"Vulnerability detection seems to be disabled or has a problem" v4.10.1 wazuh-production-ready.yml - Incorrect indexer section in /var/ossec/etc/ossec.conf

[czuk]

The cluster playbook runs without error. I can log on the manager and everything is working apart from the Vulnerability Detection - it gives the "Vulnerability detection seems to be disabled or has a problem" message.

ossec.log was showing "indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh', retrying until the connection is successful." Internet searches prompted me to check the indexer section in /var/ossec/etc/ossec.conf and I found out that it had use incorrect ssl details.

<indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://10.x.x.62:9200</host>
    </hosts>

    <ssl>
      <certificate_authorities>
        <ca>/etc/pki/filebeat/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/pki/filebeat/node-1.pem</certificate>
      <key>/etc/pki/filebeat/node-1-key.pem</key>
    </ssl>
  </indexer>

Looking in /etc/pki/filebeat, i saw that there were no files named node-1*, but there were files named node-5*. I changed the indexer section to reference node-5, restarted the manager and got a "indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities-wazuh." message in the log and everything works.