diff --git a/Migration-to-Wazuh-4.3.md b/Migration-to-Wazuh-4.3.md new file mode 100644 index 00000000..a4caa7a1 --- /dev/null +++ b/Migration-to-Wazuh-4.3.md @@ -0,0 +1,328 @@ +# Opendistro data migration to Wazuh indexer on docker. +This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments. +The example is migrating from v4.2.5 to v4.3.0. + +## Procedure +Assuming that you have a v4.2.5 production deployment, perform the following steps. + +**1. Stop 4.2.5 environment** +`docker-compose -f production-cluster.yml stop` + +**2. List Elastic volumesStop 4.2.5 environment** +`docker volume ls --filter name='wazuh-docker_elastic-data'` + +**3. Inspect Elastic volume** +`docker volume inspect wazuh-docker_elastic-data-1` + +**4. Run the volume create command:** create new Indexer and Wazuh Manager volumes using the `com.docker.compose.version` label value from the previous command. +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-1 \ + wazuh-docker_wazuh-indexer-data-1 +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-2 \ + wazuh-docker_wazuh-indexer-data-2 +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-3 \ + wazuh-docker_wazuh-indexer-data-3 +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master_wazuh_api_configuration \ + wazuh-docker_master_wazuh_api_configuration +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master_wazuh_etc \ + wazuh-master_docker_wazuh_etc +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-logs \ + wazuh-docker_master-wazuh-logs +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-queue \ + wazuh-docker_master-wazuh-queue +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-var-multigroups \ + wazuh-docker_master-wazuh-var-multigroups +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-integrations \ + wazuh-docker_master-wazuh-integrations +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-active-response \ + wazuh-docker_master-wazuh-active-response +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-agentless \ + wazuh-docker_master-wazuh-agentless +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-wodles \ + wazuh-docker_master-wazuh-wodles +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-filebeat-etc \ + wazuh-docker_master-filebeat-etc +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-filebeat-var \ + wazuh-docker_master-filebeat-var +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker_wazuh_api_configuration \ + wazuh-docker_worker_wazuh_api_configuration +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker_wazuh_etc \ + wazuh-worker_docker_wazuh_etc +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-logs \ + wazuh-docker_worker-wazuh-logs +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-queue \ + wazuh-docker_worker-wazuh-queue +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-var-multigroups \ + wazuh-docker_worker-wazuh-var-multigroups +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-integrations \ + wazuh-docker_worker-wazuh-integrations +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-active-response \ + wazuh-docker_worker-wazuh-active-response +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-agentless \ + wazuh-docker_worker-wazuh-agentless +``` +``` +docker volume create \ + --label com.docker.compose.project=wazuh-docker \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-wodles \ + wazuh-docker_worker-wazuh-wodles +``` +**5. Copy the volume content from Elastic to Wazuh indexer volumes and old Wazuh Manager content to new volumes.** +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-1:/from \ + -v wazuh-docker_wazuh-indexer-data-1:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-2:/from \ + -v wazuh-docker_wazuh-indexer-data-2:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-3:/from \ + -v wazuh-docker_wazuh-indexer-data-3:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-api-configuration:/from \ + -v wazuh-docker_master-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-etc:/from \ + -v wazuh-docker_master-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-logs:/from \ + -v wazuh-docker_master-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-queue:/from \ + -v wazuh-docker_master-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-var-multigroups:/from \ + -v wazuh-docker_master-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-integrations:/from \ + -v wazuh-docker_master-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-active-response:/from \ + -v wazuh-docker_master-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-agentless:/from \ + -v wazuh-docker_master-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-wodles:/from \ + -v wazuh-docker_master-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_filebeat-etc:/from \ + -v wazuh-docker_master-filebeat-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_filebeat-var:/from \ + -v wazuh-docker_master-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-api-configuration:/from \ + -v wazuh-docker_worker-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-etc:/from \ + -v wazuh-docker_worker-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-logs:/from \ + -v wazuh-docker_worker-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-queue:/from \ + -v wazuh-docker_worker-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-var-multigroups:/from \ + -v wazuh-docker_worker-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-integrations:/from \ + -v wazuh-docker_worker-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-active-response:/from \ + -v wazuh-docker_worker-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-agentless:/from \ + -v wazuh-docker_worker-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-wodles:/from \ + -v wazuh-docker_worker-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +**6. Delete the 4.2.5 environment.** +`docker-compose -f production-cluster.yml down` + +**7. Start the 4.3 environment.** +``` +git checkout 4.3 +docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose -f production-cluster.yml up -d +``` + +**8. Check the access to Wazuh dashboard**: go to the Wazuh Dashboard WebUI and check if everything is working. \ No newline at end of file diff --git a/Migration-to-indexer-dashboard.md b/Migration-to-indexer-dashboard.md deleted file mode 100644 index cc38fb9c..00000000 --- a/Migration-to-indexer-dashboard.md +++ /dev/null @@ -1,69 +0,0 @@ -# Opendistro data migration to Wazuh indexer on docker. -This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments. -The example is migrating from v4.2.5 to v4.3.0. - -## Procedure -Assuming that you have a v4.2.5 production deployment, perform the following steps. - -**1. Stop 4.2.5 environment** -`docker-compose -f production-cluster.yml stop` - -**2. List Elastic volumesStop 4.2.5 environment** -`docker volume ls --filter name='wazuh-docker_elastic-data'` - -**3. Inspect Elastic volume** -`docker volume inspect wazuh-docker_elastic-data-1` - -**4. Run the volume create command:** create 3 new Indexer volumes using the `com.docker.compose.version` label value from the previous command. -``` -docker volume create \ - --label com.docker.compose.project=wazuh-docker \ - --label com.docker.compose.version=1.25.0 \ - --label com.docker.compose.volume=wazuh-indexer-data-1 \ - wazuh-docker_wazuh-indexer-data-1 -``` -``` -docker volume create \ - --label com.docker.compose.project=wazuh-docker \ - --label com.docker.compose.version=1.25.0 \ - --label com.docker.compose.volume=wazuh-indexer-data-2 \ - wazuh-docker_wazuh-indexer-data-2 -``` -``` -docker volume create \ - --label com.docker.compose.project=wazuh-docker \ - --label com.docker.compose.version=1.25.0 \ - --label com.docker.compose.volume=wazuh-indexer-data-3 \ - wazuh-docker_wazuh-indexer-data-3 -``` - -**5. Copy the volume content from Elastic to Wazuh indexer volumes.** -``` -docker container run --rm -it \ - -v wazuh-docker_elastic-data-1:/from \ - -v wazuh-docker_wazuh-indexer-data-1:/to \ - alpine ash -c "cd /from ; cp -av . /to" -``` -``` -docker container run --rm -it \ - -v wazuh-docker_elastic-data-2:/from \ - -v wazuh-docker_wazuh-indexer-data-2:/to \ - alpine ash -c "cd /from ; cp -av . /to" -``` -``` -docker container run --rm -it \ - -v wazuh-docker_elastic-data-3:/from \ - -v wazuh-docker_wazuh-indexer-data-3:/to \ - alpine ash -c "cd /from ; cp -av . /to" -``` - -**6. Delete the 4.2.5 environment.** -`docker-compose -f production-cluster.yml down` - -**7. Start the 4.3 environment.** -``` -git checkout 4.3 -docker-compose -f production-cluster.yml up -d -``` - -**8. Check the access to Wazuh dashboard**: go to the Wazuh Dashboard WebUI and check if everything is working. \ No newline at end of file diff --git a/README.md b/README.md index 3fa14934..2ad15dc0 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ API_USERNAME="wazuh" # Wazuh API username API_PASSWORD="wazuh" # Wazuh API password - Must comply with requirements # (8+ length, uppercase, lowercase, specials chars) -INDEXER_URL=https://wazuh1.indexer:9200 # Wazuh indexer URL +INDEXER_URL=https://wazuh.indexer:9200 # Wazuh indexer URL INDEXER_USERNAME=admin # Wazuh indexer Username INDEXER_PASSWORD=admin # Wazuh indexer Password FILEBEAT_SSL_VERIFICATION_MODE=full # Filebeat SSL Verification mode (full or none) diff --git a/build-wazuh-images.yml b/build-wazuh-images.yml index e6ec7ed7..0d9b9524 100644 --- a/build-wazuh-images.yml +++ b/build-wazuh-images.yml @@ -13,27 +13,27 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 + - INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin - FILEBEAT_SSL_VERIFICATION_MODE=none volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles - filebeat_etc:/etc/filebeat - filebeat_var:/var/lib/filebeat - wazuh1.indexer: + wazuh.indexer: build: wazuh-indexer/ image: wazuh/wazuh-indexer:4.3.0 - hostname: wazuh1.indexer + hostname: wazuh.indexer restart: always ports: - "9200:9200" @@ -60,20 +60,20 @@ services: - SERVER_SSL_ENABLED=false - WAZUH_API_URL=https://wazuh.manager depends_on: - - wazuh1.indexer + - wazuh.indexer links: - - wazuh1.indexer:wazuh1.indexer + - wazuh.indexer:wazuh.indexer - wazuh.manager:wazuh.manager volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: filebeat_etc: filebeat_var: diff --git a/docker-compose.yml b/docker-compose.yml index 49515e47..41adabb5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,26 +12,26 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 + - INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin - FILEBEAT_SSL_VERIFICATION_MODE=none volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles - filebeat_etc:/etc/filebeat - filebeat_var:/var/lib/filebeat - wazuh1.indexer: + wazuh.indexer: image: wazuh/wazuh-indexer:4.3.0 - hostname: wazuh1.indexer + hostname: wazuh.indexer restart: always ports: - "9200:9200" @@ -56,20 +56,20 @@ services: - INDEXER_PASSWORD=admin - WAZUH_API_URL=https://wazuh.manager depends_on: - - wazuh1.indexer + - wazuh.indexer links: - - wazuh1.indexer:wazuh1.indexer + - wazuh.indexer:wazuh.indexer - wazuh.manager:wazuh.manager volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: filebeat_etc: filebeat_var: diff --git a/production-cluster.yml b/production-cluster.yml index be77f19e..3a066717 100644 --- a/production-cluster.yml +++ b/production-cluster.yml @@ -21,17 +21,17 @@ services: - API_USERNAME=acme-user - API_PASSWORD=MyS3cr37P450r.*- volumes: - - ossec-api-configuration:/var/ossec/api/configuration - - ossec-etc:/var/ossec/etc - - ossec-logs:/var/ossec/logs - - ossec-queue:/var/ossec/queue - - ossec-var-multigroups:/var/ossec/var/multigroups - - ossec-integrations:/var/ossec/integrations - - ossec-active-response:/var/ossec/active-response/bin - - ossec-agentless:/var/ossec/agentless - - ossec-wodles:/var/ossec/wodles - - filebeat-etc:/etc/filebeat - - filebeat-var:/var/lib/filebeat + - master-wazuh-api-configuration:/var/ossec/api/configuration + - master-wazuh-etc:/var/ossec/etc + - master-wazuh-logs:/var/ossec/logs + - master-wazuh-queue:/var/ossec/queue + - master-wazuh-var-multigroups:/var/ossec/var/multigroups + - master-wazuh-integrations:/var/ossec/integrations + - master-wazuh-active-response:/var/ossec/active-response/bin + - master-wazuh-agentless:/var/ossec/agentless + - master-wazuh-wodles:/var/ossec/wodles + - master-filebeat-etc:/etc/filebeat + - master-filebeat-var:/var/lib/filebeat - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key @@ -50,15 +50,15 @@ services: - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - SSL_KEY=/etc/ssl/filebeat.key volumes: - - worker-ossec-api-configuration:/var/ossec/api/configuration - - worker-ossec-etc:/var/ossec/etc - - worker-ossec-logs:/var/ossec/logs - - worker-ossec-queue:/var/ossec/queue - - worker-ossec-var-multigroups:/var/ossec/var/multigroups - - worker-ossec-integrations:/var/ossec/integrations - - worker-ossec-active-response:/var/ossec/active-response/bin - - worker-ossec-agentless:/var/ossec/agentless - - worker-ossec-wodles:/var/ossec/wodles + - worker-wazuh-api-configuration:/var/ossec/api/configuration + - worker-wazuh-etc:/var/ossec/etc + - worker-wazuh-logs:/var/ossec/logs + - worker-wazuh-queue:/var/ossec/queue + - worker-wazuh-var-multigroups:/var/ossec/var/multigroups + - worker-wazuh-integrations:/var/ossec/integrations + - worker-wazuh-active-response:/var/ossec/active-response/bin + - worker-wazuh-agentless:/var/ossec/agentless + - worker-wazuh-wodles:/var/ossec/wodles - worker-filebeat-etc:/etc/filebeat - worker-filebeat-var:/var/lib/filebeat - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem @@ -151,7 +151,7 @@ services: - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./production_cluster/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/opensearch_dashboards.yml + - ./production_cluster/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./production_cluster/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml depends_on: - wazuh1.indexer @@ -178,26 +178,26 @@ services: - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro volumes: - ossec-api-configuration: - ossec-etc: - ossec-logs: - ossec-queue: - ossec-var-multigroups: - ossec-integrations: - ossec-active-response: - ossec-agentless: - ossec-wodles: - filebeat-etc: - filebeat-var: - worker-ossec-api-configuration: - worker-ossec-etc: - worker-ossec-logs: - worker-ossec-queue: - worker-ossec-var-multigroups: - worker-ossec-integrations: - worker-ossec-active-response: - worker-ossec-agentless: - worker-ossec-wodles: + master-wazuh-api-configuration: + master-wazuh-etc: + master-wazuh-logs: + master-wazuh-queue: + master-wazuh-var-multigroups: + master-wazuh-integrations: + master-wazuh-active-response: + master-wazuh-agentless: + master-wazuh-wodles: + master-filebeat-etc: + master-filebeat-var: + worker-wazuh-api-configuration: + worker-wazuh-etc: + worker-wazuh-logs: + worker-wazuh-queue: + worker-wazuh-var-multigroups: + worker-wazuh-integrations: + worker-wazuh-active-response: + worker-wazuh-agentless: + worker-wazuh-wodles: worker-filebeat-etc: worker-filebeat-var: wazuh-indexer-data-1: diff --git a/wazuh-dashboard/config/opensearch_dashboards.yml b/wazuh-dashboard/config/opensearch_dashboards.yml index f7d70cce..bf8dc374 100644 --- a/wazuh-dashboard/config/opensearch_dashboards.yml +++ b/wazuh-dashboard/config/opensearch_dashboards.yml @@ -1,6 +1,6 @@ server.host: 0.0.0.0 server.port: 443 -opensearch.hosts: https://wazuh1.indexer:9200 +opensearch.hosts: https://wazuh.indexer:9200 opensearch.ssl.verificationMode: none opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] opensearch_security.multitenancy.enabled: true diff --git a/wazuh-indexer/config/opensearch.yml b/wazuh-indexer/config/opensearch.yml index 915fe5a2..922e86e5 100644 --- a/wazuh-indexer/config/opensearch.yml +++ b/wazuh-indexer/config/opensearch.yml @@ -1,5 +1,5 @@ network.host: "0.0.0.0" -node.name: "wazuh1.indexer" +node.name: "wazuh.indexer" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer discovery.type: single-node diff --git a/wazuh-manager/config/filebeat.yml b/wazuh-manager/config/filebeat.yml index 37003366..e9874fb4 100644 --- a/wazuh-manager/config/filebeat.yml +++ b/wazuh-manager/config/filebeat.yml @@ -13,7 +13,7 @@ setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false output.elasticsearch: - hosts: ['https://wazuh1.indexer:9200'] + hosts: ['https://wazuh.indexer:9200'] #username: #password: #ssl.verification_mode: