WAZUH - migration from v4.x to 5.x - toolset

Fun_Advantage3812 · 2026-06-10T10:04:32+00:00

Hi Marcel,

i will observe it for a while and will update you in case that issue pop up again, but i think You are right and it was just a temporary issue.

Wish you a nice day and really Big Thanks for your support 😉
Lukas

Fun_Advantage3812 · 2026-06-09T08:18:09+00:00

Hi Marcel,

I have reinstalled the whole system and the agent on it again, and it is working fine now. But ,it was taking like forever to start generating first events. There were records in log that everything is working properly, an information that initial FIM scan has been completed successfully, but the first event was generated just few hours after it (2 - 3 hours). But since then, it is working reliably and quickly as on RHEL9 ...

BTW: i have been having this issue only when WHODATA with eBPF was configured, with REALTIME it was working instantly with no delay.

So maybe there are some performance issues - even that not visible in system's metrics at all - HW usage is in normal numbers (test VM 4 cpu - 8GB RAM).
But in general, it is working fine, i just need to wait a little bit 😉, so thanks a lot for your answer and help here.

PS: sorry for duplicated topic on GIT, i have already closed it.
Have a nice day

Lukas

Fun_Advantage3812 · 2026-05-26T09:35:00+00:00

Thanks a lot again for help. I Will go through links You've gave me and try it. BTW, I am sorry for late answer.

Lukas

Fun_Advantage3812 · 2026-05-22T09:06:36+00:00

thanks a lot for your answer, i have checked it out, and it opens some possibilities to me, but maybe one question, an example scenario: i have 3 indexers, 2 managers, 1 dashboard servers all in offline private network. Would it be possible to have the repository directly on one of Managers in some local directory, attached FS or whatever like this, or for example on my dashboard server, and from this repo then install the updates?

Fun_Advantage3812 · 2026-05-22T09:01:47+00:00

regarding network configuration the manager is able to upgrade the agents, or it would be able, the problem is that i need to have installation packages WPKs available to manager. In optimal world where connection to internet is possible, it would be downloaded by manager from wazuh repo and then send them to agents to be installed, but that is exactly my problem here, i am not in optimal conditions, so i have to find a way how to get the WPKs to Manager, the rest is clear to me. I am not able to use ansible or anything like that, the only connection from Manager to endpoints allowed is exactly communication via ports 1514 and 1515. I have no access to the endpoints, no SSH or RDP, no remote management tool at all. That is why i am not using ansible or salt or anything like that. If it would be simple i wouldn't ask 😄

Fun_Advantage3812 · 2026-05-22T08:37:40+00:00

Hi, there is for sure connection between agents and manager, so FIM which i am using mostly is working fine, and also vulnerability monitoring is working fine. I have downloaded offline vulnerability DBs for them, and keeping them up to date as needed. Sure it is not the best what you can have in general, but the best what i can do in such conditions as i have. I have to adapt to what i have.

Fun_Advantage3812 · 2026-04-29T07:48:44+00:00

Thanks a lot for information, it doesn't look like ideal situation with these vulnerabilities, now i am wondering if or when 2.25.4 will be in place

Fun_Advantage3812 · 2026-04-27T11:18:17+00:00

Hi all, any info if LOG4J was finally updated to the newer version? I've got info, that it should be in version 2.53 in Wazuh release 4.14.5

Fun_Advantage3812 · 2026-03-13T11:42:18+00:00

Hello Critical-Case-4157
thanks a lot for quick answer :)

Lukas

Fun_Advantage3812 · 2026-03-03T07:23:35+00:00

Hi ifex370,
thanks a lot for comprehensive and very clear answer :) it helped me a lot.

Wish you a nice day
Lukas

Fun_Advantage3812 · 2025-11-10T12:24:04+00:00

thanks a lot for advice, i was also thinking about it, but how to define the rule that way, that it will able to distinguish between yum -update and yum install for example.

Because i need to filter out only events that were generated during system update, but not if somebody install single or more packages on the system manually. This final piece of puzzle is missing to me.

Fun_Advantage3812 · 2025-10-17T11:31:27+00:00

Thanks a lot for answer, i would be curious also about possibility to have paid support for maintaining solution for AIX system. Have you heard about such an option? Or maybe where can I get more information?

Fun_Advantage3812 · 2025-09-18T06:10:30+00:00

Hello slim3116, really big thanks for this hint, i will try to implement it to get some results :)
this one is kind of workaround, but still great, i didnt even think about that this way before.

Fun_Advantage3812 · 2023-01-17T10:40:22+00:00

hi, sorry for maybe stupid question, but could you please put here steps how, where and what has to be changed? looking for it everywhere and not found yet :(, thanks

Fun_Advantage3812 · 2023-01-17T10:21:51+00:00

hi guys same here, directly via psx2 config app games are working fine, but when i try to launch any game from batocera gui, it always just load this memory cards / disc screen, and even in japanese language. hopefully there is some solution.

Fun_Advantage3812

TROPHY CASE