Elastic search service failure after upgrading from 5.x to 6.4.2

Hello ,

I have migrated wazuh server from 5.x to 6.4.2 which is built on elastic and the other modules of this source.Post completion of migration unable to start the "elasticsearchservice" .getting below error for your reference.Please let me know if anyone of you experienced similar and have a solution in place.

Error code

[root@wazuh-server ~]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2018-10-30 02:38:34 CDT; 39s ago
Docs: http://www.elastic.co
Process: 1096 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 1096 (code=exited, status=1/FAILURE)

Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,652 main ERROR Null object returned for RollingFile in Appenders.
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,653 main ERROR Null object returned for RollingFile in Appenders.
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,653 main ERROR Unable to locate appender "rolling" for logger config "root"
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,654 main ERROR Unable to locate appender "index_indexing_slowlog_rolling" for logger c...og.index"
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,654 main ERROR Unable to locate appender "audit_rolling" for logger config "org.elasti...ditTrail"
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,655 main ERROR Unable to locate appender "index_search_slowlog_rolling" for logger con....slowlog"
Oct 30 02:38:31 wazuh-server elasticsearch[1096]: 2018-10-30 02:38:31,655 main ERROR Unable to locate appender "deprecation_rolling" for logger config "org....recation"
Oct 30 02:38:34 wazuh-server systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Oct 30 02:38:34 wazuh-server systemd[1]: Unit elasticsearch.service entered failed state.
Oct 30 02:38:34 wazuh-server systemd[1]: elasticsearch.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Do let me know if you need further information on the same.

Regards,
Praveen

This usually has to do with Elasticsearch not having the required permissions to create log files or write to them.
There should be an error that leads to this but it is truncated in the output of systemctl status.

Use journalctl -u elasticsearch instead to get the full error and possible stacktraces

Thanks a lot for your quick response.And below is the output for your quick analysis.

https://pastebin.com/v2mKqqad

Regards,
Praveen

As you rightly said after going through the log found below error .Post giving permissions to directory able to start the service.But somehow GUI is not loading

Oct 30 02:39:20 wazuh-server elasticsearch[2483]: 2018-10-30 02:39:20,065 main ERROR Unable to create file /usr/share/elasticsearch/logs/wazuh_access.log java.io.IOExce

Regards,
Praveen

You need to be more specific than that in order for us to offer meaningful help. By GUI do you mean Kibana ? If so

• what is the problem?
• what is the status of the service?
• are there any errors in the logs that indicate the source of the problem?

Yes,it is about the kibana service.The service is in start mode but it is not listening on port 5601.Below is the error
Oct 30 06:53:19 wazuh-server kibana[4413]: {"type":"log","@timestamp":"2018-10-30T11:53:19Z","tags":["info","optimize"],"pid":4413,"message":"Optimizing and caching bundles for graph, monitoring, login, logout, ml, dashboardViewer, apm, wazuh, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}

Awaited long time but couldn't see any progress ,can you please help me out on this and let me know if you need any further logs .

Regards,
Praveen

That's not an error, unless it stalls there indefinitely.

How long was that, can you give an estimate ?

Can you please share details about the system that Kibana runs on ? Basically, the OS that you're running and the hardware specs (CPU, RAM)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.