Follow this guide to migrate from Open Distro for Elasticsearch Kibana 1.13 to the Wazuh dashboard. These instructions are intended for a standard Wazuh installation, you may need to make some changes to adapt them to your environment.
To guarantee a correct operation of Wazuh, make sure to also migrate from Open Distro for Elasticsearch to the Wazuh indexer. To learn more, see the Migrating to the Wazuh indexer </migration-guide/wazuh-indexer>
documentation.
Note
You need root user privileges to run all the commands described below.
Stop the Kibana service.
Systemd
# systemctl stop kibana
SysV init
# service kibana stop
Add the Wazuh repository. You can skip this step if the repository is already present and enabled on your server.
Yum
APT
Install the Wazuh dashboard package.
Yum
APT
Note
Make sure that your Wazuh manager is updated to the latest version. To learn more, see
upgrading_wazuh_server
.Create the
/etc/wazuh-dashboard/certs
directory, copy your old certificates to the new location and change ownership and permissions.# mkdir /etc/wazuh-dashboard/certs # cp /etc/kibana/certs/kibana.pem /etc/wazuh-dashboard/certs/dashboard.pem # cp /etc/kibana/certs/kibana-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem # cp /etc/kibana/certs/root-ca.pem /etc/wazuh-dashboard/certs/root-ca.pem # chmod 500 /etc/wazuh-dashboard/certs # chmod 400 /etc/wazuh-dashboard/certs/* # chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
Port your settings from
/etc/kibana/kibana.yml
to the/etc/wazuh-dashboard/opensearch_dashboards.yml
file. You can omit theopensearch.username
and theopensearch.password
settings as they are now stored in the Wazuh dashboard keystore.server.host: 0.0.0.0 server.port: 443 opensearch.hosts: https://localhost:9200 opensearch.ssl.verificationMode: certificate #opensearch.username: #opensearch.password: opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch_security.multitenancy.enabled: false opensearch_security.readonly_mode.roles: ["kibana_read_only"] server.ssl.enabled: true server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem" opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] uiSettings.overrides.defaultRoute: /app/wazuh
Add the password of the
kibanaserver
user to the Wazuh dashboard keystore. Execute the command below and follow the instructions. You may find your old password in the/etc/kibana/kibana.yml
configuration file./usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add opensearch.password
Optional action - To change the default user, run the following command. You will need to change the password accordingly.
/usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add opensearch.username
Enable and start the Wazuh dashboard service.
- Port your settings from
/usr/share/kibana/data/wazuh/config/wazuh.yml
to/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
. It is recommended to copy the content from/usr/share/kibana/data/wazuh/downloads/
as well. - Access the Wazuh web interface at
https://<dashboard_ip>
with your credentials and make sure that everything is working as expected. Uninstall Kibana.
Yum
APT