Virtual Machine (OVA)
Wazuh provides a pre-built virtual machine image (OVA) that you can directly import using VirtualBox or other OVA compatible virtualization systems. Take into account that this VM only runs on 64-bit systems and does not provide high availability and scalability of the product.
Download the virtual appliance (OVA) which contains the following components:
CentOS 7
Wazuh manager: 4.1.5
Open Distro for Elasticsearch: 7.10.2
Filebeat-OSS: 7.10.2
Kibana: 7.10.2
Wazuh Kibana plugin: 4.1.5-7.10.2
First, import the OVA in the virtualization platform and run the virtual machine. The password of the user root is wazuh and the username and password for the Wazuh API are wazuh-wui/wazuh-wui. The following video explains how to import and run the virtual machine.
To access the web interface:
URL: https://<wazuh_server_ip> user: admin password: admin
All components included in this virtual image are configured to work out-of-the-box without the need to modify any settings. However, all components can be fully customized. These are the configuration files locations:
Wazuh manager:
/var/ossec/etc/ossec.confOpen Distro for Elasticsearch:
/etc/elasticsearch/elasticsearch.ymlFilebeat-OSS:
/etc/filebeat/filebeat.ymlKibana:
/etc/kibana/kibana.yml
In case of using VirtualBox, once the virtual machine is imported it may run into issues caused by time skew when VirtualBox synchronizes the time of the guest machine. To avoid this situation, enable the Hardware Clock in UTC Time option in the System tab of the virtual machine configuration.
Note
By default, the network interface type is bridge. The VM will attempt to obtain an IP address from the network DHCP server. Alternatively, a static IP address can be set by configuring the appropriate network files in the CentOS operating system on which the VM is based.
Once the virtual machine is imported and running, the next step is to deploy the Wazuh agents on the systems to be monitored.
Upgrading the VM
The virtual machine can be upgraded as a traditional installation: