Yes, you are right

Yup that should get you up and running.

I'm no expert, but I believe it won't overwrite. I think it only overwrites if the files have the same name. Using $t can be useful

Yes it will overwrite. Adding $h or $t will add date and time which would be recommended if you needed multiple versions. I have seen some issues with Cisco IOS XE images that struggle with those variables. You could do tftp://ip_of_tftp_server/$h__$t (which would add hostname and time stamp) Hope that helps and thank you @deenthebean1337 for helping commenting!

Glad to help!

Thanks for the comment and correction!

So you’re going to host Wazuh on the internet? I would not recommend that.

I have been using opensearch. If you need elastic search I believe you can find install instructions on the Wazuh site

Glad I could help you! Hope your internship goes well!

Plz share how to add machine in wazuh server ​@@unreal-labs

@@unreal-labs Thank you Unreal, The -a option you did was great genious!! I couldn;t find this in documentation actually all of it! You did with such an easy way out of the box..Thank you. Also, i think we should first change our ip to static so that it remains the same

Yeah that series did not turn out. Going to stick with shorter content. Thanks for the comment.

Thanks for the comment.

@@unreal-labs enjoyed the tutorial. Made use of wazuh quickly.

@@baronhelmut2701 Appreciate the tip and glad you could use the video!

It's just a lab environment. I do use ssh in production. Thanks for the question!!

I am running Hyper-V server, CPU i9 and 64Gigs of ram. It's just a workstation with Windows 2022 installed.

Glad it helped

Very welcome!

Not sure I understand, but you should be able to ssh into the box or use the Wazuh interface. What other tool are you wanting to integrate?

I will be focusing on more Wazuh videos moving forward.

You're very welcome!

Glad it helped!

Are you running a firewall on your linux machine? You might check if UFW is running. run "sudo ufw status" to check if the firewall is enabled and "sudo ufw disable" to turn it off.

@@unreal-labs I checked and it showed inactive. I just dont know why i cant add agent on my server. I do follow every instruction, but my authen key just doesnt show up. Could you help me with this pls

I am not sure, let me do some research. Still not finding a good way to get the report into a pdf format. Maybe creating a custom report. Not ideal.

Wazuh email alerts do not support SMTP servers with authentication such as Gmail. You will need to setup a server relay, like Postfix to send these emails. I have linked to a Wazuh documentation page. documentation.wazuh.com/current/user-manual/manager/manual-email-report/smtp-authentication.html I use a local Postfix instance to send alerts, at other places I have used IIS SMTP to forward alerts to Office365 or Gmail. Thanks for the comment!

@@unreal-labs Thanks a ton!!

I can’t figure out how to get to that security events page on my instance. I have the latest wazuh 4.8.2 installed but I don’t see that page anywhere

Glad you liked the video!

Glad it was helpful!

Glad you like them!

The config.yml file should be in the wazuh-install-files.tar that was downloaded, but glad you got around it. Thanks for the comment!

Those are great ideas for new content. Let me see what I can get done. Thanks for the comment and suggestions.

I have seen this when the gui package update manager is running. You might run all the missing updates for your distro and try again.

You are welcome, glad to help!

Sure nice to have in the winter! Helps warm the office up.

Yes, you can load another running-config or startup-config into a new switch either by TFTP, FTP, or SCP. You might need to change some interface names if those do not match on the new switch. You will also want to verify that your new switch still supports older commands. Another great video idea! You can also just past the config in from a text file, but I do prefer coping it via TFTP or FTP.

Thanks for the comment! That's a good idea for some more videos!

Nice job Andy

Thanks for the question, the Wazuh server does not need an agent. You in need an agent in servers or computers you want to monitor. There is agentless monitoring if you need that also.

Thanks for the comment. I have experienced this issue also, you might try looking over this article on Reddit. www.reddit.com/r/Wazuh/comments/17nlhed/wazuh_dashboard_server_is_not_ready_yet_resolved/ I have also experienced the same issue running Wazuh on Ubuntu and updating the OS fixed my issue. Running the below command will update/upgrade your Ubuntu install, please use caution. "sudo apt update && sudo apt upgrade -y" Let me know if this helps...

Hello, thank you for your response, but that didn't help me. :( @@unreal-labs

Hi, I think you don't have wazuh-manager. It is the problem. Indexer and dashboard without wazuh-mamager is kind of useless.

I agree a diagram would have made the content clearer. Thanks!

Thanks for you comment......

Glad you found the video helpful!

@@unreal-labs Question. I am finding that I can't reach the wazuh server from a different endpoint. They live in the same network. How can I start troubleshooting this issue? So far I have not found any information regarding this issue.

@@victorrosa2879 Can your endpoint Ping your Wazuh server? I would also check your Default Gateways are correct on the Wazuh server and the endpoint. I always like to start with basic communication troubleshooting and then move on up the OSI model. You might also have a firewall active if you are using Linux for the OS on the Wazuh server. You can disable it using this command. sudo ufw disable. Hope this helps.

​@@unreal-labs Yes I can ping both, the server and the end point. As far as the gateway, they both belong to the same subnet but also for the server I have a reservation for it's IP. I also deactivate the FW in both Linux server Cent'OS (aka Rocky 8) and my windows device. Still was not able to reach the dashboard. Could SE linux be the culprit?

@@unreal-labs Yes, is a firewalld and SELINUX issue. Discovered by disabling both services in the server side only. What rules should I place to allow the correct comunication?

Glad it helped!

Glad you found my channel, I would be happy to help on your journey! Please feel free to ask questions if I can answer them I would be happy too!

Thanks for comment, I will put those on the list. I have not done a Wazuh cluster, so that should be fun to build out.

In my experience, I've encountered various situations. At times, I've faced audit requirements. In other instances, I've dealt with infected PCs that couldn't be shut down or cleaned up immediately due to the need to maintain a crucial process or service. Sometimes, my task was simply to block PC-to-PC traffic over an IPsec tunnel. Regardless of the situation, I always prioritize running with the least privilege when setting up communications.

@@unreal-labs i have started my ccna journy in September from youtube Turtiols and the one thing i struggle with is what would be a real-world scenario to implaint things like why would some use RIP protocol over OSPF even thought RIP has alot of disadvantages

@@mohamedadel-tw8sf I would pick RIPv2 when I need just a simple and fast routing protocol in a small network. OSPF is definitely more complex. RIP is also kept around for legacy systems. Glad you're making your CCNA happen!

Great, have fun!

Sure thing!

Much appreciated!