Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extensions added in wazuh.yml not working #3640

Closed
teddytpc1 opened this issue Sep 30, 2021 · 3 comments
Closed

Extensions added in wazuh.yml not working #3640

teddytpc1 opened this issue Sep 30, 2021 · 3 comments
Assignees
@yenienserrano
Labels
component/modules Issues related to the App modules, and its handling type/bug Bug issue

Comments

@teddytpc1
Copy link
Member

Wazuh Elastic Rev Security
4.2.0 7.10.2 4201-11 ODFE
Browser
Chrome

Description
I have made some changes to the wazuh.yml in order to add the AWS and Docker extensions. Those changes did not take effect so I enabled those modules in the Kibana Web UI to make it work. Example of the file:

# BEGIN ANSIBLE MANAGED BLOCK
hosts:
  - env-1:
     url: https://IP1
     port: 55000
     username: wazuh
     password: wazuh
     run_as: false
     extensions.aws: true
     extensions.docker: true
  - env-2:
     url: https://IP2
     port: 55000
     username: wazuh
     password: wazuh
     run_as: false
     extensions.aws: true
     extensions.docker: true
# END ANSIBLE MANAGED BLOCK

Reviewing the files located in /usr/share/kibana/data/wazuh/config I realized that the change in the Web UI had impacted in the wazuh-registry.json.

The issue is that the documentation does not say anything about that file (wazuh-registry.json):
https://documentation.wazuh.com/current/user-manual/kibana-app/reference/config-file.html#extensions-docker

The change works If I modify the wazuh-registry.json to enable those modules or if I enable them using the Kibana Web UI. But I need to automate it so the Kibana method is not an option.

Preconditions

  1. Configure a new Demo Environment.
  2. The Demo Env. has the following architecture:
    MultitenantWazuh

Steps to reproduce

  1. Modify the wazuh.yml in the Wazuh Kibana App installation.
  2. Login to Kibana and go the Modules directory
  3. The AWS and Docker extensions are not being showed.

Expected Result

  1. The AWS and Docker being listed:
    Screenshot from 2021-09-30 12-23-51

Actual Result

  1. Modules directory without those links:
    Screenshot from 2021-09-30 12-25-18
@teddytpc1 teddytpc1 added the type/bug Bug issue label Sep 30, 2021
@snaow snaow moved this to Triage in Release 4.4.0 Jun 13, 2022
@davidjiglesias davidjiglesias moved this to Triage in Release 4.3.6 Jun 30, 2022
@davidjiglesias davidjiglesias moved this from Triage to Todo in Release 4.3.6 Jun 30, 2022
@gdiazlo
Copy link
Member

gdiazlo commented Jul 1, 2022

We will update the documentation to reflect the actual behavior of these settings.

@yenienserrano yenienserrano self-assigned this Jul 7, 2022
@yenienserrano yenienserrano moved this from Todo to In Progress in Release 4.3.6 Jul 7, 2022
@yenienserrano yenienserrano added the component/modules Issues related to the App modules, and its handling label Jul 8, 2022
@yenienserrano
Copy link
Member

The extensions configuration is not divided by host, it is a global configuration, so to see the extensions you want when new hosts are added, you have to configure it outside the host configurations at the same level as the word hosts.

for example:

hosts:
  - env-1:
     url: https://IP1
     port: 55000
     username: wazuh-wui
     password: wazuh-wui
     run_as: true
  - env-2:
     url: https://IP2
     port: 55000
     username: wazuh-wui
     password: wazuh-wui
     run_as: true

extensions.aws: true
extensions.docker: true

Screenshot:
image

@yenienserrano yenienserrano mentioned this issue Jul 8, 2022
Merged
5 tasks
@AlexRuiz7 AlexRuiz7 moved this from In Progress to Blocked in Release 4.3.6 Jul 11, 2022
@AlexRuiz7
Copy link
Member

Blocked by wazuh/wazuh-documentation#5452

Repository owner moved this from Blocked to Done in Release 4.3.6 Jul 13, 2022
@gdiazlo gdiazlo mentioned this issue Jul 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yenienserrano yenienserrano

Labels
component/modules Issues related to the App modules, and its handling type/bug Bug issue
Projects
No open projects
Release 4.3.6
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gdiazlo @AlexRuiz7 @teddytpc1 @yenienserrano