Wazuh Cluster Setup | Wazuh Cluster Deployment | Install Wazuh Cluster
Table of Contents
Introduction
This tutorial provides a step-by-step guide on setting up a Wazuh cluster, an open-source security monitoring tool, on a CentOS Linux environment. The Wazuh cluster enhances the scalability and performance of the Wazuh deployment, making it suitable for monitoring multiple nodes effectively.
Step 1: Prepare Your Environment
Before installing Wazuh, ensure that your environment is ready. Follow these actions:
-
System Requirements
- Ensure you have at least three CentOS virtual machines (VMs) for the cluster setup.
- Recommended specs per VM:
- 2 CPU cores
- 4 GB RAM
- 20 GB disk space
-
Install Required Packages
- Update your system and install necessary packages by running:
sudo yum update -y sudo yum install curl apt-transport-https -y
- Update your system and install necessary packages by running:
Step 2: Install Wazuh Manager
The Wazuh manager is the core component that analyzes and correlates data.
-
Add the Wazuh repository
- Run the following command to add the Wazuh repository:
curl -s https://packages.wazuh.com/4.x/yum/DOWNLOAD/GPG-KEY-WAZUH | sudo gpg --dearmor --yes -o /etc/yum.repos.d/wazuh.repo
- Run the following command to add the Wazuh repository:
-
Install the Wazuh manager
- Execute:
sudo yum install wazuh-manager -y
- Execute:
Step 3: Install Wazuh Indexer
The Wazuh indexer stores and retrieves data efficiently.
-
Install the Wazuh indexer
- Run:
sudo yum install wazuh-indexer -y
- Run:
-
Configure the indexer
- Edit the configuration file at
/etc/wazuh-indexer/wazuh-indexer.ymlaccording to your cluster specifications.
- Edit the configuration file at
Step 4: Install Wazuh Dashboard
The Wazuh dashboard provides a graphical interface for management and monitoring.
-
Install the Wazuh dashboard
- Execute:
sudo yum install wazuh-dashboard -y
- Execute:
-
Configure the dashboard
- Set up the dashboard by editing the configuration file located at
/etc/wazuh-dashboard/wazuh_dashboard.yml.
- Set up the dashboard by editing the configuration file located at
Step 5: Configure the Cluster
Now, configure the Wazuh cluster to ensure proper communication among nodes.
-
Edit the Wazuh manager configuration
- Open the configuration file:
sudo nano /var/ossec/etc/ossec.conf - Add the cluster configuration settings such as cluster name, manager IP addresses, and node type.
- Open the configuration file:
-
Restart Wazuh services
- Restart the Wazuh manager and indexer services for the changes to take effect:
sudo systemctl restart wazuh-manager sudo systemctl restart wazuh-indexer
- Restart the Wazuh manager and indexer services for the changes to take effect:
Step 6: Verify the Installation
Ensure that all components are running smoothly.
-
Check service status
- Run the following command to verify the Wazuh manager and indexer services:
sudo systemctl status wazuh-manager sudo systemctl status wazuh-indexer
- Run the following command to verify the Wazuh manager and indexer services:
-
Access the dashboard
- Open a web browser and navigate to
http://<your-dashboard-ip>:5601to access the Wazuh dashboard.
- Open a web browser and navigate to
Conclusion
You have successfully set up a Wazuh cluster on CentOS. This deployment allows for efficient security monitoring across multiple nodes. As next steps, consider configuring additional settings specific to your environment, integrating agents for endpoint security, and exploring the extensive capabilities of Wazuh for threat detection and compliance.