Wazuh Exercise Troubleshooting

Are you having trouble with the Wazuh Exercise? If you are, it’s okay. It’s common to have issues, whether it be with virtualisation, maintaining connection between the client and the server, or generating alerts.

The most important thing to understand is that we’re more than happy to try and help you get through these issues. You can contact myself directly, or communicate with our awesome communities via Discord (if you’re a student on the course, you should already have access to the WYWM Cyber Discord – if you don’t get in contact with me).

The first step to getting your issue solved, is to help us troubleshoot your issue as effectively as possible. Here are a couple things you can do to help out troubleshoot as effectively as possible.

  1. Take a screenshot. If you’re getting an error, or you think something isn’t working, take a screenshot of it so we can get a more effective look at what’s going on. Whether it be using print screen, snipping tool, or something more detailed like Greenshot, make sure you send us something you can look at.
  2. Write a detailed description about the issue as you can, including the steps leading up to the issue, and anything you’ve done to try and resolve it. This way we can get the most detailed idea of what is happening on your system.

If you do these two things when you contact myself, or someone else in our community, it’ll make your troubleshooting journey a lot easier. However, there are also some steps I can recommend when troubleshooting on your own.

  1. Google it. Now this might sound silly, but we use some of the most popular open source platforms available for our exercises, and some issues may be common occurrences. It’s quicker for you to get back to completing our courses if you can solve an issue yourself, rather than have to wait for us to reply.
  2. Do a search in Discord to see if anyone else has had a similar issue, and has solved it. The people in our Discord communities are using the same tools and doing the same exercises as you, so the likelihood of your issue being previously solved is significant. To search on Discord, simply start typing keywords into the search bar in the top right of the window, and it will display messages from the servers history.

3. Watch Adam Stretch’s Wazuh videos. There are two video demonstration he has made, one on the Hydra command, and one on generating alerts for the Wazuh exercise. In both of these videos, Adam covers a couple of common issues that come up during the exercise, and how to resolve them.

Now you have a general idea on how to do some troubleshooting yourself, as well as how to effectively contact myself or others for troubleshooting help. If you’re reading this, you’ve probably run into an issue you need to troubleshoot, and the last thing I have to offer you is some preventative advice on how to possibly avoid getting to this stage in your issue.

  1. Try to do the exercise in one session. I know that some of the exercises are difficult and time consuming, but stopping and starting your virtual machines or lab sessions will only cause more friction, and it’s for this reason that I recommend you try doing an exercise in one session, rather than over multiple sessions.
  2. Create snapshots of your virtual machines before configuration changes. This way, if something goes wrong, you can load back to a prior image in order to see what’s causing an issue. It’s a simple, but often underutilised feature of all virtualisation software, and can save hours of time when properly applied.

And that’s it! Hopefully you don’t run into any issues when doing some of our technical exercises, but if you do, let’s try to get them solved as quickly as possible!

If you want to contact myself directly about any issues, or anything course related, you can get me:

On People:https://people.withyouwithme.com/members/5e7992a46512d/

Email: eric@withyouwithme.com

Book a call: https://meetings.hubspot.com/eric455

