Logstash Failed to Setup on Linux Mint 19

Received an error upon:

# apt-get install logstash
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  logstash
---------
Setting up logstash (1:6.5.4-1) ...
Using provided startup.options file: /etc/logstash/startup.options
Unrecognized VM option 'UseParNewGC'
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
chmod: cannot access '/etc/default/logstash': No such file or directory
dpkg: error processing package logstash (--configure):
 installed logstash package post-installation script subprocess returned error exit status 1
E: Sub-process /usr/bin/dpkg returned an error code (1)

Installed:

# dpkg --get-selections | grep wazuh
wazuh-manager					install
# dpkg --get-selections | grep elasticsearch
elasticsearch					install
# dpkg --get-selections | grep jdk
openjdk-11-jre:amd64				install
openjdk-11-jre-headless:amd64			install
# java --version
openjdk 10.0.2 2018-07-17
OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)
OpenJDK 64-Bit Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4, mixed mode)

I followed the installation guide at:
https://documentation.wazuh.com/current/installation-guide/installing-elastic-stack/elastic_server_deb.html#elastic-server-deb

All of my software is up to date, why won't it set up?
Is a vulnerable insecure version of JDK-jre a requirement?

Logstash still requires Java8 if I recall correctly. You should be able to check this in the support matrix on the Elastic website.

Yes. Java 8 is a requirement. It can be found in the Elastic Search documentation but not noted properly in the Wazuh Install guide. Many install guides are not kept up to date, so I assumed was written in the past and not updated.

Another issue, not covered in the Wazuh Install Instructions, multi reboots are required, one of which is after installing Java 8, the other after installing Elastic Search. These installs make modifications which, without a reboot, Logstash can't finish setup.

Does Elastic Search and Logstash have minimum hardware system requirements? I couldn't find one for Wazuh.
Day 1:
The system seemed to go haywire after installing Elastic Search and the partial Logstash. HDD crunching continuously, system clock froze and no mouse pointer. Hard reboot power button.
Day 2:
After reboots and reinstalling Logstash system froze again. Hard reboot power button. After reboot installing Kibana my system froze, the system clock stopped, and HDD crunching like mad. Had to hard reboot with power button.

For now I've defaulted back to Ossec 3.1.0 and WUI 0.9.
Core2duo 3GB Ram. Linux Mint 19 Cinnamon.

Regards

Minimum system requirements will typically depend on what you use it for and what load you expect. I know nothing about the Wazuh project, but would recommend you bring this up with them.

It is a Laptop used for everyday personal use. Not critical IT infrastructure.

Wazuh, a fork of OSSEC, is a security soft, HIDS. Wazuh depends on Elastic Stack, Logstash and Kibana to present complex event information in a meaningful way. Because I had serious computer problems during Logstash install I assumed the issue was related to Logstash.
On review:
Maybe the reason the computer is freezing, Wazuh service is enabled during the install. Therefore, while installing Elasticsearch, Logstash, and Kibana, Wazuh is causing alert events to be generated, the Intrusion Detection System overloading computer resources because of installation progress being assessed for attack and logged.

Methinks I DOS'd myself. My daily use system is my test system. 8-/

In the future I'll attempt an install with all involved services disabled for this group of softwares. Enabling services after install and configuring.

Regarding Java8, Reviewing the Elastic Search documentation it states:
Java 8 or better is required.
The info I originally found stated:
Java 8 only is required.
More research...

Time, Thought, Research, Testing,
Thank you Christian.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.