How to get logs for system call filters failed to install

Hi, I'm working on installing elasticsearch for dev purpose.

I'm having trouble to start a node like below:

[2019-06-13T19:15:32,594][WARN ][o.e.b.JNANatives         ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in
        at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:328) ~[elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:616) ~[elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:258) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:113) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:109) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:171) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.3.0.jar:6.3.0]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.3.0.jar:6.3.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) [elasticsearch-6.3.0.jar:6.3.0]
[2019-06-13T19:15:32,830][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] initializing ...
[2019-06-13T19:15:33,027][INFO ][o.e.e.NodeEnvironment    ] [DEV_ES_NODE_A] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [836.9gb], net total_space [908.7gb], types [rootfs]
[2019-06-13T19:15:33,027][INFO ][o.e.e.NodeEnvironment    ] [DEV_ES_NODE_A] heap size [990.7mb], compressed ordinary object pointers [true]
[2019-06-13T19:15:33,049][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] node name [DEV_ES_NODE_A], node ID [74WX15icRA-qj_YQApLIIQ]
[2019-06-13T19:15:33,050][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] version[6.3.0], pid[26342], build[default/tar/424e937/2018-06-11T23:38:03.357887Z], OS[Linux/2.6.32-431.el6.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_144/25.144-b01]
[2019-06-13T19:15:33,050][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.632FUGLg, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/home/elasticsearch/elasticsearch-6.3.0, -Des.path.conf=/usr/local/elasticsearch-base/config/A, -Des.distribution.flavor=default, -Des.distribution.type=tar]
[2019-06-13T19:15:36,084][INFO ][o.e.p.PluginsService     ] [DEV_ES_NODE_A] loaded module [aggs-matrix-stats]
...
[2019-06-13T19:15:36,088][INFO ][o.e.p.PluginsService     ] [DEV_ES_NODE_A] loaded module [x-pack-watcher]
[2019-06-13T19:15:36,088][INFO ][o.e.p.PluginsService     ] [DEV_ES_NODE_A] no plugins loaded
[2019-06-13T19:15:40,887][INFO ][o.e.x.s.a.s.FileRolesStore] [DEV_ES_NODE_A] parsed [0] roles from file [/usr/local/elasticsearch-base/config/A/roles.yml]
[2019-06-13T19:15:41,532][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/26404] [Main.cc@109] controller (64 bit): Version 6.3.0 (Build 0f0a34c67965d7) Copyright (c) 2018 Elasticsearch BV
[2019-06-13T19:15:42,025][DEBUG][o.e.a.ActionModule       ] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security
[2019-06-13T19:15:42,360][INFO ][o.e.d.DiscoveryModule    ] [DEV_ES_NODE_A] using discovery type [zen]
[2019-06-13T19:15:43,572][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] initialized
[2019-06-13T19:15:43,573][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] starting ...
[2019-06-13T19:15:43,799][INFO ][o.e.t.TransportService   ] [DEV_ES_NODE_A] publish_address {xxx.xx.xx.xx:9300}, bound_addresses {[::]:9300}
[2019-06-13T19:15:43,829][INFO ][o.e.b.BootstrapChecks    ] [DEV_ES_NODE_A] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [1] bootstrap checks failed
[1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
[2019-06-13T19:15:43,848][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] stopping ...
[2019-06-13T19:15:43,893][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] stopped
[2019-06-13T19:15:43,893][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] closing ...
[2019-06-13T19:15:43,908][INFO ][o.e.n.Node               ] [DEV_ES_NODE_A] closed
[2019-06-13T19:15:43,912][INFO ][o.e.x.m.j.p.NativeController] Native controller process has stopped - no new native processes can be started

I found that I can start a node without above problem if I add [bootstrap.system_call_filter: false] in my elasticsearch.yml, but I don't wanna skip the problem just like that.

Following the error msg(check the logs and fix your configuration) I checked my .log file but there's no difference with above.

I think I need to change config setting in log4j2.properties file to check futher level of logs but I don't know what/how to change.

Any comment would be appreciated. Thanks.

Could you share the whole log all the way from the time the node starts?

Also, please could you format your logs using the </> button. They're pretty unreadable otherwise. I'll fix your first post.

Thanks for the advice. I added full log (but removed some line about loading modules because of the limit of lines)

Thanks. The answer to your question is right there:

Your kernel is not compatible with system call filters.

2 Likes

Thanks a lot. It was quite obvious !

it's stupid that I missed that line.

1 Like

Not at all, it's not obvious that the word seccomp is related to system call filtering, for instance, and there's lots of log lines emitted at startup that didn't answer your question. This thread will also help the next person stuck with the same issue, so thanks for asking it :slight_smile:

2 Likes