Hi,
I was installing wazuh for integrity monitoring but during installation my elastic search was not able to start . Could you please provide some solution for this ? Below is the status for elastic search .
[root@localhost bin]# systemctl -l status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2019-12-31 16:58:12 +0545; 14s ago
Docs: http://www.elastic.co
Process: 5258 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 5258 (code=exited, status=1/FAILURE)
Dec 31 16:58:10 Ossec systemd[1]: Starting Elasticsearch...
Dec 31 16:58:10 Ossec elasticsearch[5258]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Dec 31 16:58:12 Ossec systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Dec 31 16:58:12 Ossec systemd[1]: Failed to start Elasticsearch.
Dec 31 16:58:12 Ossec systemd[1]: Unit elasticsearch.service entered failed state.
Dec 31 16:58:12 Ossec systemd[1]: elasticsearch.service failed.
Also,
My log file from /var/log/messages
Dec 31 17:00:04 localhost filebeat: 2019-12-31T17:00:04.144+0545#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 16 reconnect attempt(s)
Dec 31 17:00:04 localhost filebeat: 2019-12-31T17:00:04.144+0545#011INFO#011[publisher]#011pipeline/retry.go:196#011retryer: send unwait-signal to consumer
Dec 31 17:00:04 localhost filebeat: 2019-12-31T17:00:04.144+0545#011INFO#011[publisher]#011pipeline/retry.go:198#011 done
Dec 31 17:00:04 localhost filebeat: 2019-12-31T17:00:04.144+0545#011INFO#011[publisher]#011pipeline/retry.go:173#011retryer: send wait signal to consumer
Dec 31 17:00:04 localhost filebeat: 2019-12-31T17:00:04.144+0545#011INFO#011[publisher]#011pipeline/retry.go:175#011 done
Dec 31 17:00:31 localhost filebeat: 2019-12-31T17:00:31.684+0545#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":160,"time":{"ms":7}},"total":{"ticks":530,"time":{"ms":14},"value":530},"user":{"ticks":370,"time":{"ms":7}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"78033210-379c-4326-9783-0e2c842381a2","uptime":{"ms":570049}},"memstats":{"gc_next":29413056,"memory_alloc":15326632,"memory_total":53101784},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":4117,"retry":50}}},"registrar":{"states":{"current":1}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get http://127.0.0.1:9200: dial tcp 127.0.0.1:9200: connect: connection refused
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 17 reconnect attempt(s)
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011INFO#011[publisher]#011pipeline/retry.go:196#011retryer: send unwait-signal to consumer
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011INFO#011[publisher]#011pipeline/retry.go:198#011 done
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011INFO#011[publisher]#011pipeline/retry.go:173#011retryer: send wait signal to consumer
Dec 31 17:00:46 localhost filebeat: 2019-12-31T17:00:46.661+0545#011INFO#011[publisher]#011pipeline/retry.go:175#011 done
Dec 31 17:01:01 localhost systemd: Created slice User Slice of root.
Dec 31 17:01:01 localhost systemd: Started Session 2 of user root.
Dec 31 17:01:01 localhost systemd: Removed slice User Slice of root.
Dec 31 17:01:01 localhost filebeat: 2019-12-31T17:01:01.684+0545#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":160,"time":{"ms":9}},"total":{"ticks":530,"time":{"ms":14},"value":530},"user":{"ticks":370,"time":{"ms":5}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"78033210-379c-4326-9783-0e2c842381a2","uptime":{"ms":600045}},"memstats":{"gc_next":29413056,"memory_alloc":15627472,"memory_total":53402624},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":4117,"retry":50}}},"registrar":{"states":{"current":1}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
Dec 31 17:01:13 localhost systemd: Starting Elasticsearch...
Dec 31 17:01:13 localhost elasticsearch: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Dec 31 17:01:15 localhost systemd: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Dec 31 17:01:15 localhost systemd: Failed to start Elasticsearch.
Dec 31 17:01:15 localhost systemd: Unit elasticsearch.service entered failed state.
Dec 31 17:01:15 localhost systemd: elasticsearch.service failed.