# Configure Wazuh and Hive After doing all of these, our next step is to configure hive and the Wazuh. As a first step let start the configuration of the hive. First will focus on the Cassandra which is database of the hive. to do the configuration of the Cassandra navigate to the following. ```bash /etc/cassandra/cassandra.yaml ``` First Change the Cassandra Cluster name.

Next change the listen address from [localhost](http://localhost/) to your hive address. in my example that is 192.168.200.200

Now change the rpc\_address. Replace the [localhost](http://localhost/) with your hive IP address same as the above listen\_address- In my case 192.168.200.200

Next change the seed address. but please remember do not change the port number **7000**.

Then stop the cassandra service. ```bash systemctl stop cassandra.service ``` After that you can remove the older files which is in the Cassandra by using the below command. ```bash sudo rm -rf /var/lib/cassandra/* ``` Now you can start the Cassandra service using this command ```bash systemctl start cassandra.service ``` To make sure whether the Cassandra service is running or not, you can use the below command. ```bash systemctl start cassandra.service ``` As you can see the service is running after our changes.

The next thing we have to configure is Elasticsearch. the purpose of the Elasticsearch is querying the data. you can find the config file of the Elasticsearch under, ```bash /etc/elasticseach/elasticsearch.yml ``` What you have to do is, find the cluster name and rename it as you want. in my example I'm changing my cluster name in to “ thehive”

Also uncomment the [node.name](http://node.name/) and leave it as node-1

When you scrolling down you will see the **network.host** IP address. uncomment that and added your hive IP address. in my case IP address was 192.168.200.200

In Elasticsearch by default http port is 9200. if you want you can uncomment that and enable the port and use customer port number. I'm going to uncomment that and enable that but using the same port.

In order to start the Elasticsearch, it will need the discovery seed or cluster initial master node. In my case I'm going to uncomment the initial master node like below. and please keep remember to remove the node 2 because we don't have a node-2 at this stage. if you are planning to setup or you are setting up a node-2 you can keep it as it is.

Now save all the configurations and go ahead and **start** the Elasticsearch service by using below command. ```bash systemctl start elasticseach ```

Once this is done, we can enable the service using below command ```bash systemctl enable elasticsearch ```

To make sure the service you can run this command. ```bash systemctl status elasticseach ``` As you can see it is active and running..

{% hint style="info" %} Once you have done that please make a note to double check that Cassandra service as well. some times that service may hanged or stopped. {% endhint %} ```bash systemctl status cassandra.service ```