Hi @ttany,

what version are you running?.

In order to check your version, execute the following commands:

cat /etc/ossec-init.conf
cat /var/ossec/api/package.json | grep version

Thanks.
Regards.

Thanks @jesuslinares:

[root@WazuhServer logs]# cat /etc/ossec-init.conf

DIRECTORY="/var/ossec"
NAME="Wazuh"
VERSION="v2.0"
DATE="Sat Apr 22 14:01:53 UTC 2017"
TYPE="server"

[root@WazuhServer logs]# cat /var/ossec/api/package.json | grep version
"version": "2.0.0",

ELK is v5.4.0!

Hi,

It seems the error is in the API, not in kibana. So, execute the following query in your manager:

curl -u foo:bar -k http://127.0.0.1:55000/agents

Let me know if it works and paste here the api logs. I hope with this information we can determine what is happening.

Thanks.

Hi!
Is python module is not installed?

[root@WazuhServer ~]# curl -u foo:bar -k http://127.0.0.1:55000/agents
{"error":1000,"message":"Wazuh-Python Internal Error: wazuh-framework not found."}

Please, go to /var/ossec/api/configuration/config.js and change:
config.logs = "info";
to
config.logs = "debug";

Then restart the API and send the request. Let's see what says the API log (/var/ossec/logs/api.log).

Do you have Python installed?.

Regards.

I have installed Python and changed the config.logs to "debug"!
[root@WazuhServer configuration]# cat /var/ossec/api/configuration/config.js | grep config.logs
config.logs = "debug";
tail -f /var/ossec/logs/api.log

WazuhAPI 2017-06-01 11:03:31: CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}
WazuhAPI 2017-06-01 11:03:31: CMD - Exit code: 0
WazuhAPI 2017-06-01 11:03:31: CMD - STDOUT:
---
{"message": "Wazuh-Python Internal Error: wazuh-framework not found.", "error": 1000}
---
WazuhAPI 2017-06-01 11:03:31: CMD - STDOUT: 86 bytes
WazuhAPI 2017-06-01 11:03:31: [::ffff:127.0.0.1] GET /agents/ - 200 - error: '1000'.
WazuhAPI 2017-06-01 11:04:01: Sending SIGTERM to CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}

Check if the following directory exists: /var/ossec/api/framework.

The error is due to /var/ossec/api/models/wazuh-api.py is not able to find the framework. You can fixed manually, changing the line:
path.append(path[0].replace('models','framework'))
for
path.append('/var/ossec/api/framework')

What is your Python version?.

Thanks.

Python version is 2.7.13

Is it working changing that line?

Hi,
i am configuring this on AWS.
root@ip-10:/var/ossec/api/configuration# cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v2.8.3"
DATE="Wed Jun 8 23:47:29 UTC 2016"
TYPE="server"
root@ip-10-:/var/ossec/api/configuration# cat /var/ossec/api/package.json | grep version
"version": "2.0.0",

my password authentication working fine. i already checked browser as well

curl -s -u laxman:qwer1234 -k -X GET "http://127.0.0.1:55000/"
{"error":0,"data":"Welcome to Wazuh HIDS API"}

curl -s -u laxman:qwer1234 -k -X GET "http://127.0.0.1:55000/agents"
{"error":1000,"message":"Wazuh-Python Internal Error: unable to open database file"}

after enabling debug on config.json getting this output.

WazuhAPI 2017-06-14 12:24:15: ::ffff:12.107.176.9 GET /agents
WazuhAPI 2017-06-14 12:24:15: CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}
WazuhAPI 2017-06-14 12:24:15: CMD - Exit code: 0
WazuhAPI 2017-06-14 12:24:15: CMD - STDOUT:

{"message": "Wazuh-Python Internal Error: unable to open database file", "error": 1000}

WazuhAPI 2017-06-14 12:24:15: CMD - STDOUT: 88 bytes
WazuhAPI 2017-06-14 12:24:15: [::ffff:12.107.176.9] GET /agents/ - 200 - error: '1000'.

command execution working fine.

#echo '{"function":"/agents/:agent_id","arguments":{"agent_id":"000"},"ossec_path":"/var/ossec"}' | /var/ossec/api/models/wazuh-api.py --pretty --debug
{
"data": {
"status": "Active",
"name": "ip-10-50-xx-xxx",
"ip": "127.0.0.1",
"dateAdd": "2017-06-13 08:53:39",
"version": "Wazuh v2.0",
"os_family": "Linux",
"lastKeepAlive": "9999-12-31 23:59:59",
"os": "Linux ip-10-50-xx-xxx 3.19.0-84-generic #92-Ubuntu SMP Fri Mar 24 15:46:19 UTC 2017 x86_64",
"id": "000"
},
"error": 0
}

any idea what is wrong in configuration

python --version
Python 2.7.9

elk component version 5.4

jesuslinares，Thank you very much！I have solved my problem!Python is not install according to your requirements!

@ttany what kind of change you made for python. how to add user through this command. i used below mentioned command as well sudo htpasswd -c user laxman, but that not working.

sudo node htpasswd -c user laxman
module.js:327
throw err;
^

Error: Cannot find module '/var/ossec/api/scripts/htpasswd'
at Function.Module._resolveFilename (module.js:325:15)
at Function.Module._load (module.js:276:25)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3

I had the same issue:

Manager - Status: Wazuh API returned an error message. Error: Wazuh-Python Internal Error: wazuh-framework not found.

The actual error was:

libsqlite3.so.0: failed to map segment from shared object: Operation not permitted

In my case, it was broken because I copied the data dir to another partition and looks like there was a symlink badly copied. Not sure why do we need it there at all.
Fix in my case on Centos 7:

# rm -f /var/ossec/data/api/framework/lib/libsqlite3.so.0
# ln -s /usr/lib64/libsqlite3.so.0 /var/ossec/data/api/framework/lib/libsqlite3.so.0

Hi @Laxman-SM,

Wazuh API 2.0 only works with Wazuh manager 2.0.

If you want to change the the user/password:

$ cd /var/ossec/api/configuration/auth
$ sudo node htpasswd -c user myUserName

htpasswd is a symbolic link of /var/ossec/api/node_modules/htpasswd/bin/htpasswd.
Let me know if it works.

@roman-vynar,
The API uses a "framework" written in Python. That framework needs SQLite library. We compile the library and it is installed in /var/ossec/api/framework/lib because some distributions have an old version of that library.

If you are using CentOS 7, the default version of SQLite is right. So, you can prevent to load that library from /var/ossec/api/framework/lib changing the configuration:

/var/ossec/api/configuration/config.js

Change:
config.ld_library_path = config.ossec_path + "/api/framework/lib"
to:
config.ld_library_path = ""

Thanks for the feedback!.
Regards.

@jesuslinares thanks for your software and support!

@jesuslinares I install the wazuh on centos 6.9 , I yum update the default version of python2.6 to python 2.7 and also get the same error. How can I do ? Thanks!

@whoami001 Check out the documentation: https://documentation.wazuh.com/current/installation-guide/installing-wazuh-server/wazuh_server_rpm.html#installing-wazuh-api

Just install the python27 package and restart the API:

yum install centos-release-scl
yum install python27
service wazuh-api restart

Regards.

@jesuslinares I reinstall centos 7 , slove the problem.

@whoami001 great!. CentOS 7 is a perfect choice.