Elasticsearch 7.16.2 not getting started after upgrading Log4j to 2.20 version

We are using elasticsearch with version": {
"number": "7.16.2","build_type": "rpm","lucene_version": "8.10.1"
}

We have upgraded elasticsearch log4j files from 2.17 to 2.20 and elasticsearch is failing to start . Once i put back old version 2.17 log4j file, it started working.

It gives below error ,not able to fetch more details.
[appsadm@gcpdvapcfess02 lib]$ sudo service elasticsearch -l status
Usage: /etc/init.d/elasticsearch {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
[appsadm@gcpdvapcfess02 lib]$ sudo service elasticsearch status
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2023-03-15 09:18:04 MDT; 8min ago
Docs: https://www.elastic.co
Process: 1282 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited , status=1/FAILURE)
Main PID: 1282 (code=exited, status=1/FAILURE)

Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.common.logging.LogConfigurator.configureS...251)
Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.common.logging.LogConfigurator.configure(...157)
Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.common.logging.LogConfigurator.configure(...118)
Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:369)
Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearc...166)
Mar 15 09:18:03 gcpdvapcfess02 systemd-entrypoint[1282]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticse...157)
Mar 15 09:18:04 gcpdvapcfess02 systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Mar 15 09:18:04 gcpdvapcfess02 systemd[1]: Failed to start Elasticsearch.
Mar 15 09:18:04 gcpdvapcfess02 systemd[1]: Unit elasticsearch.service entered failed state.
Mar 15 09:18:04 gcpdvapcfess02 systemd[1]: elasticsearch.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

What is the problem you are trying to solve? Elasticsearch 7.16 has as far as I know never been teted with that version, so who would you expect it to work, especially since it is a new major version?

I am expecting Elasticsearch 7.16 to run with log4j 2.20 .Is with compatible? or should i upgrade elastic?

What makes you expect this? It doesn't look like it does.

we currently use log4j 2.17.0 which has some vulnerability issue raised by our internal security team, so we are supposed to upgrade log4j to 2.20 version which is not working

With the Java Security Manager in the mix, this is more complex and just will generally not work. If you need updates, update Elasticsearch in full. Replacing JARs is not the way to go.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.