Hi @ttany,

what version are you running?.

In order to check your version, execute the following commands:

cat /etc/ossec-init.conf
cat /var/ossec/api/package.json | grep version

Thanks.
Regards.

Thanks @jesuslinares:

[root@WazuhServer logs]# cat /etc/ossec-init.conf

DIRECTORY="/var/ossec"
NAME="Wazuh"
VERSION="v2.0"
DATE="Sat Apr 22 14:01:53 UTC 2017"
TYPE="server"

[root@WazuhServer logs]# cat /var/ossec/api/package.json | grep version
"version": "2.0.0",

ELK is v5.4.0!

Hi,

It seems the error is in the API, not in kibana. So, execute the following query in your manager:

curl -u foo:bar -k http://127.0.0.1:55000/agents

Let me know if it works and paste here the api logs. I hope with this information we can determine what is happening.

Thanks.

Hi!
Is python module is not installed?

[root@WazuhServer ~]# curl -u foo:bar -k http://127.0.0.1:55000/agents
{"error":1000,"message":"Wazuh-Python Internal Error: wazuh-framework not found."}

Please, go to /var/ossec/api/configuration/config.js and change:
config.logs = "info";
to
config.logs = "debug";

Then restart the API and send the request. Let's see what says the API log (/var/ossec/logs/api.log).

Do you have Python installed?.

Regards.

I have installed Python and changed the config.logs to "debug"!
[root@WazuhServer configuration]# cat /var/ossec/api/configuration/config.js | grep config.logs
config.logs = "debug";
tail -f /var/ossec/logs/api.log

WazuhAPI 2017-06-01 11:03:31: CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}
WazuhAPI 2017-06-01 11:03:31: CMD - Exit code: 0
WazuhAPI 2017-06-01 11:03:31: CMD - STDOUT:
---
{"message": "Wazuh-Python Internal Error: wazuh-framework not found.", "error": 1000}
---
WazuhAPI 2017-06-01 11:03:31: CMD - STDOUT: 86 bytes
WazuhAPI 2017-06-01 11:03:31: [::ffff:127.0.0.1] GET /agents/ - 200 - error: '1000'.
WazuhAPI 2017-06-01 11:04:01: Sending SIGTERM to CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}

Check if the following directory exists: /var/ossec/api/framework.

The error is due to /var/ossec/api/models/wazuh-api.py is not able to find the framework. You can fixed manually, changing the line:
path.append(path[0].replace('models','framework'))
for
path.append('/var/ossec/api/framework')

What is your Python version?.

Thanks.

Python version is 2.7.13

Is it working changing that line?

Hi,
i am configuring this on AWS.
root@ip-10:/var/ossec/api/configuration# cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v2.8.3"
DATE="Wed Jun 8 23:47:29 UTC 2016"
TYPE="server"
root@ip-10-:/var/ossec/api/configuration# cat /var/ossec/api/package.json | grep version
"version": "2.0.0",

my password authentication working fine. i already checked browser as well

curl -s -u laxman:qwer1234 -k -X GET "http://127.0.0.1:55000/"
{"error":0,"data":"Welcome to Wazuh HIDS API"}

curl -s -u laxman:qwer1234 -k -X GET "http://127.0.0.1:55000/agents"
{"error":1000,"message":"Wazuh-Python Internal Error: unable to open database file"}

after enabling debug on config.json getting this output.

WazuhAPI 2017-06-14 12:24:15: ::ffff:12.107.176.9 GET /agents
WazuhAPI 2017-06-14 12:24:15: CMD - Command: python args:/var/ossec/api/models/wazuh-api.py stdin:{"function":"/agents","arguments":{},"ossec_path":"/var/ossec"}
WazuhAPI 2017-06-14 12:24:15: CMD - Exit code: 0
WazuhAPI 2017-06-14 12:24:15: CMD - STDOUT:

{"message": "Wazuh-Python Internal Error: unable to open database file", "error": 1000}

WazuhAPI 2017-06-14 12:24:15: CMD - STDOUT: 88 bytes
WazuhAPI 2017-06-14 12:24:15: [::ffff:12.107.176.9] GET /agents/ - 200 - error: '1000'.

command execution working fine.

#echo '{"function":"/agents/:agent_id","arguments":{"agent_id":"000"},"ossec_path":"/var/ossec"}' | /var/ossec/api/models/wazuh-api.py --pretty --debug
{
"data": {
"status": "Active",
"name": "ip-10-50-xx-xxx",
"ip": "127.0.0.1",
"dateAdd": "2017-06-13 08:53:39",
"version": "Wazuh v2.0",
"os_family": "Linux",
"lastKeepAlive": "9999-12-31 23:59:59",
"os": "Linux ip-10-50-xx-xxx 3.19.0-84-generic #92-Ubuntu SMP Fri Mar 24 15:46:19 UTC 2017 x86_64",
"id": "000"
},
"error": 0
}

any idea what is wrong in configuration

python --version
Python 2.7.9

elk component version 5.4

jesuslinares，Thank you very much！I have solved my problem!Python is not install according to your requirements!

@ttany what kind of change you made for python. how to add user through this command. i used below mentioned command as well sudo htpasswd -c user laxman, but that not working.

sudo node htpasswd -c user laxman
module.js:327
throw err;
^

Error: Cannot find module '/var/ossec/api/scripts/htpasswd'
at Function.Module._resolveFilename (module.js:325:15)
at Function.Module._load (module.js:276:25)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3

I had the same issue:

Manager - Status: Wazuh API returned an error message. Error: Wazuh-Python Internal Error: wazuh-framework not found.

The actual error was:

libsqlite3.so.0: failed to map segment from shared object: Operation not permitted

In my case, it was broken because I copied the data dir to another partition and looks like there was a symlink badly copied. Not sure why do we need it there at all.
Fix in my case on Centos 7:

# rm -f /var/ossec/data/api/framework/lib/libsqlite3.so.0
# ln -s /usr/lib64/libsqlite3.so.0 /var/ossec/data/api/framework/lib/libsqlite3.so.0