{"id":902,"date":"2018-12-06T13:53:30","date_gmt":"2018-12-06T13:53:30","guid":{"rendered":"https:\/\/www.nicktailor.com\/?p=902"},"modified":"2022-10-21T12:07:33","modified_gmt":"2022-10-21T12:07:33","slug":"how-to-properly-upgrade-wazuh-with-a-major-update-standalone-setup","status":"publish","type":"post","link":"https:\/\/nicktailor.com\/tech-blog\/how-to-properly-upgrade-wazuh-with-a-major-update-standalone-setup\/","title":{"rendered":"How to properly upgrade wazuh with a major update (standalone setup)"},"content":{"rendered":"<p class=\"Normal-P\" style=\"margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Helvetica; color: #404040; font-size: 21pt;\">Upgrade from the same major version (3.x)<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">The following steps show how to upgrade to the latest available version of <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> 3.x (which implies upgrading to the latest version of Elastic Stack 6.x).<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Helvetica; color: #404040; font-size: 18pt;\">Starting the upgrade<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">If you followed our\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/installing-wazuh-server\/index.html#installation\" target=\"\" rel=\"noopener\">manager<\/a><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0or\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/installing-wazuh-agent\/index.html#installation-agents\" target=\"\" rel=\"noopener\">agents<\/a><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0installation guides, probably you disabled the repository in order to avoid undesired upgrades. It\u2019s necessary to enable them again to get the last packages.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_1_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"1\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sed<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> &#8211;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">i<\/span><span style=\"font-family: Consolas; color: #dd1144; font-size: 9pt;\">&#8220;s\/^enabled=0\/enabled=1\/&#8221;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/etc\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">yum.repos.d<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">wazuh.repo<\/span><\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Upgrade the <\/span><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Wazuh<\/span><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\"> manager<\/span><\/h3>\n<p class=\"first-P\" style=\"background-color: #6ab0de; direction: ltr; unicode-bidi: normal; margin: 0pt -9pt 9pt -9pt;\"><span class=\"first-H\"><span style=\"font-family: inherit; font-weight: bold; color: #ffffff;\">Note<\/span><\/span><\/p>\n<p class=\"last-P\" style=\"margin-top: 0pt; margin-bottom: 0pt; background-color: #e7f2fa; direction: ltr; unicode-bidi: normal;\"><span class=\"last-H\"><span style=\"font-family: Arial; color: #404040;\">Since <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> v3.7.0 the File Integrity Monitoring database is not used anymore. In order to add to <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> DB the file and registry entries stored from previous versions it\u2019s necessary to run the\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/user-manual\/reference\/tools\/fim_migrate.html#fim-migrate\" target=\"\" rel=\"noopener\">FIM migration tool<\/a><span style=\"font-family: Arial; color: #404040;\">.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_2_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"2\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Upgrade the\u00a0<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">wazuh<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">-manager<\/span><span style=\"font-family: Arial; color: #404040;\">\u00a0package:<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list_3_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"3\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum upgrade <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">wazuh<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">-manager<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li id=\"pmdi_list_4_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"4\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Upgrade the\u00a0<\/span><span style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">wazuh-api<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0package:<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list_5_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"5\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum upgrade <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">wazuh-api<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 9pt; background-color: #6ab0de; direction: ltr; unicode-bidi: normal; margin-left: -9pt; margin-right: -9pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-weight: bold; color: #ffffff; font-size: 12pt;\">Note<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">The installation of the updated packages\u00a0<\/span><span style=\"font-family: Arial; font-weight: bold; color: #404040; font-size: 12pt;\">will automatically restart the services<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0for the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> manager, API and agents. Your <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> config file will keep\u00a0<\/span><span style=\"font-family: Arial; font-weight: bold; color: #404040; font-size: 12pt;\">unmodified<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">, so you\u2019ll need to manually add the settings for the new capabilities. Check the\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/user-manual\/index.html#user-manual\" target=\"\" rel=\"noopener\">User Manual<\/a><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0for more information.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Finishing the <\/span><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Wazuh<\/span><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\"> upgrade<\/span><\/h3>\n<p class=\"NormalWeb-P\" style=\"margin-top: 0pt; margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"NormalWeb-H\"><span style=\"font-family: Arial; color: #404040;\">You\u2019ve finished upgrading your <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> installation to the latest version. Now you can disable again the <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> repositories <\/span><span style=\"font-family: Arial; color: #404040;\">in order to<\/span><span style=\"font-family: Arial; color: #404040;\"> avoid undesired upgrades and compatibility issues.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_6_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"6\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sed<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> &#8211;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">i<\/span><span class=\"s2-H\" style=\"font-family: Consolas; color: #dd1144; font-size: 9pt;\">&#8220;s\/^enabled=1\/enabled=0\/&#8221;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/etc\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">yum.repos.d<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">wazuh.repo<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Helvetica; color: #404040; font-size: 18pt;\">Upgrade to the latest Elastic Stack version<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Since the release of <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> 3.0.0, there\u2019s been several updates to the 6.x version of the Elastic Stack, introducing several bugfixes and important changes. <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">In order to<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> use the latest version of <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">, it\u2019s necessary to install the latest compatible Elastic Stack packages.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_7_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"7\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Stop the services:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> stop <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">filebeat<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> (This you do not need to stop in a standalone setup, because it should not be installed. <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">Filebeat<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> is only used when you have a clustered setup. It sends logs back to the manager when clustered)<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> stop <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">logstash<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> stop <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> stop <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">elasticsearch<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_8_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"8\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Enable the Elastic repository:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">If you followed our\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/installing-elastic-stack\/index.html#installation-elastic\" target=\"\" rel=\"noopener\">Elastic Stack Installation Guide<\/a><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">, probably you disabled the repository in order to avoid undesired upgrades for the Elastic Stack. It\u2019s necessary to enable them again to get the last packages.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_9_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"9\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sed<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> &#8211;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">i<\/span><span style=\"font-family: Consolas; color: #dd1144; font-size: 9pt;\">&#8220;s\/^enabled=0\/enabled=1\/&#8221;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/etc\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">yum.repos.d<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">elastic.repo<\/span><\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Upgrade Elasticsearch<\/span><\/h3>\n<ul>\n<li id=\"pmdi_list_10_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"10\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Upgrade the\u00a0<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">elasticsearch<\/span><span style=\"font-family: Arial; color: #404040;\">\u00a0package:<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list_11_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"11\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum install elasticsearch-6.5.1<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li id=\"pmdi_list_12_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"12\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Start the Elasticsearch service:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> daemon-reload<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #0086b3; font-size: 9pt;\">enable<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">elasticsearch.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> start <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">elasticsearch.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">It\u2019s important to wait until the Elasticsearch server finishes starting. Check the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">current status<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> with the following command, which should give you a response like the shown below:<\/span><\/span><\/p>\n<pre><span class=\"gp\">#<\/span> curl <span class=\"s2\">\"http:\/\/localhost:9200\/?pretty\"<\/span>\r\n\r\n<span class=\"go\">{<\/span>\r\n<span class=\"go\">  \"name\" : \"Zr2Shu_\",<\/span>\r\n<span class=\"go\">  \"cluster_name\" : \"elasticsearch\",<\/span>\r\n<span class=\"go\">  \"cluster_uuid\" : \"M-W_RznZRA-CXykh_oJsCQ\",<\/span>\r\n<span class=\"go\">  \"version\" : {<\/span>\r\n<span class=\"go\">    \"number\" : \"6.5.1\",<\/span>\r\n<span class=\"go\">    \"build_flavor\" : \"default\",<\/span>\r\n<span class=\"go\">    \"build_type\" : \"rpm\",<\/span>\r\n<span class=\"go\">    \"build_hash\" : \"053779d\",<\/span>\r\n<span class=\"go\">    \"build_date\" : \"2018-07-20T05:20:23.451332Z\",<\/span>\r\n<span class=\"go\">    \"build_snapshot\" : false,<\/span>\r\n<span class=\"go\">    \"lucene_version\" : \"7.3.1\",<\/span>\r\n<span class=\"go\">    \"minimum_wire_compatibility_version\" : \"5.6.0\",<\/span>\r\n<span class=\"go\">    \"minimum_index_compatibility_version\" : \"5.0.0\"<\/span>\r\n<span class=\"go\">  },<\/span>\r\n<span class=\"go\">  \"tagline\" : \"You Know, for Search\"<\/span>\r\n<span class=\"go\">}<\/span><\/pre>\n<p class=\"Normal-P\" style=\"background-color: #ffedcc; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-weight: bold; color: #404040; font-size: 12pt;\">Updating the Elasticsearch template<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0to the latest version is mandatory <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">in order to<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0<\/span><span style=\"font-family: Arial; font-weight: bold; color: #404040; font-size: 12pt;\">avoid compatibility issues<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0with the latest versions of <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> and the Elastic Stack.<\/span><\/span><\/p>\n<pre><span class=\"gp\">#<\/span> curl https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/3.7\/extensions\/elasticsearch\/wazuh-elastic6-template-alerts.json <span class=\"p\">|<\/span> curl -X PUT <span class=\"s2\">\"http:\/\/localhost:9200\/_template\/wazuh\"<\/span> -H <span class=\"s1\">'Content-Type: application\/json'<\/span> -d @-<\/pre>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Upgrade Logstash<\/span><\/h3>\n<ul>\n<li id=\"pmdi_list_14_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"14\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Upgrade the\u00a0<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">logstash<\/span><span style=\"font-family: Arial; color: #404040;\">\u00a0package:<\/span><\/span><\/li>\n<li id=\"pmdi_list_15_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"15\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum install logstash-6.5.1<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_16_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"16\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Download and set the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> configuration for Logstash:<\/span><\/span><\/li>\n<\/ul>\n<ol class=\"loweralpha simple\">\n<li>Local configuration:<\/li>\n<\/ol>\n<blockquote>\n<div>\n<div class=\"highlight-console\">\n<div class=\"highlight\">\n<pre><span class=\"gp\">#<\/span> cp \/etc\/logstash\/conf.d\/01-wazuh.conf \/backup_directory\/01-wazuh.conf.bak\r\n<span class=\"gp\">#<\/span> curl -so \/etc\/logstash\/conf.d\/01-wazuh.conf https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/3.7\/extensions\/logstash\/01-wazuh-local.conf\r\n<span class=\"gp\">#<\/span> usermod -a -G ossec logstash\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/blockquote>\n<ol class=\"loweralpha simple\" start=\"2\">\n<li>Remote configuration:\u00a0(We are not using this in our standalone setup and therefore do not need to run this)<\/li>\n<\/ol>\n<blockquote>\n<div>\n<div class=\"highlight-console\">\n<div class=\"highlight\">\n<pre><span class=\"gp\">#<\/span> cp \/etc\/logstash\/conf.d\/01-wazuh.conf \/backup_directory\/01-wazuh.conf.bak\r\n<span class=\"gp\">#<\/span> curl -so \/etc\/logstash\/conf.d\/01-wazuh.conf https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/3.7\/extensions\/logstash\/01-wazuh-remote.conf<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/blockquote>\n<ul>\n<li id=\"pmdi_list_19_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"19\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Start the Logstash service:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> daemon-reload<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #0086b3; font-size: 9pt;\">enable<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">logstash.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> start <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">logstash.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 9pt; background-color: #6ab0de; direction: ltr; unicode-bidi: normal; margin-left: -9pt; margin-right: -9pt;\"><span class=\"Normal-H\"><span style=\"font-family: inherit; font-weight: bold; color: #ffffff; font-size: 12pt;\">Note<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #e7f2fa; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">The Logstash configuration file has been replaced for an updated one. If you already configured the encryption between <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Filebeat<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> and Logstash, don\u2019t forget to check again\u00a0<\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/optional-configurations\/elastic_ssl.html#elastic-ssl\" target=\"\" rel=\"noopener\">Setting up SSL for Filebeat and Logstash<\/a><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">\u00a0if you\u2019re using a\u00a0<\/span><span style=\"font-family: Arial; font-weight: bold; color: #404040; font-size: 12pt;\">distributed architecture<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">.<\/span><\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Upgrade Kibana<\/span><\/h3>\n<ul>\n<li id=\"pmdi_list_20_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"20\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Upgrade the\u00a0<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Arial; color: #404040;\">\u00a0package:<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list_21_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"21\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum install kibana-6.5.1<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_22_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"22\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Uninstall the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> app from Kibana:<\/span><\/span><\/li>\n<li id=\"pmdi_list_23_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"23\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Update file permissions. This will avoid several errors prior to updating the app:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">chown<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> -R <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana:kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">usr<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/share\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/optimize<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">chown<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> -R <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana:kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">usr<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/share\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/plugins<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_24_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"24\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Remove the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> app:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sudo<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> -u <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">usr<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/share\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/bin\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">-plugin remove <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">wazuh<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_25_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"25\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Upgrade the <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> app:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> rm -rf \/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">usr<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/share\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/optimize\/bundles<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sudo<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> -u <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #008080; font-size: 9pt;\">NODE_OPTIONS<\/span><span style=\"font-family: Consolas; font-weight: bold; color: #404040; font-size: 9pt; text-decoration: underline;\">=<\/span><span style=\"font-family: Consolas; color: #dd1144; font-size: 9pt;\">&#8220;&#8211;max-old-space-size=3072&#8221;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">usr<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/share\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/bin\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">-plugin install https:\/\/packages.wazuh.com\/wazuhapp\/wazuhapp-3.7.1_6.5.1.zip<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 9pt; background-color: #f0b37e; direction: ltr; unicode-bidi: normal; margin-left: -9pt; margin-right: -9pt;\"><span class=\"Normal-H\"><span style=\"font-family: inherit; font-weight: bold; color: #ffffff; font-size: 12pt;\">Warning<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #ffedcc; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">The <\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\"> app installation process may take several minutes. Please wait patiently.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_26_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\" data-numid=\"26\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040; font-size: 12pt;\">Start the Kibana service:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> daemon-reload<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #0086b3; font-size: 9pt;\">enable<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> start <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">kibana.service<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Consolas; color: #404040; font-size: 18pt;\">This section only applies if you have clustered\/distributed setup<\/span><\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Upgrade <\/span><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Filebeat<\/span><\/h3>\n<ul>\n<li id=\"pmdi_list_27_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"27\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Upgrade the\u00a0<\/span><span class=\"pre-H\" style=\"background-color: #ffffff; font-family: Consolas; color: #e74c3c; font-size: 9pt;\">filebeat<\/span><span style=\"font-family: Arial; color: #404040;\">\u00a0package:<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list_28_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"28\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> yum install filebeat-6.5.1<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_29_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"29\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">Start the <\/span><span style=\"font-family: Arial; color: #404040;\">Filebeat<\/span><span style=\"font-family: Arial; color: #404040;\"> service:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> daemon-reload<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span class=\"nb-H\" style=\"font-family: Consolas; color: #0086b3; font-size: 9pt;\">enable<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">filebeat.service<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">systemctl<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> start <\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">filebeat.service<\/span><\/span><\/p>\n<h3><span style=\"font-family: Helvetica; font-weight: bold; color: #404040; font-size: 15pt;\">Finishing the Elastic Stack upgrade<\/span><\/h3>\n<p class=\"NormalWeb-P\" style=\"margin-top: 0pt; margin-bottom: 18pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"NormalWeb-H\"><span style=\"font-family: Arial; color: #404040;\">You\u2019ve finished upgrading your <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> installation to the latest version. Now you can disable again the Elastic Stack repositories <\/span><span style=\"font-family: Arial; color: #404040;\">in order to<\/span><span style=\"font-family: Arial; color: #404040;\"> avoid undesired upgrades and compatibility issues with the <\/span><span style=\"font-family: Arial; color: #404040;\">Wazuh<\/span><span style=\"font-family: Arial; color: #404040;\"> app.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_30_0\" class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\" data-numid=\"30\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #404040;\">For CentOS\/RHEL\/Fedora:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span class=\"gp-H\" style=\"font-family: Consolas; color: #555555; font-size: 9pt;\">#<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">sed<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> &#8211;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">i<\/span><span class=\"s2-H\" style=\"font-family: Consolas; color: #dd1144; font-size: 9pt;\">&#8220;s\/^enabled=1\/enabled=0\/&#8221;<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\"> \/etc\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">yum.repos.d<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">\/<\/span><span style=\"font-family: Consolas; color: #404040; font-size: 9pt;\">elastic.repo<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span style=\"font-weight: bold; font-size: 16pt; text-decoration: underline;\">Things you will need to fix after the upgrade<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\" style=\"background-color: #ffffff;\"><span style=\"font-weight: bold; font-size: 16pt;\">1. Running migration tool for <\/span><span style=\"font-weight: bold; font-size: 16pt;\">versions<\/span><span style=\"font-weight: bold; font-size: 16pt;\"> before 3.7 for that have <\/span><span style=\"font-weight: bold; font-size: 16pt;\">upgraded<\/span><span style=\"font-weight: bold; font-size: 16pt;\">\u00a0recently:<\/span><\/span><span style=\"background-color: #ffffff;\">\u00a0<\/span><\/p>\n<ul>\n<li class=\"pmdi_content_wrapper\">\n<pre class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><em><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 16pt;\">If you upgraded from <\/span><span style=\"font-size: 16pt;\">wazuh<\/span><span style=\"font-size: 16pt;\"> 3.6 or newer you will need to run the following migration tool, which migrate the database into a new format for <\/span><span style=\"font-size: 16pt;\">wazuh<\/span><span style=\"font-size: 16pt;\"> 3.7<\/span><span style=\"font-size: 16pt;\"><span style=\"display: block;\"><span style=\"display: none;\">...<\/span><\/span><\/span><span style=\"font-size: 16pt;\"><span style=\"display: block;\"><span style=\"display: none;\">...<\/span><\/span>When they first introduced the tool it had some fail to exit code if it couldn\u2019t decode a line and it would halt the migration. They have since fixed that, however it <\/span><span style=\"font-size: 16pt;\">look<\/span><span style=\"font-size: 16pt;\"> something like this.<\/span><\/span><\/em><\/pre>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">INFO]\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">[32\/239] Added 3339 file entries in agent &#8216;033&#8217; database.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">INFO]\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Setting FIM database for agent &#8216;033&#8217; as completed&#8230;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">INFO]\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">[33\/239] Upgrading FIM database for agent &#8216;034&#8217;&#8230;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">INFO]\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">[33\/239] Added 61 file entries in agent &#8216;034&#8217; database.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">INFO]\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">[33\/239] Upgrading FIM database (<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">syscheck<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-registry) for agent &#8216;034&#8217;&#8230;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">2018-11-12 15:45:38 [<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ERROR]\u00a0 Couldn&#8217;t<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> decode line at <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">syscheck<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> database.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Traceback (most recent call last):<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 File <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;.\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">fim_migrate<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;, line 320, in &lt;module&gt;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 \u00a0 if not <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">check_file_entry<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">(<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agt<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">[<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">0], decoded[2], s):<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 File <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;.\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">fim_migrate<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;, line 91, in <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">check_file_entry<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 \u00a0 <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">msg<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> = <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">msg<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> + <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">cfile<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> + b&#8221;&#8216;;&#8221;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">TypeError<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">: cannot concatenate &#8216;str&#8217; and &#8216;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">NoneType<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8216; objects<\/span><\/span><span style=\"background-color: #fcfcfc;\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 16pt;\"><br \/>\nworking <\/span><span style=\"font-size: 16pt;\">migration tool <\/span><span style=\"font-size: 16pt;\">below<br \/>\n<\/span><\/span><a href=\"https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/3.7\/tools\/migration\/fim_migrate.py\" target=\"_blank\" rel=\"noopener\">https:\/\/raw.githubusercontent.com\/wazuh\/wazuh\/3.7\/tools\/migration\/fim_migrate.py<\/a><\/p>\n<\/li>\n<\/ul>\n<p><span class=\"HTMLPreformatted-H\"><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 14pt;\">2. error &#8220;<\/span><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 14pt;\">api<\/span><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 14pt;\"> version type mismatch 3.6.1&#8242;<\/span><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 14pt;\">&#8216; :<\/span><\/span><\/p>\n<ul>\n<li class=\"pmdi_content_wrapper\">\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 12pt;\">After the upgrade when you go into the <\/span><span style=\"font-size: 12pt;\">kibana<\/span><span style=\"font-size: 12pt;\"> interface and it does a <\/span><span style=\"font-size: 12pt;\">systems<\/span><span style=\"font-size: 12pt;\"> check you might see this error. <\/span><span style=\"font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12pt;\">Resolution :<\/span><\/span><\/p>\n<\/li>\n<li id=\"pmdi_list_31_0\" class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\" data-numid=\"31\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 12pt;\">First make sure all the app versions match.<br \/>\n<\/span><\/span><a href=\"https:\/\/documentation.wazuh.com\/current\/installation-guide\/compatibility_matrix\/index.html\" target=\"_blank\" rel=\"noopener\">https:\/\/documentation.wazuh.com\/current\/installation-guide\/compatibility_matrix\/index.html#api-and-kibana-app<\/a><\/li>\n<\/ul>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 173.25pt;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<ul>\n<li id=\"pmdi_list_31_0\" class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\" data-numid=\"31\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 12pt;\">Next run this on the server side to confirm they match<\/span><\/span><\/li>\n<li id=\"pmdi_list_31_1\" class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\" data-numid=\"31\"><span class=\"HTMLPreformatted-H\"><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">cat \/<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">usr<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">\/share\/<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">\/plugins\/<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">\/<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">package.json<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\"> | grep &#8211;<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">i<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\"> -E &#8220;<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">version|revision<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 12pt;\">&#8220;<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 173.25pt; text-indent: 6.75pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;version&#8221;: &#8220;3.7.0&#8221;,<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 137.25pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;revision&#8221;: &#8220;0413&#8221;,<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 137.25pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0 \u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> &#8220;version&#8221;: &#8220;6.4.3&#8221;<\/span><\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\"><span style=\"font-size: 12pt;\">If all <\/span><span style=\"font-size: 12pt;\">those match<\/span><span style=\"font-size: 12pt;\"> then you simply need to do the following to fix it.<\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_32_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"32\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Delete <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">the\u00a0<\/span><span style=\"border: solid #EAEAEA 0.75pt; padding: 0;\"><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">.<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">wazuh<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">-version<\/span><\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0index:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 18pt; margin-right: 1.8pt;\"><span class=\"Normal-H\"><span style=\"border: solid #CCCCCC 0.75pt; padding: 0;\"><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">curl -XDELETE <\/span><a href=\"http:\/\/elastic_ip:9200\/.wazuh-version\" target=\"_blank\" rel=\"noopener\">http:\/\/elastic_ip:9200\/.wazuh-version<\/a><\/span><\/span><\/p>\n<ul>\n<li id=\"pmdi_list_32_0\" class=\"ListParagraph-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"32\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Restart Kibana:<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 18pt; margin-right: 1.8pt;\"><span class=\"Normal-H\"><span style=\"border: solid #CCCCCC 0.75pt; padding: 0;\"><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">systemctl<\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\"> restart <\/span><span style=\"background-color: #f8f8f8; font-family: Consolas; color: #222222; font-size: 10pt;\">kibana<\/span><\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Wait for about 30 s &#8211; 1 min and now open a new window in your browser, then you should navigate without any more troubles regarding the version mismatching.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">Notes: <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">T<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">he <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">Wazuh<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\"> app creates that index when you restart Kibana if it\u2019s not present. <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span> If your standalone setup is using <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">localhost<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\"> then the curl command should be localhost and not the elastic <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">ip<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 16pt;\">.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-top: 5pt; margin-bottom: 5pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><strong><span class=\"Normal-H\">3. <\/span><\/strong><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 14pt;\">Items listed per screen when listing agents will default back to 17 items for screen and is extremely annoying. You will need to fix this in the following manner.<\/span><span style=\"font-family: Arial; color: #222222; font-size: 14pt;\">:<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"># <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">systemctl<\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"> stop <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">kibana<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Let&#8217;s open the file under \/usr\/share\/kibana\/plugins\/wazuh\/public\/templates\/agents-prev\/agents-prev.html and look for lines 103-109:<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">&lt;<\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">wz<\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">-table<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0<\/span><span style=\"font-family: Courier New; color: #660066; font-size: 10pt;\">flex<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0<\/span><span style=\"font-family: Courier New; color: #660066; font-size: 10pt;\">path<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">=<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;&#8216;\/agents'&#8221;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0<\/span><span style=\"font-family: Courier New; color: #660066; font-size: 10pt;\">keys<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">=<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;[&#8216;id&#8217;,{value:&#8217;name&#8217;,size:2},&#8217;ip&#8217;,&#8217;status&#8217;,&#8217;group&#8217;,&#8217;<\/span><a href=\"http:\/\/os.name\/\" target=\"_blank\" rel=\"noopener\">os.name<\/a><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8216;,&#8217;os.version&#8217;,&#8217;version&#8217;]&#8221;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0<\/span><span style=\"font-family: Courier New; color: #660066; font-size: 10pt;\">allow-click<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">=<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;true&#8221;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0<\/span><span style=\"font-family: Courier New; color: #660066; font-size: 10pt;\">row-sizes<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">=<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;[17,15,13]&#8221;<\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">&gt;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">&lt;\/<\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">wz<\/span><span style=\"font-family: Courier New; color: #000088; font-size: 10pt;\">-table&gt;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>The\u00a0<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 12pt;\">wz<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 12pt;\">-table<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0tag is related to a <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> custom directive which has parameters to easy change that limit.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Replace\u00a0<\/span><span style=\"background-color: #fafafa; font-family: Courier New; color: #008800; font-size: 12pt;\">[17,15,13]<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0by your desired size\u00a0<\/span><span style=\"background-color: #fafafa; font-family: Courier New; color: #008800; font-size: 12pt;\">[50,50,50]<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">, where each value refers to different screen sizes. Use 50 for all screen sizes,<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">and you&#8217;ll see 50 agents per page regardless your screen size. Use your desired value, it can be 100 or 150&#8230;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">My suggestion is to don&#8217;t increase\u00a0more than 50 (Angular performance reasons).<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Once you are done save and close the file. Now remove old bundles and check the permissions again:<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">rm\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">&#8211;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">rf\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">usr<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">share<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">optimize<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">bundles<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">chown<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">&#8211;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">R <\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">:<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">usr<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">share<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">optimize<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">chown<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">&#8211;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">R <\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">:<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">usr<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">share<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">plugins<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Restart Kibana:<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"># <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">systemctl<\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"> restart <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">kibana<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">It takes a few of minutes until it&#8217;s completed, you can check the status using the next command:<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"># <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">systemctl<\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"> status <\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\">kibana<\/span><span style=\"font-family: Courier New; color: #880000; font-size: 10pt;\"> -l<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">You&#8217;ll see &#8220;Optimizing&#8230;&#8221;, once you see &#8220;App ready to be used&#8221; you can remove cache\/cookies from your browser and type your App address for accessing it.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><strong><span class=\"Normal-H\">\u00a04.\u00a0<\/span><span style=\"font-family: Arial; color: #222222;\">Errors in <\/span><span style=\"font-family: Arial; color: #222222;\">wazuh<\/span><\/strong><span style=\"color: #222222;\"><strong style=\"font-family: Arial;\"> log after upgrade [FORBIDDEN\/12\/index read-only \/ allow<\/strong><span style=\"font-family: Arial;\">\u00a0<\/span><strong style=\"font-family: Arial;\">delete (<\/strong><\/span><strong><span style=\"font-family: Arial; color: #222222;\">api<\/span><span style=\"font-family: Arial; color: #222222;\">)];&#8221;}:<\/span><\/strong><strong><span class=\"ListParagraph-H\">\u00a0<\/span><\/strong><\/p>\n<p class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 67.5pt;\"><span class=\"ListParagraph-H\">\u00a0<\/span><\/p>\n<ul>\n<li id=\"pmdi_list__\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 67.5pt;\" data-numid=\"\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">If you see the following your wazuh.log<\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li id=\"pmdi_list__\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 67.5pt;\" data-numid=\"\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">tail -n500 \/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usr<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/share\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/optimize\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-logs\/wazuhapp.log<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.613Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Checking if <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern exists&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.625Z&#8221;,&#8221;level&#8221;:&#8221;error&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;[cluster_block_exception] blocked by: [FORBIDDEN\/12\/index read-only \/ allow delete (<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">api<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">)];&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.632Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Updating known fields for <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.646Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Didn&#8217;t find <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern for Kibana v<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">6.x.<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> Proceeding to create it&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.650Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createWazuhMonitoring]&#8221;,&#8221;message&#8221;:&#8221;No need to delete old <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.650Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][configureKibana]&#8221;,&#8221;message&#8221;:&#8221;Creating index pattern: wazuh-monitoring-3.x-*&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.658Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkAPIEntriesExtensions]&#8221;,&#8221;message&#8221;:&#8221;Successfully updated API entry extensions with ID: 1535484412304&#8243;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:24:15.660Z&#8221;,&#8221;level&#8221;:&#8221;error&#8221;,&#8221;location&#8221;:&#8221;[monitoring][configureKibana]&#8221;,&#8221;message&#8221;:&#8221;[cluster_block_exception] blocked by: [FORBIDDEN\/12\/index read-only \/ allow delete (<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">api<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">)];&#8221;<\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list__\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 67.5pt;\" data-numid=\"\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">This usually means that one of your partitions is near full and <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> goes into read only mode because of this, super annoying<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">\u2026..<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">To fix this you <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">must<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> :<\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_29_3\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"29\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">first add diskspace to your <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">lvm<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">, if you don\u2019t know how to do this <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">look it up\u2026<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">haha<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> \ud83d\ude1b<\/span><\/span><\/li>\n<li id=\"pmdi_list_29_3\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"29\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">The you must go into the <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> interface and under <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">under<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> dev tools run the following<\/span><\/span><\/li>\n<li id=\"pmdi_list__\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"\"><span class=\"ListParagraph-H\"><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">PUT <\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">wazuh<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">&#8211;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">monitoring<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">-*\/<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">_settings<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">{<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0 \u00a0\u00a0<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;index&#8221;<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">:<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">{<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0 \u00a0 \u00a0 \u00a0\u00a0<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;blocks&#8221;<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">:<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">{<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">read_only_allow_delete<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">:<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0<\/span><span style=\"font-family: Courier New; color: #008800; font-size: 10pt;\">&#8220;false&#8221;<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0 \u00a0 \u00a0 <\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\">\u00a0\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">}<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span>\u00a0 \u00a0\u00a0<\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">}<\/span><span style=\"font-family: Courier New; color: #000000; font-size: 10pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Courier New; color: #666600; font-size: 10pt;\">}<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #fafafa; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"><span style=\"display: block;\"><span style=\"display: none;\">&#8230;<\/span><\/span><\/span><\/span><\/li>\n<li><span class=\"ListParagraph-H\"><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 12pt;\">Make sure to restart <\/span><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"background-color: #ffffff; font-family: Arial; color: #222222; font-size: 12pt;\">:<\/span><\/span>\n<ul>\n<li><em>systemctl restart kibana<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Once <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> is restarted the log should look show <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">something like<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> this.<\/span><\/span><\/p>\n<ul>\n<li><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">tail -n500 \/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usr<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/share\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/optimize\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-logs\/wazuhapp.log<\/span><\/span><\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-23T00:00:02.464Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">Note: Initially you might only see on entry for that day, however after a few days the logs will look like this.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-22T14:25:09.166Z&#8221;,&#8221;level&#8221;:&#8221;error&#8221;,&#8221;location&#8221;:&#8221;[monitoring][configureKibana]&#8221;,&#8221;message&#8221;:&#8221;[cluster_block_exception] blocked by: [FORBIDDEN\/12\/index read-only \/ allow delete (<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">api<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">)];&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-23T00:00:02.464Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-24T00:00:01.894Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-25T00:00:02.055Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-26T00:00:01.983Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-27T00:00:02.785Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-28T00:00:02.458Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T00:00:02.163Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:46.871Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize]&#8221;,&#8221;message&#8221;:&#8221;Kibana index<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">: .<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">kibana<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8220;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:46.874Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize]&#8221;,&#8221;message&#8221;:&#8221;App revision: 0413&#8243;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:46.874Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][configuration]&#8221;,&#8221;message&#8221;:&#8221;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh.monitoring<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">.enabled: true&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:46.874Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][configuration]&#8221;,&#8221;message&#8221;:&#8221;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh.monitoring<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">.frequency: 3600 (0 *\/60 * * * *) &#8220;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:46.874Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][checkKibanaStatus]&#8221;,&#8221;message&#8221;:&#8221;Waiting for Kibana and Elasticsearch servers to be ready&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.241Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkWazuhIndex]&#8221;,&#8221;message&#8221;:&#8221;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Checking .<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.241Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkWazuhVersionIndex]&#8221;,&#8221;message&#8221;:&#8221;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Checking .<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-version index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.246Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Creating\/Updating <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-agent template&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.246Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][checkTemplate]&#8221;,&#8221;message&#8221;:&#8221;Updating <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring template&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.945Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;x-pack enabled: no&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.999Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;Found 2 index patterns&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.999Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;Found 1 valid index patterns for <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> alerts&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.999Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;Default index pattern found&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:48.999Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;Refreshing known fields for \\&#8221;index-<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">pattern:wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-alerts-3.x-*\\&#8221;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.092Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkKnownFields]&#8221;,&#8221;message&#8221;:&#8221;App ready to be used.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.181Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkAPIEntriesExtensions]&#8221;,&#8221;message&#8221;:&#8221;Checking extensions consistency for all API entries&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.188Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[initialize][checkAPIEntriesExtensions]&#8221;,&#8221;message&#8221;:&#8221;Successfully updated API entry extensions with ID: 1535484412304&#8243;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.266Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Creating today index&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.295Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Checking if <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern exists&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.314Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Updating known fields for <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern&#8230;&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-29T14:41:49.320Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][init]&#8221;,&#8221;message&#8221;:&#8221;Skipping <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">-monitoring pattern creation. Already exists.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-11-30T00:00:01.567Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-01T00:00:02.368Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-02T00:00:01.297Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-03T00:00:02.052Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-04T00:00:01.602Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-05T00:00:01.886Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">{&#8220;date&#8221;:&#8221;2018-12-06T00:00:02.870Z&#8221;,&#8221;level&#8221;:&#8221;info&#8221;,&#8221;location&#8221;:&#8221;[monitoring][createIndex]&#8221;,&#8221;message&#8221;:&#8221;Successfully created today index.&#8221;}<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><strong><span class=\"Normal-H\">\u00a05.\u00a0<\/span><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Setup <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">DiskSpaceWatch<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> Cron:<\/span><\/span><\/strong><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_33_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"33\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">I was getting annoyed with having to deal with the diskspace issues which leads to loss of logs and therefore setup a little <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">bash <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">script called \u201c\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usr<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/bin\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">diskspacewatch<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u201d<\/span><\/span><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">The script runs as root <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">cron<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> every 30 mins<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">, to get to the <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">cron<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> type \u2018crontab -e\u2019<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">#!\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">bin\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">sh<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">df -h | grep &#8211;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">vE<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> &#8216;^<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Filesystem|tmpfs|cdrom<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8216; | <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">awk<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8216;{ print<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> $5 &#8221; &#8221; $1 }&#8217; | while read output;<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">do<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> echo $output<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usep<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">=$(echo $output | <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">awk<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8216;{ print<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> $1}&#8217; | cut -d&#8217;%&#8217; -f1 )<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> partition=$(echo $output | <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">awk<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8216;{ print<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> $2 }&#8217; )<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> if [ $<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usep<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> &#8211;<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ge<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">75 ]<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">; then<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> echo &#8220;Running out of space!! on <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> production server. Add space or <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> will go into read only mode. \\&#8221;$partition ($<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usep<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">%)\\<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">&#8221; on $(hostname) as on $(date)&#8221; |<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> mail -s &#8220;Alert: Almost out of disk space, add diskspace to <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuhprod<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> server. $<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">usep<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">%&#8221; nick@nicktailor.com<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> fi<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 36pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">done<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_33_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"33\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">If any of the partitions reach 75 <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">percent<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> it will send out an email alert to nick@nicktailor.com<\/span><\/span><\/li>\n<li id=\"pmdi_list_33_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"33\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">This is to help avoid log loss from <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> going into read only mode because of diskspace.<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 49.5pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_29_1\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"29\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Upgrading <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> agents to 3.7<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 67.5pt;\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">Note: <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">Lastly<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> They say in <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">wazuh<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> documentation that the agent is backwards compatible however this is not true in my opinion. Reason being features stop working and now require you to update all the agents. This is not a simple as simply updating the agent&#8230;.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 90pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_34_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"34\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">If you attempt to update the agent simply by yum or apt. It will result in the agent <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">loosing<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> the manager <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ip<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> and key created.<\/span><\/span><\/li>\n<li id=\"pmdi_list_34_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"34\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">This <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">particular piece<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> of the upgrade is something that you should test in a test environment by cloning your entire system to a dev one and running simulations. I learned this the hard way and how to be inventive to get it working.<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_29_3\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"29\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">There is an <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> tool they provide which is supposed to download the new agent, install, and recopy the manager <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ip<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> and key to the agent all in one go<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_36_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">List out the agents that need to be upgraded<\/span><\/span><\/li>\n<li id=\"pmdi_list_36_1\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/var\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ossec<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/bin\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> -l<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Example.<\/span><\/span><\/p>\n<p>Example.<\/p>\n<p>waz01 ~]# \/var\/ossec\/bin\/agent_upgrade -l<\/p>\n<p>ID\u00a0\u00a0\u00a0 Name\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Version<\/p>\n<p>003\u00a0\u00a0 centosnewtemp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.6.0<\/p>\n<p>165\u00a0\u00a0 test1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.6.1<\/p>\n<p>192\u00a0\u00a0 test2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.6.1<\/p>\n<p>271\u00a0\u00a0 test3\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Wazuh v3.3.1<\/p>\n<p>277\u00a0\u00a0 test4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.3.1<\/p>\n<p>280\u00a0\u00a0 test5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.3.1<\/p>\n<p>306\u00a0\u00a0 test6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Wazuh v3.3.1<\/p>\n<p>313\u00a0\u00a0 test6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Wazuh v3.3.1<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_36_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Manual update of <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">(<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Successful)<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"># \/var\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ossec<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/bin\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> -d -a 003<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Manager version: v3.7.0<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Agent version: v3.3.1<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Agent new version: v3.7.0<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">WPK file already downloaded: \/var\/<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">ossec<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">\/var\/upgrade\/wazuh_agent_v3.7.0_windows.wpk &#8211; SHA1SUM: 79678fd4ab800879aacd4451a64e799c62688b64<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Upgrade PKG: wazuh_agent_v3.7.0_windows.wpk (2108 KB)<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com open <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">wb<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\"> wazuh_agent_v3.7.0_windows.wpk<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">lock_restart<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\"> -1<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Chunk size: 512 bytes<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Sending: \/var\/<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">ossec<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">\/var\/upgrade\/wazuh_agent_v3.7.0_windows.wpk<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com close wazuh_agent_v3.7.0_windows.wpk<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com sha1 wazuh_agent_v3.7.0_windows.wpk<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok 79678fd4ab800879aacd4451a64e799c62688b64<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">WPK file sent<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com upgrade wazuh_agent_v3.7.0_windows.wpk upgrade.bat<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok 0 <\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">Upgrade procedure started<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">upgrade_result<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: err Maximum attempts exceeded<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">upgrade_result<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: err Cannot read <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">upgrade_result<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\"> file.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">MSG SENT: 271 com <\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">upgrade_result<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 10pt;\">RESPONSE: ok 0<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Agent upgraded successfully<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 162pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_36_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Using the list provided by <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> you can copy the agent <\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">id\u2019s<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> to a txt file like <\/span><\/span><\/li>\n<li id=\"pmdi_list_36_1\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">vi a<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">gentupgrade.txt<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 216pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">003<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 216pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">165<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 216pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">192<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 216pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">271<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal; margin-left: 216pt;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">Etc<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u2026<\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_36_0\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">You can then use a for loop like so to cycle through the list<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li id=\"pmdi_list_36_1\" class=\"ListParagraph-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\" data-numid=\"36\"><span class=\"ListParagraph-H\"><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 14pt;\">for name in `cat agentupgrade.txt`; do \/var\/<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 14pt;\">ossec<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 14pt;\">\/bin\/<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 14pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; font-style: italic; color: #222222; font-size: 14pt;\"> -a $name; echo $name; done<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><span class=\"Normal-H\"><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">Notes: <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">E<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">xit<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">ing<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> the script once its running as it may cause issues as I didn\u2019t put in any error fail to exit <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">obviously.<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">.<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> The other issue I did notice that windows 2016 and windows 7 machines had issues updating the agent I saw the following errors as indicated below. This would update the agent, and then timeout without reinputting the manager <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">ip<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> and key. I had to manually update the failed machines as <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">Wazuh<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> was unable to provide me with answer as to why it was failing. I was able to replicate the issue on 50 machines. <\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\">So<\/span><span style=\"font-family: Arial; font-weight: bold; font-style: italic; color: #222222; font-size: 12pt;\"> in short if your going to upgrade and have 1000 machines. I highly recommend doing lots of simulations before you upgrade as this is one the most important parts of the upgrade. If they fail to mention in their documentation.<\/span><\/span><\/p>\n<p class=\"Normal-P\" style=\"margin-bottom: 0pt; background-color: #ffffff; vertical-align: baseline; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p><strong>Errors:<\/strong><\/p>\n<p class=\"Normal-P\" style=\"background-color: #ffffff; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\"><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"># \/var\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">ossec<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">\/bin\/<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\">agent_upgrade<\/span><span style=\"font-family: Arial; color: #222222; font-size: 12pt;\"> -d -a 298<\/span><\/span><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p>Manager version: v3.7.0<\/p>\n<p>Agent version: v3.3.1<\/p>\n<p>Agent new version: v3.7.0<\/p>\n<p>WPK file already downloaded: \/var\/ossec\/var\/upgrade\/wazuh_agent_v3.7.0_windows.wpk &#8211; SHA1SUM: 79678fd4ab800879aacd4451a64e799c62688b64<\/p>\n<p>Upgrade PKG: wazuh_agent_v3.7.0_windows.wpk (2108 KB)<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>MSG SENT: 298 com open wb wazuh_agent_v3.7.0_windows.wpk<\/p>\n<p>RESPONSE: err Maximum attempts exceeded<\/p>\n<p>Error 1715: Error sending WPK file: Maximum attempts exceeded<\/p>\n<p>Traceback (most recent call last):<\/p>\n<p>File &#8220;\/var\/ossec\/bin\/agent_upgrade&#8221;, line 165, in &lt;module&gt;<\/p>\n<p>main()<\/p>\n<p>File &#8220;\/var\/ossec\/bin\/agent_upgrade&#8221;, line 119, in main<\/p>\n<p>rl_timeout=-1 if args.timeout == None else args.timeout, use_http=use_http)<\/p>\n<p>File &#8220;\/var\/ossec\/bin\/..\/framework\/wazuh\/agent.py&#8221;, line 2206, in upgrade<\/p>\n<p>show_progress=show_progress, chunk_size=chunk_size, rl_timeout=rl_timeout, use_http=use_http)<\/p>\n<p>File &#8220;\/var\/ossec\/bin\/..\/framework\/wazuh\/agent.py&#8221;, line 2102, in _send_wpk_file<\/p>\n<p>raise WazuhException(1715, data.replace(&#8220;err &#8220;,&#8221;&#8221;))<\/p>\n<p>wazuh.exception.WazuhException: Error 1715 &#8211; Error sending WPK file: Maximum attempts exceeded<\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"HTMLPreformatted-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"HTMLPreformatted-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"background-color: #fcfcfc; direction: ltr; unicode-bidi: normal; margin-left: 18pt;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n<p class=\"Normal-P\" style=\"direction: ltr; unicode-bidi: normal;\"><span class=\"Normal-H\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Upgrade from the same major version (3.x) The following steps show how to upgrade to the latest available version of Wazuh 3.x (which implies upgrading to the latest version of Elastic Stack 6.x). Starting the upgrade If you followed our\u00a0manager\u00a0or\u00a0agents\u00a0installation guides, probably you disabled the repository in order to avoid undesired upgrades. It\u2019s necessary to enable them again to get<a href=\"https:\/\/nicktailor.com\/tech-blog\/how-to-properly-upgrade-wazuh-with-a-major-update-standalone-setup\/\" class=\"read-more\">Read More &#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58,138,56],"tags":[],"class_list":["post-902","post","type-post","status-publish","format-standard","hentry","category-centos","category-linux","category-wazuh"],"_links":{"self":[{"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/posts\/902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/comments?post=902"}],"version-history":[{"count":12,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/posts\/902\/revisions"}],"predecessor-version":[{"id":1630,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/posts\/902\/revisions\/1630"}],"wp:attachment":[{"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/media?parent=902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/categories?post=902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nicktailor.com\/tech-blog\/wp-json\/wp\/v2\/tags?post=902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}