Dash Board install

Team: Wazuh-Dashboard · Published to class

Category: Installments · Last updated 2025-12-02 09:12 · by red5839

  1. Downloading the Installer and Config File I started by downloading the Wazuh installation script: curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh

Then I downloaded the configuration file: curl -sO https://packages.wazuh.com/4.14/config.yml

I edited config.yml and set the IP addresses and node names: Indexer: 10.3.120.3 (Wazuh-Indexer1) Server: 10.3.120.4 (Wazuh-Server1) Dashboard: 10.3.120.5 (Wazuh-Dashboard)

  1. Generating the Installation Files I generated the installer bundle with: sudo bash wazuh-install.sh --generate-config-files

This created the file: wazuh-install-files.tar This tar file contains the certificates and passwords needed for installing the dashboard.

  1. First Dashboard Install Attempt (Failed) I ran: bash wazuh-install.sh --wazuh-dashboard Wazuh-Dashboard

The installer gave this error and quit: Wazuh indexer security settings not initialized. This means the Indexer cluster had not been fully initialized, so the dashboard refused to install.

  1. Initializing the Indexer On the indexer node, I ran: sudo bash wazuh-install.sh --start-cluster

This completed the Indexer cluster initialization.

  1. Second Dashboard Install Attempt (Still Failed) Even after initializing the Indexer, the dashboard installer still failed because the wazuh-install-files.tar was generated before the Indexer cluster was initialized. This caused a certificate mismatch. The dashboard refused to install.

  2. Forcing the Dashboard Installation I attempted to force the install with: sudo bash wazuh-install.sh --wazuh-dashboard Wazuh-Dashboard -fd

The installer printed a summary saying the installation finished, but the dashboard never actually installed or started.

  1. Checking the Dashboard Status I checked whether the dashboard was running: sudo systemctl status wazuh-dashboard

Most of the time the service did not exist. Other times it existed but immediately crashed. Error messages included: Unknown configuration key Invalid namespace FATAL error

  1. Checking the Dashboard Port The dashboard should listen on port 443. I used: sudo ss -tlnp | grep 443

There was nothing listening on this port. This confirmed that the dashboard was not running.

  1. Curl Test I tested the dashboard URL from the dashboard VM: curl -k https://10.3.120.5

The output was always: Wazuh dashboard server is not ready yet This is a placeholder page that appears when the real dashboard fails to start. It is not the actual dashboard.

  1. Checking Logs To view dashboard logs, I used: sudo journalctl -u wazuh-dashboard -n 50 --no-pager

These logs showed repeated errors: ResponseError Unable to verify the first certificate Unknown configuration key FATAL All of these showed that the dashboard backend failed to initialize.

  1. Checking the Dashboard Configuration File I opened the configuration file: sudo nano /etc/wazuh-dashboard/opensearch_dashboards.yml

This file contained invalid and outdated settings. Because of these invalid keys, the dashboard immediately crashed on startup every time.

  1. Verifying Ports Again sudo ss -tlnp

Only ports 22 and 53 were listening. There was no 443 or 5601 port active, confirming again that the dashboard did not install.

  1. Full Uninstall on the Dashboard Node To completely remove the dashboard, I ran: sudo systemctl stop wazuh-dashboard sudo apt remove --purge wazuh-dashboard -y sudo apt autoremove -y sudo rm -rf /etc/wazuh-dashboard sudo rm -rf /usr/share/wazuh-dashboard sudo rm -rf /var/log/wazuh-dashboard sudo rm -rf /var/lib/wazuh-dashboard sudo rm -f /home/administrator/wazuh-install-files.tar sudo rm -f /home/administrator/wazuh-certificates.tar sudo rm -rf /home/administrator/wazuh-install-files sudo rm -rf /home/administrator/wazuh-certificates sudo rm -f /home/administrator/wazuh-install.sh

This fully reset the dashboard VM to a clean state.

  1. Fresh Install Attempt Using the Indexer’s Tar File On the indexer, I created a new tar file after the cluster was initialized: sudo bash wazuh-install.sh --generate-config-files

Then I transferred it to the dashboard VM: scp wazuh-install-files.tar administrator@10.3.120.5:/home/administrator/

On the dashboard VM, I extracted the tar: tar -xf wazuh-install-files.tar

Downloaded a fresh installer: curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh

Then attempted the fresh install: sudo bash wazuh-install.sh --wazuh-dashboard Wazuh-Dashboard -fd

  1. Fresh Install Still Failed

Decided to try agin after a week with another fresh intall in entered bash wazuh-install.sh --wazuh-dashboard Wazuh-Dashboard This time, the installation worked with no issues. The previous failures were likely caused by: security initialization timing issues

certificate mismatches

or partial leftover configs

After installation, I reset the password for: daredevil-amusement2-expansion