Wazuh is a great EDR (Endpoint Detection and Response) system. It’s free, easy to setup, which I’ve covered in another post:
When things go wrong
You may set up a wazuh server, and forget about it. Or perhaps you’ve lost track of it and get it back online only to discover the UI isn’t loading. So here are some quick things to check with Wazuh:
Wazuh Manager Status
On an ubuntu install, you can check if the Wazuh manager is running fine by running:
sudo systemctl status wazuh-manager
It should return some output with a green status for “active (running)”. If not, restart it with:
sudo systemctl restart wazuh-manager
After waiting a few minutes after start, re-run the status check. It should be up now.
Wazuh Dashboard Status
Check the Wazuh dashboard status with:
sudo systemctl status wazuh-dashboard
If it’s not showing a value like “active (running)” then restart it with:
sudo systemctl restart wazuh-dashboard
Remember to use HTTPS
Unless you provide your own cert, Wazuh will use its own self-signed. In other words, if the manager and dashboard services are running, you may still find the UI isn’t loading. Make sure you are pointing to:
https://[wazuh server ip]
If it’s a self-signed cert, you’ll likely get a page saying something about this is dangerous and you should “go back” but you’ll need to click “advanced” and choose to continue to trust your Wazuh server.