; \/etc\/apt\/sources.list.d\/elastic-7.x.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Elasticsearch 7.17.9 on Ubuntu 22.04<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install elasticsearch=7.17.9<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure Elasticsearch<\/li>\n<\/ul>\n\n\n\n<p>By default, Elasticsearch should just work with the default settings by default. Feel free to check <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/settings.html\" target=\"_blank\" rel=\"noreferrer noopener\">Important Elasticsearch settings<\/a>.<\/p>\n\n\n\n<p>If Elasticsearch will need to be accessed by other external Beats, then you need to set the IP address and define whether to run in a multi node or single node cluster.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start and enable Elasticsearch to run on system boot;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now elasticsearch<\/code><\/pre>\n\n\n\n<p>Confirm the Elasticsearch port is opened;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 9200<\/code><\/pre>\n\n\n\n<p>You can check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status elasticsearch<\/code><\/pre>\n\n\n\n<p>You can check the logs if need be. By default, the logs are written to <strong><code>\/var\/log\/elasticsearch\/CLUSTER_NAME.log<\/code><\/strong>, where CLUSTER_NAME is <strong><code>elasticsearch<\/code><\/strong> by default. Thus, the default log file is <strong><code>\/var\/log\/elasticsearch\/elasticsearch.log<\/code><\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Kibana 7.17.9 on Ubuntu 22.04<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install kibana=7.17.9<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure Kibana<\/li>\n<\/ul>\n\n\n\n<p>To begin with, set the Kibana server IP address to allow external access. Usually, it only listens on loopback interface.<\/p>\n\n\n\n<p>For example, my server IP address is <code>192.168.56.124<\/code>. Thus, to configure Kibana to listen on this host IP address, run the command below (Be sure to change the address as per your setup environment).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '\/server.host:\/s\/^#\/\/;s\/localhost\/192.168.56.124\/' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>If you want to configure Kibana to listen on all interfaces, just use <code>0.0.0.0<\/code> instead of the IP above. For example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '\/server.host:\/s\/^#\/\/;s\/localhost\/0.0.0.0\/' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>We will use the other settings with the default values.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start and enable Kibana to run on system boot;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now kibana<\/code><\/pre>\n\n\n\n<p>Confirm the Kibana port is opened after a short while.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 5601<\/code><\/pre>\n\n\n\n<p>If need be, check <strong><code>syslog<\/code><\/strong> and <strong><code>\/var\/log\/kibana\/kibana.log<\/code><\/strong> log files.<\/p>\n\n\n\n<p>Open Kibana port on firewall;<\/p>\n\n\n\n<p>If using UFW, run;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 5601\/tcp<\/code><\/pre>\n\n\n\n<p>If using iptables;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -I INPUT -p tcp --dport 5601 -j ACCEPT<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables-save &gt; \/etc\/iptables\/rules.v4<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Filebeat on Ubuntu 22.04<\/li>\n<\/ul>\n\n\n\n<p>Filebeat is required to <em>forward Wazuh manager alerts and archived events to Elasticsearch<\/em>. You can install version 7.17.9, currently supported by Wazuh as of this writing, using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install filebeat=7.17.9 -y<\/code><\/pre>\n\n\n\n<p>Enable it to run on boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable filebeat<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-wazuh-manager-on-ubuntu-22-04\">Install Wazuh Manager on Ubuntu 22.04<\/h3>\n\n\n\n<p>Next, proceed to install Wazuh server\/manager on Ubuntu 22.04<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Wazuh APT Repository on Ubuntu 22.04<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -s https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH | \\\ngpg --dearmor &gt; \/etc\/apt\/trusted.gpg.d\/wazuh.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/packages.wazuh.com\/4.x\/apt stable main\" &gt; \/etc\/apt\/sources.list.d\/wazuh.list<\/code><\/pre>\n\n\n\n<p>Update the package information:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<p>Next, install Wazuh manager on Ubuntu 22.04.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install wazuh-manager<\/code><\/pre>\n\n\n\n<p>Once the installation is complete, you can start and enable Wazuh-manager to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now wazuh-manager<\/code><\/pre>\n\n\n\n<p>Open Wazuh Manager Port on Firewall. Usually, the Wazuh agents is set to communicate with Wazuh manager via TCP port 1514 by default. Thus, open port 1514\/tcp on Wazuh manager.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -A INPUT -p tcp --dport 1514 -j ACCEPT<\/code><\/pre>\n\n\n\n<p>Or<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 1514\/tcp<\/code><\/pre>\n\n\n\n<p>Also, allow port 1515\/tcp for agent registration;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -A INPUT -p tcp --dport 1515 -j ACCEPT<\/code><\/pre>\n\n\n\n<p>Or<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 1515\/tcp<\/code><\/pre>\n\n\n\n<p>Read more on <a href=\"https:\/\/documentation.wazuh.com\/current\/getting-started\/architecture.html#required-ports\" target=\"_blank\" rel=\"noreferrer noopener\">required ports<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"integrate-wazuh-manager-with-elk-stack\">Integrate Wazuh Manager with ELK Stack<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Wazuh Manager Kibana App plugin<\/li>\n<\/ul>\n\n\n\n<p>To install Wazuh manager\/server Kibana App, proceed as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R kibana: \/usr\/share\/kibana\/plugins<\/code><\/pre>\n\n\n\n<p>Ensure the plugin version to install is compatible with currently installed version of ELK stack as well as the Wazuh manager installed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-plugin install \\\nhttps:&#47;&#47;packages.wazuh.com\/4.x\/ui\/kibana\/wazuh_kibana-4.4.1_7.17.9-1.zip<\/code><\/pre>\n\n\n\n<p>Sample output of the installation;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nAttempting to transfer from https:\/\/packages.wazuh.com\/4.x\/ui\/kibana\/wazuh_kibana-4.4.1_7.17.9-1.zip\nTransferring 38527322 bytes....................\nTransfer complete\nRetrieving metadata from plugin archive\nExtracting plugin archive\nExtraction complete\nPlugin installation complete\n<\/code><\/pre>\n\n\n\n<p>Create Wazuh Kibana data directory and set the ownership to&nbsp;<code><strong>kibana<\/strong><\/code>&nbsp;user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/usr\/share\/kibana\/data<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R kibana: \/usr\/share\/kibana\/data<\/code><\/pre>\n\n\n\n<p>Restart Kibana;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart kibana<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure Filebeat for Wazuh Manager<\/li>\n<\/ul>\n\n\n\n<p>Make a backup of the default configuration file and replace it with the following configs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mv \/etc\/filebeat\/filebeat.{yml,stock}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/filebeat\/filebeat.yml &lt;&lt; 'EOL'\noutput.elasticsearch:\n  hosts: [\"localhost:9200\"]\nsetup.template.json.enabled: true\nsetup.template.json.path: '\/etc\/filebeat\/wazuh-template.json'\nsetup.template.json.name: 'wazuh'\nsetup.ilm.overwrite: true\nsetup.ilm.enabled: false\n\nfilebeat.modules:\n  - module: wazuh\n    alerts:\n      enabled: true\n    archives:\n      enabled: false\nlogging.level: info\nlogging.to_files: true\nlogging.files:\n  path: \/var\/log\/filebeat\n  name: filebeat\n  keepfiles: 7\n  permissions: 0644\nlogging.metrics.enabled: false\n\nseccomp:\n  default_action: allow\n  syscalls:\n  - action: allow\n    names:\n    - rseq\nEOL\n<\/code><\/pre>\n\n\n\n<p>Install Filebeat Wazuh Module:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO- https:\/\/packages.wazuh.com\/4.x\/filebeat\/wazuh-filebeat-0.2.tar.gz \\\n| tar -xz -C \/usr\/share\/filebeat\/module\/<\/code><\/pre>\n\n\n\n<p>Download and install Wazuh alerts Elasticsearch template:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -O \/etc\/filebeat\/wazuh-template.json \\\nhttps:&#47;&#47;raw.githubusercontent.com\/wazuh\/wazuh\/4.4\/extensions\/elasticsearch\/7.x\/wazuh-template.json<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod go+r \/etc\/filebeat\/wazuh-template.json<\/code><\/pre>\n\n\n\n<p>Test Filebeat config;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>filebeat test config<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Config OK<\/code><\/pre>\n\n\n\n<p>Test Filebeat Elasticsearch output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>filebeat test output<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>elasticsearch: http:\/\/localhost:9200...\n  parse url... OK\n  connection...\n    parse host... OK\n    dns lookup... OK\n    addresses: 127.0.0.1\n    dial up... OK\n  TLS... WARN secure connection disabled\n  talk to server... OK\n  version: 7.17.9\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"restart-kibana-elasticsearch-filebeat-ans-wazuh-manager\">Restart Kibana, Elasticsearch, Filebeat ans Wazuh-manager<\/h3>\n\n\n\n<p>The configuration is done! <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart elasticsearch kibana filebeat wazuh-manager<\/code><\/pre>\n\n\n\n<p>Checking the status of each service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status elasticsearch kibana filebeat wazuh-manager<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf elasticsearch.service - Elasticsearch\n     Loaded: loaded (\/lib\/systemd\/system\/elasticsearch.service; disabled; vendor preset: enabled)\n     Active: active (running) since Tue 2023-05-09 18:09:56 EAT; 3min 14s ago\n       Docs: https:\/\/www.elastic.co\n   Main PID: 2512 (java)\n      Tasks: 74 (limit: 4607)\n     Memory: 1.7G\n        CPU: 58.290s\n     CGroup: \/system.slice\/elasticsearch.service\n             \u251c\u25002512 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfi>\n             \u2514\u25002782 \/usr\/share\/elasticsearch\/modules\/x-pack-ml\/platform\/linux-x86_64\/bin\/controller\n\nMay 09 18:09:02 ubuntu22 systemd[1]: Starting Elasticsearch...\nMay 09 18:09:56 ubuntu22 systemd[1]: Started Elasticsearch.\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n kibana.service - Kibana\n     Loaded: loaded (\/etc\/systemd\/system\/kibana.service; disabled; vendor preset: enabled)\n     Active: active (running) since Tue 2023-05-09 18:09:02 EAT; 4min 31s ago\n       Docs: https:\/\/www.elastic.co\n   Main PID: 2506 (node)\n      Tasks: 11 (limit: 4607)\n     Memory: 415.1M\n        CPU: 24.582s\n     CGroup: \/system.slice\/kibana.service\n             \u2514\u25002506 \/usr\/share\/kibana\/bin\/..\/node\/bin\/node \/usr\/share\/kibana\/bin\/..\/src\/cli\/dist --logging.dest=\/var\/log\/kibana\/kibana.log --pid.file=\/run\/kibana\/kibana.pid \"--deprecation.skip_deprecate>\n\nMay 09 18:09:02 ubuntu22 systemd[1]: Started Kibana.\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.\n     Loaded: loaded (\/lib\/systemd\/system\/filebeat.service; disabled; vendor preset: enabled)\n     Active: active (running) since Tue 2023-05-09 18:09:02 EAT; 5min ago\n       Docs: https:\/\/www.elastic.co\/beats\/filebeat\n   Main PID: 2507 (filebeat)\n      Tasks: 9 (limit: 4607)\n     Memory: 31.9M\n        CPU: 360ms\n     CGroup: \/system.slice\/filebeat.service\n             \u2514\u25002507 \/usr\/share\/filebeat\/bin\/filebeat --environment systemd -c \/etc\/filebeat\/filebeat.yml --path.home \/usr\/share\/filebeat --path.config \/etc\/filebeat --path.data \/var\/lib\/filebeat --path.>\n\nMay 09 18:09:02 ubuntu22 systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf wazuh-manager.service - Wazuh manager\n     Loaded: loaded (\/lib\/systemd\/system\/wazuh-manager.service; disabled; vendor preset: enabled)\n     Active: active (running) since Tue 2023-05-09 18:09:16 EAT; 5min ago\n    Process: 2514 ExecStart=\/usr\/bin\/env \/var\/ossec\/bin\/wazuh-control start (code=exited, status=0\/SUCCESS)\n      Tasks: 126 (limit: 4607)\n     Memory: 502.4M\n        CPU: 51.901s\n     CGroup: \/system.slice\/wazuh-manager.service\n             \u251c\u25002780 \/var\/ossec\/framework\/python\/bin\/python3 \/var\/ossec\/api\/scripts\/wazuh-apid.py\n             \u251c\u25002824 \/var\/ossec\/bin\/wazuh-authd\n             \u251c\u25002846 \/var\/ossec\/bin\/wazuh-db\n             \u251c\u25002875 \/var\/ossec\/bin\/wazuh-execd\n             \u251c\u25002888 \/var\/ossec\/framework\/python\/bin\/python3 \/var\/ossec\/api\/scripts\/wazuh-apid.py\n             \u251c\u25002891 \/var\/ossec\/bin\/wazuh-analysisd\n             \u251c\u25002893 \/var\/ossec\/framework\/python\/bin\/python3 \/var\/ossec\/api\/scripts\/wazuh-apid.py\n             \u251c\u25002908 \/var\/ossec\/bin\/wazuh-syscheckd\n             \u251c\u25002926 \/var\/ossec\/bin\/wazuh-remoted\n             \u251c\u25003001 \/var\/ossec\/bin\/wazuh-logcollector\n             \u251c\u25003022 \/var\/ossec\/bin\/wazuh-monitord\n             \u2514\u25003034 \/var\/ossec\/bin\/wazuh-modulesd\n\nMay 09 18:09:11 ubuntu22 env[2514]: wazuh-remoted: Process 54267 not used by Wazuh, removing...\nMay 09 18:09:12 ubuntu22 env[2514]: Started wazuh-remoted...\nMay 09 18:09:12 ubuntu22 env[2514]: wazuh-logcollector: Process 54337 not used by Wazuh, removing...\nMay 09 18:09:13 ubuntu22 env[2514]: Started wazuh-logcollector...\nMay 09 18:09:13 ubuntu22 env[2514]: wazuh-monitord: Process 54353 not used by Wazuh, removing...\nMay 09 18:09:13 ubuntu22 env[2514]: Started wazuh-monitord...\nMay 09 18:09:13 ubuntu22 env[2514]: wazuh-modulesd: Process 54364 not used by Wazuh, removing...\nMay 09 18:09:14 ubuntu22 env[2514]: Started wazuh-modulesd...\nMay 09 18:09:16 ubuntu22 env[2514]: Completed.\nMay 09 18:09:16 ubuntu22 systemd[1]: Started Wazuh manager.\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-kibana-web-interface\">Accessing Kibana Web Interface<\/h3>\n\n\n\n<p>You can now access Kibana via the url&nbsp;<code><strong>http:\/\/&lt;server-IP-or-hostname&gt;:5601<\/strong><\/code>.<\/p>\n\n\n\n<p>On the UI, click <strong>Explore on my own<\/strong> and under the Kibana menu section, you should be able to see Wazuh App.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1870\" height=\"842\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app.png\" alt=\"Install and Configure Wazuh Manager on Ubuntu 22.04\" class=\"wp-image-16444\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app.png?v=1683646799 1870w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app-768x346.png?v=1683646799 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-app-1536x692.png?v=1683646799 1536w\" sizes=\"(max-width: 1870px) 100vw, 1870px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>When you click on the APP, you should see such dashboard.<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-dashboard.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1868\" height=\"872\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-dashboard.png\" alt=\"Install and Configure Wazuh Manager on Ubuntu 22.04\" class=\"wp-image-16445\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-dashboard.png?v=1683646836 1868w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-dashboard-768x359.png?v=1683646836 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/wazuh-kibana-dashboard-1536x717.png?v=1683646836 1536w\" sizes=\"(max-width: 1868px) 100vw, 1868px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>No agents are connected by default. However, there should be some default events already collected from the Wazuh manager.<\/p>\n\n\n\n<p>For example head over to <strong>Modules &gt; Security Events <\/strong>&gt;<strong>Dashboard or Events<\/strong>;<\/p>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1877\" height=\"2245\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard.png\" alt=\"Install and Configure Wazuh Manager on Ubuntu 22.04\" class=\"wp-image-16446\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard.png?v=1683646869 1877w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard-768x919.png?v=1683646869 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard-1284x1536.png?v=1683646869 1284w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/Wazuh-Elastic-Events-dashboard-1712x2048.png?v=1683646869 1712w\" sizes=\"(max-width: 1877px) 100vw, 1877px\" \/><\/figure><\/a><\/div>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/sample-wazuh-events.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1865\" height=\"897\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/sample-wazuh-events.png\" alt=\"Install and Configure Wazuh Manager on Ubuntu 22.04\" class=\"wp-image-12413\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/sample-wazuh-events.png?v=1651263833 1865w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/sample-wazuh-events-768x369.png?v=1651263833 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/04\/sample-wazuh-events-1536x739.png?v=1651263833 1536w\" sizes=\"(max-width: 1865px) 100vw, 1865px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>You can now go ahead and install Wazuh agents and start log collection from your end points.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/easy-way-to-install-wazuh-agents-on-ubuntu-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Easy Way to Install Wazuh Agents on Ubuntu\/Debian<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-wazuh-agent-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Wazuh Agent on Rocky Linux 8<\/a><\/p>\n\n\n\n<p>That marks the end of our tutorial on how to install and configure Wazuh manager on Ubuntu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/monitor-process-creation-events-on-windows-systems-using-wazuh-and-elk-stack\/\" target=\"_blank\" rel=\"noreferrer noopener\">Monitor Process Creation Events on Windows Systems using Wazuh and ELK stack<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elk-stack-8-x-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install ELK Stack 8.x on Ubuntu<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-basic-authentication-on-elk-stack\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable Basic Authentication on ELK Stack<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install and configure Wazuh Manager on Ubuntu 22.04. According to the documentation, Wazuh is a free and<\/p>\n","protected":false},"author":3,"featured_media":12415,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,121,34],"tags":[913,4958,4956,4412,4957,3824,1829],"class_list":["post-12399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-howtos","category-security","tag-elk","tag-elk-wazuh-manager","tag-install-wazuh-manager-on-ubuntu-22-04","tag-ubuntu-22-04","tag-ubuntu-22-04-wazuh-manager","tag-wazuh","tag-wazuh-manager","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12399"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=12399"}],"version-history":[{"count":9,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12399\/revisions"}],"predecessor-version":[{"id":20457,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/12399\/revisions\/20457"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12415"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=12399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=12399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=12399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}