I freshly installed Ossec and required Kibana for visual log report and dashboard, but after following steps https://www.linode.com/docs/guides/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh/ all service status checks out good, but I'm receiving error on the browser "Kibana server is not ready" can anyone please assist a newbie resolve this?
Thanks for your reply
I have the output from curl -XGET localhost:9200/ check out fine. See out below and advise next steps please
curl -XGET localhost:9200/
'''
{
"name" : "uTdBreY",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "D6ikruyIRqifjmhpla08NA",
"version" : {
"number" : "6.5.2",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "9434bed",
"build_date" : "2018-11-29T23:58:20.891072Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
'''
Please note that 6.5 has been EOL for some time now. You should be using 7.10.1 as the current latest release.
Ok but what about the Kibana logs?
Okay, so I might need to upgrade elasticsearch???
Here are the logs from kibana
{"type":"log","@timestamp":"2021-01-05T07:35:08Z","tags":["info","optimize"],"pid":52064,"message":"Optimizing and caching bundles for graph, monitoring, space_selector, login, logout, ml, dashboardViewer, apm, canvas, infra, wazuh, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}
{"type":"log","@timestamp":"2021-01-05T07:43:31Z","tags":["pid","warning"],"pid":"53393","path":"/var/run/kibana.pid","message":"pid file already exists at /var/run/kibana.pid"}
{"type":"log","@timestamp":"2021-01-05T07:43:48Z","tags":["info","optimize"],"pid":53393,"message":"Optimizing and caching bundles for graph, monitoring, space_selector, login, logout, ml, dashboardViewer, apm, canvas, infra, wazuh, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}
Definitely start there.
Could you point me to any useful link on how to successfully update the elasticsearch?
https://www.elastic.co/guide/en/elastic-stack/7.10/upgrading-elastic-stack.html is the best place for that 
Thanks so much for your assistance.
I have upgraded successfully to 7.10....What do I do next, the Kibana server is still not ready
[root@fim ~]# curl -XGET localhost:9200/
{
"name" : "fim.naira.com",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "D6ikruyIRqifjmhpla08NA",
"version" : {
"number" : "7.10.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "1c34507e66d7db1211f66f3513706fdf548736aa",
"build_date" : "2020-12-05T01:00:33.671820Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
Kibanalog.txt output
{"type":"log","@timestamp":"2021-01-05T10:14:30Z","tags":["info","optimize"],"pid":77280,"message":"Optimizing and caching bundles for graph, monitoring, space_selector, login, logout, ml, dashboardViewer, apm, canvas, infra, wazuh, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}
{"type":"log","@timestamp":"2021-01-05T10:24:59Z","tags":["pid","warning"],"pid":"78860","path":"/var/run/kibana.pid","message":"pid file already exists at /var/run/kibana.pid"}
{"type":"log","@timestamp":"2021-01-05T10:25:17Z","tags":["info","optimize"],"pid":78860,"message":"Optimizing and caching bundles for graph, monitoring, space_selector, login, logout, ml, dashboardViewer, apm, canvas, infra, wazuh, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.