# apt-get install logstash
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
logstash
---------
Setting up logstash (1:6.5.4-1) ...
Using provided startup.options file: /etc/logstash/startup.options
Unrecognized VM option 'UseParNewGC'
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
chmod: cannot access '/etc/default/logstash': No such file or directory
dpkg: error processing package logstash (--configure):
installed logstash package post-installation script subprocess returned error exit status 1
E: Sub-process /usr/bin/dpkg returned an error code (1)
Yes. Java 8 is a requirement. It can be found in the Elastic Search documentation but not noted properly in the Wazuh Install guide. Many install guides are not kept up to date, so I assumed was written in the past and not updated.
Another issue, not covered in the Wazuh Install Instructions, multi reboots are required, one of which is after installing Java 8, the other after installing Elastic Search. These installs make modifications which, without a reboot, Logstash can't finish setup.
Does Elastic Search and Logstash have minimum hardware system requirements? I couldn't find one for Wazuh.
Day 1:
The system seemed to go haywire after installing Elastic Search and the partial Logstash. HDD crunching continuously, system clock froze and no mouse pointer. Hard reboot power button.
Day 2:
After reboots and reinstalling Logstash system froze again. Hard reboot power button. After reboot installing Kibana my system froze, the system clock stopped, and HDD crunching like mad. Had to hard reboot with power button.
For now I've defaulted back to Ossec 3.1.0 and WUI 0.9.
Core2duo 3GB Ram. Linux Mint 19 Cinnamon.
Minimum system requirements will typically depend on what you use it for and what load you expect. I know nothing about the Wazuh project, but would recommend you bring this up with them.
It is a Laptop used for everyday personal use. Not critical IT infrastructure.
Wazuh, a fork of OSSEC, is a security soft, HIDS. Wazuh depends on Elastic Stack, Logstash and Kibana to present complex event information in a meaningful way. Because I had serious computer problems during Logstash install I assumed the issue was related to Logstash.
On review:
Maybe the reason the computer is freezing, Wazuh service is enabled during the install. Therefore, while installing Elasticsearch, Logstash, and Kibana, Wazuh is causing alert events to be generated, the Intrusion Detection System overloading computer resources because of installation progress being assessed for attack and logged.
Methinks I DOS'd myself. My daily use system is my test system. 8-/
In the future I'll attempt an install with all involved services disabled for this group of softwares. Enabling services after install and configuring.
Regarding Java8, Reviewing the Elastic Search documentation it states:
Java 8 or better is required.
The info I originally found stated:
Java 8 only is required.
More research...
Time, Thought, Research, Testing,
Thank you Christian.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.