Ghaem Arasteh
Ghaem Arasteh
in default, your wazuh & kibana config only connect to one elastic search node but in the real project, we need this option to allow wazuh and kibana to sync...
check wazuh group exist in the host or make it
in the new Wazuh version extra args sent as JSON structure this is the new yara.sh and other configs to work with the new Wazuh version
if remove a single quotation from '$INDEXER_URL' then we can pass the multi-indexer address with env: INDEXER_URL=https://indxer1.wazuh:9200,https://indxer2.wazuh:9200,https://indxer3.wazuh:9200 and its good example for multi-node docker-compose config