Wazuh is an open-source security platform that provides threat detection, compliance management, and incident response capabilities. It uses a distributed architecture where the Wazuh Indexer plays a critical role in storing and searching alert data. In this blog, we’ll walk through the process of installing Wazuh Indexer on Ubuntu 24.04 server using the official Wazuh installation assistant.
Installing Wazuh Indexer on Ubuntu 24.04
Step 1: Download the Wazuh installation assistant and the configuration file
First, download the script for the Wazuh installation assistant and the configuration file:
#curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh
#curl -sO https://packages.wazuh.com/4.11/config.ymlStep 2: Edit the Configuration File
Edit ./config.yml and replace the node names and IP values:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: "<indexer-node-ip>"Also do the same for all Wazuh server, and Wazuh dashboard nodes.
Step 3: Generate Configuration Files
Run the Wazuh installation assistant with the option –generate-config-files to generate the Wazuh cluster key, certificates, and passwords necessary for installation:
#bash wazuh-install.sh --generate-config-filesStep 4: Copy Generated Files to All Servers
After generation, you will have a file named wazuh-install-files.tar.
Copy the wazuh-install-files.tar file to all the servers of the distributed deployment
Step 5: Install and Configure the Wazuh Indexer Node
Install and configure the Wazuh indexer nodes:
Download installation script:
#curl -sO https://packages.wazuh.com/4.11/wazuh-install.shRun the script with the option –wazuh-indexer and the node name to install and configure the Wazuh indexer.
#bash wazuh-install.sh --wazuh-indexer node-1Step 6: Initialize the Wazuh Indexer Cluster
Run the Wazuh installation assistant with the option –start-cluster on any Wazuh indexer node to load the new certificate information and start the cluster.
#bash wazuh-install.sh --start-clusterStep 7: Cluster installation
Run the following command to get the admin password:
#tar -axf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt -O | grep -P "\'admin\'" -A 1Eg output:
indexer_username: ‘admin‘
indexer_password: ‘vX?JU7v4Jszt4rcfmBkldC5K.SUbBieo‘
Step 8: Test the Cluster Installation
Finally, test your Wazuh Indexer by running a simple API call:
# curl -k -u admin:vX?JU7v4Jszt4rcfmBkldC5K.SUbBieo https://127.0.0.1:9200A successful response will look like this:
{
"name" : "node-1",
"cluster_name" : "wazuh-indexer-cluster",
"cluster_uuid" : "lTXL_l7bSZKFAIpOAXollg",
"version" : {
"number" : "7.10.2",
"build_type" : "deb",
"build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",
"build_date" : "2025-03-26T19:08:40.098412Z",
"build_snapshot" : false,
"lucene_version" : "9.11.1",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}Conclusion
Installing Wazuh Indexer on Ubuntu 24.04 is straightforward with the help of the Wazuh installation assistant.
Following these steps ensures a properly configured, secure, and scalable indexer cluster ready to handle your security event data. If you need further assistance, our support team is here to help you with this.
