love the video, I'm tasked in my organization to deploy this service on a multi-node swarm cluster, and I would like to ask if this setup in the video would also apply on a docker swarm. Please if you can make a video on how to deploy on a 3 node docker swarm cluster, or if you could point out what steps would be different from the video to getting the stack on a 3 node cluster VM Thanks in advance for any replies.
@abzalabdimanov63952 жыл бұрын
Hello, thanks for great video. I've installed all components, installation has been finished successfully. I installed on Ubuntu 20.04. But when I access to the Kibana's web insterface, "Kibana server is not ready yet" error appears. Could you help me to resolve the problem?
@TylerHodges19882 жыл бұрын
Same issue here im assuming that is why he cut that part from the video.
@abraham202020 Жыл бұрын
I’m having the same problem
@nithinraj3551 Жыл бұрын
You need to change the base URL in production-cluster.yml. ADD The Local IP of the server and rebuild the docker. Worked for me.
@s____u-lo1dx8 ай бұрын
same!
@daleyounk8005 Жыл бұрын
So I am totally new to the implementation of using containers in proxmox as well as docker. Can you help me better understand if I should be installing docker on separate container or vm or would it be more proper to have a dedicated docker server for this and any other projects I do. For instance I did an uptime kuma install not long ago. Should one docker install be utilized for both projects or continue creating separate proxmox containers with an instance for their own category of use?
@darkveg41 Жыл бұрын
Think as Docker = Your Phone UptimeKuma = any app in your phone So you don't need a new phone everyTime you install an APP
@RaSh_100India2 жыл бұрын
Where are the file under /ossec/bin be stored, that is the config file of the wazuh manager ? Because I checked /var/ossec doesn;t exist when we follow docker type of installation.
@enderst812 жыл бұрын
Looks like things have changed a bit with 4.3.8. Also compose is included as a plugin, no longer need to download and install that. So 'docker compose ...' instead of 'docker-compose ...'
@gregg7182 жыл бұрын
I followed and installed everything in this video first. Now I'm currently doing the same for videos part 1-5, Wazuh Indexer, GrayLog, Wazuh Manger, Wazuh Agent and pt5 Security Log Routing... I'm sooo confused. Help?
@CyberTeach Жыл бұрын
I want to set this up and work with this and VT
@MrAzizihassan2 жыл бұрын
Great video! I don't have any error while installing, but the 502 bad gateway appears on my browser. Any idea?
@long-gp9bc2 жыл бұрын
i'm having the same issue
@inocentiusdamar55382 жыл бұрын
same
@ryanfadhillah4510 Жыл бұрын
have you guys found a way to fix this error?
@Rildeng Жыл бұрын
@@ryanfadhillah4510 have you fixxed this one?
@eliezerortiz8546 Жыл бұрын
Did you find a solution?
@LuisVentura-p4o Жыл бұрын
Great video! Super Informative! But I had a quick question. I know that you were very detailed and informative but I'm fairly new to SIEMs and Wazuh in general. Aside from the points you made about elastic search storing the logs, and kibana being able to query the logs stored, are there really any other major differences? For example, would wazuh work on its own without elastic search and kibana (would I be able to see alerts in real time and the details)? I managed to install the wazuh manager and add an agent but didn't notice any major difference (within the interface). Perhaps it's because I'm new to wazuh, but I asked because I was using wazuh for a home lab that I'm currently setting up. Thanks in advance
@adjidarmawan76402 жыл бұрын
Thanks for awsome video, but i have an error about opendistro_security plugin. Error Messages like ["kibana_1 | Unable to remove plugin because of error: "Plugin [opendistro_security] is not installed"]. For your information, I am using latest version for kibana.
@georgewere1002 жыл бұрын
Yes!! you are awesome dude,, 2 questions, How do you interact with individual containers? and when making configuration changes to the wazuh-master, do i have to log into that container ?
@taylorwalton_socfortress2 жыл бұрын
To interact with the containers themselves do a "docker ps" to get the container ID and then run "docker exec -it *containerid* /bin/bash" You can make all config changes from within the Wazuh APP plugin within Kibana...but I plan to make a video soon detailing how to get custom scripts into the wazuh manager container. Thanks for watching :)
@karloa71942 жыл бұрын
When the new version get released, how do you upgrade your container?
@taylorwalton_socfortress2 жыл бұрын
You would just change the image version in the docker-compose file : so you could change "image: wazuh/wazuh-odfe:4.4.0" to "image: wazuh/wazuh-odfe:**VERSION_OF_CHOICE**"
@karloa71942 жыл бұрын
@@taylorwalton_socfortress Got some issues with the container. Ss says 514 was open but somehow it would not receive any logs. Tcpdump showed it was receiving the logs, but wazuh got nothing. I Nmap'd the host and it 514 was closed.
@robinsondurai Жыл бұрын
Great tutorial, one one suggestion the ubutu command screen should be little bit visible .
@erickespinosa1517 Жыл бұрын
Hello, first of all thank you very much, your videos have helped me a lot for my university laboratories, I wanted to ask a question about Wazuh, how can I add an agent to an Esxi server? I have had a hard time finding reliable and working information Thank you very much in advance and you have a new subscriber
@vandilizer Жыл бұрын
Taylor, would this setup work on a Synology DS220+ 2-Bay NAS ?
@jg1000c4 ай бұрын
Can you remake this for 4.8.0?
@J..1232 жыл бұрын
Thanks for the video! is very interesting, i have a question: can i install this in the same server where i have a MISP working?
@taylorwalton_socfortress2 жыл бұрын
Yes, as long as you have enough resources allocated to the box
@youssefjaber4086 Жыл бұрын
"Kibana server is not ready yet" how did you fix it please
@dhanibux1259 Жыл бұрын
How to handle kibana server not ready yet?
@FrenchSparda2 жыл бұрын
Great vid as usual. What are the minimal specs expected to run your "build" ?
@taylorwalton_socfortress2 жыл бұрын
To run just a demo environment you could probably get away with 2 core cpu and 4 gb of ram (ensure elasticsearch jvm is not configured too high) with 75gb of disk but if you are ingesting many more logs then you will need to scale up.
@elmoe7182 жыл бұрын
Can you help me with this question. If we are running the VMS on linux but I want to secure my windows. How does that work? I never really understood how company's secure there network running so many difference OS's im still new to the field and im trying to get a good understanding ! Please and thank you!
@KvngWxrd Жыл бұрын
can some one please help me I keep getting Kibana server is not ready yet
@vilaysackvorachack2395 Жыл бұрын
Hi Taylor, I appreciated your videos. But, I have a question that can we remove the user that on the describe line said "Demo" or not?
@garethstewart32732 жыл бұрын
How long does it take for the kibana server to load? trying to login to my Wazuh server and it is saying that the "Kibana server is not ready yet"
@avecaesar99342 жыл бұрын
I also have this issue. The Kibana server will never be ready (left it up for 8hrs) it is definitely an error that was caused by one of the steps, I believe it was caused by something to do with changing the default password from SecretPassword. Perhaps we have missed an environment variable?
@garethstewart32732 жыл бұрын
@@avecaesar9934 I think so as well, I started from scratch and just skipped changing the hash and it has worked.
@taylorwalton_socfortress2 жыл бұрын
Did you also change the password within the production-cluster.yml and ensure it was the clear text value?
@garethstewart32732 жыл бұрын
@@taylorwalton_socfortress I changed the password in the yml file to a match the hash i created in plain text, unfortunately wasnt working. I decided to rebuild the server without changing the hash and its working. Not sure if it was the problem or if there wasnt enough ram as it was set to 6 but now its 8
@dotcaodin2 жыл бұрын
Amazing! Thanks for the video.
@sugamdangal59502 жыл бұрын
How do i start the SIEM docker again after I restart my virtual box where the stack is deployed??
@DunChuanFu8 ай бұрын
You can set to restart on your docker compose yml file
@Sh4d0wZ0n32 жыл бұрын
I'm using the exact same config as you, followed it to the letter and it just flat out doesn't work. Just consistent XML errors from the wazuh agents.
@taylorwalton_socfortress2 жыл бұрын
xml errors? How are you deploying the agents?
@Sh4d0wZ0n32 жыл бұрын
@@taylorwalton_socfortress Legit the exact same as you have in your video. wazuh-master has multiple binaries that run the api etc etc which fail to start due to the following: "Wazuh-Agent: Critical: (1226) Error reading XML file 'ossec.conf' (line 0)". I'm using the files directly from the repo unedited so there shouldn't be syntax errors ...
@marlonoliveira48102 жыл бұрын
Which SSH client are you using?
@taylorwalton_socfortress2 жыл бұрын
termius.com/
@trev88132 жыл бұрын
Great video! I noticed the Wazuh API password was a default password as well. Would you just change that directly in the production-cluster.yml file or is there anywhere else that would need the API password changed to a custom one? Thanks!
@taylorwalton_socfortress2 жыл бұрын
Hey Trev, check out these steps provided by the Wazuh team here: documentation.wazuh.com/current/user-manual/api/securing-api.html Thanks for watching!
@sujenrios2902 Жыл бұрын
Thanks for awsome video bro
@jimskyboy2 Жыл бұрын
EDIT! I fixed it! Within the compose.yaml there's a memlock and soft -1 hard -1 and after that the ulimit 65k is there as needed. Docker users will have to remove the memlock and the duplicate soft/hard and the container will boot! Hoping you can give some assistance. Doing a fresh install of 4.4.5 in docker in a proxmox VM. After installing the Wazuh docker following the latest instructions, I receive this error Attaching to single-node-wazuh.dashboard-1, single-node-wazuh.indexer-1, single-node-wazuh.manager-1 Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting rlimits for ready process: error setting rlimit type 8: operation not permitted: unknown I can get the container running if I set a Ulimit as so docker run --name single-node-wazuh.indexer-2 --ulimit nofile=20000:40000 -d wazuh/wazuh-indexer:4.4.5 The issue is now that container is located in another stack that's called build-docker-images instead of "single-node" Do you have any ideas on how to fix it? If you install the latest version of docker wazuh through git-singlenode I'm sure you'll find the same issue.
@tbrand1968 Жыл бұрын
Can you give an example of "REMOVE THE MEMOLOCK AND DUPLICATE SOFT/HARD and the container will boot" I have this in each instance of the elasticsearch... memlock: soft: -1 hard: -1 Should I just delete that?
@broph3n2 жыл бұрын
Is there some sort of mind logging going on? I think of something I'd like to do with Wazuh and next thing I know you make a video about it
@taylorwalton_socfortress2 жыл бұрын
giphy.com/clips/collin-QMEkDP3yiIX5SDVG38
@damobiv2 жыл бұрын
oof, I can't get the nginx container to start - anyone had this problem?
@Rildeng Жыл бұрын
did you solve this problem?
@damobiv Жыл бұрын
Nope. I gave up
@Duser0248 ай бұрын
thank you so much from thai
@adamadamadde10 ай бұрын
Dude u totally clowned it, if u follow ur steps we get the same error at 17:58.... and then u cut to when uit actually works....
@JayTownsend12 жыл бұрын
Awesome video but your microphone quality is terrible and has a lot of distortion on the treble. A good microphone setup from elgato would fix that right up as currently sounds like you are using a cheap headset
@eagle18hls6 ай бұрын
sounds fine here. I would look at your speakers.
@ДмитрийНемна2 жыл бұрын
I watch all your videos. This is cool. There are several questions about this lesson. With SIEM in docker: - by edit Cluster configuration not saved after docker-compose down and up; - not work with configured to receive log events through syslog even with syslog 514 tcp xxx.xxx.x.x/24 How to make it work?
@taylorwalton_socfortress2 жыл бұрын
try changing to tcp and use the loopback address as the . And make sure you change the port mapping to tcp in the docker-compose