elasticsearch is failing to start, and /var/log/messages contains complaints about opening or creating files. I excerpt from that below. One thing that perplexes me is that despite the path.logs directive it persists in first attempting to write to /var/log/elasticsearch.
...........................
On CentOS Linux release 7.6.1810 (Core)
with
java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
and
elasticsearch-6.6.1-1
.............................
From /etc/elasticsearch/elasticsearch.yml:
Path to directory where to store the data (separate multiple locations by comma):
path.data: "/mnt/data/elasticdata"
Path to log files:
path.logs: "/mnt/data/elasticlogs"
..............................
drwxr-x--- 2 elasticsearch elasticsearch 4096 Mar 1 14:45 elasticdata
drwxr-x--- 2 elasticsearch elasticsearch 4096 Mar 1 14:45 elasticlogs
But I find this, despite the path specifications.
-rw-r--r-- 1 elasticsearch elasticsearch 3531 Mar 4 15:25 /var/log/elasticsearch/gc.log.0.current
.............................
I split the first three lines from /var/log/messages containing the word ERROR, to make them more readable. Recall that /mnt/data/elasticlogs exists and is owned by elasticsearch
Mar 4 15:25:55 elk-1 elasticsearch: 2019-03-04 15:25:55
703 main ERROR Unable to create file /mnt/data/elasticlogs/elastic-1.log java.io.IOException: Could not create directory /mnt/data/elasticlogs
Mar 4 15:25:55 elk-1 elasticsearch: 2019-03-04 15:25:55
708 main ERROR Could not create plugin of type class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory@6a2f6f80] unable to create manager for [/mnt/data/elasticlogs/elastic-1.log] with data [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$FactoryData@45b4c3a9[pattern=/mnt/data/elasticlogs/elastic-1-%d{yyyy-MM-dd}-%i.log.gz
append=true
bufferedIO=true
bufferSize=8192
policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0
interval=1
modulate=true)
SizeBasedTriggeringPolicy(size=134217728)])
strategy=DefaultRolloverStrategy(min=-2147483648
max=2147483647
useMax=false)
advertiseURI=null
layout=[%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %.-10000m%n
filePermissions=null
fileOwner=null]] java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory@6a2f6f80] unable to create manager for [/mnt/data/elasticlogs/elastic-1.log] with data [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$FactoryData@45b4c3a9[pattern=/mnt/data/elasticlogs/elastic-1-%d{yyyy-MM-dd}-%i.log.gz
append=true
bufferedIO=true
bufferSize=8192
policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0
interval=1
modulate=true)
SizeBasedTriggeringPolicy(size=134217728)])
strategy=DefaultRolloverStrategy(min=-2147483648
max=2147483647
useMax=false)
advertiseURI=null
layout=[%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %.-10000m%n
filePermissions=null
fileOwner=null]]
Mar 4 15:25:55 elk-1 elasticsearch: 2019-03-04 15:25:55
710 main ERROR Unable to invoke factory method in class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender