Systemctl start elasticsearch.service. Permission denied by logger

Frank_Wang · September 23, 2019, 9:52am

Journalctl got this(Permission denied):

Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,012 main ERROR RollingFileManager (/var/log/elasticsearch/wzhj-cfs-es_server.json) java.io.FileNotFoundException: /var/log/elasticsearch/wzhj-cfs-es_server.json (Permission denied) java.io.FileNotFoundException: /var/log/elasticsearch/wzhj-cfs-es_server.json (Permission denied)
.
.
.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,014 main ERROR Unable to invoke factory method in class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender
.
.
.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,050 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,050 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,051 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,051 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,051 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,051 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,052 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,052 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,052 main ERROR Null object returned for RollingFile in Appenders.
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,052 main ERROR Unable to locate appender "rolling" for logger config "root"
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,052 main ERROR Unable to locate appender "rolling_old" for logger config "root"
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,053 main ERROR Unable to locate appender "index_indexing_slowlog_rolling_old" for logger config "index.indexing.slowlog.index"
Sep 23 17:31:11 A04-R08-I245-163-BCPLLP2 elasticsearch[35226]: 2019-09-23 17:31:11,053 main ERROR Unable to locate appender "index_indexing_slowlog_rolli

But my directory is owned by user=elasticsearch

[root@A04-R08-I245-163-BCPLLP2 elasticsearch]# ll /var/log/elasticsearch/
total 228
-rw-r--r-- 1 elasticsearch elasticsearch 202528 Sep 23 17:37 gc.log
-rw-r--r-- 1 elasticsearch elasticsearch   1835 Sep 23 17:37 gc.log.00
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_audit.json
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_deprecation.json
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_deprecation.log
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_index_indexing_slowlog.json
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_index_indexing_slowlog.log
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_index_search_slowlog.json
-rw-r--r-- 1 elasticsearch elasticsearch      0 Sep 23 17:37 wzhj-cfs-es_index_search_slowlog.log
-rw-r--r-- 1 elasticsearch elasticsearch   7383 Sep 23 17:37 wzhj-cfs-es.log
-rw-r--r-- 1 elasticsearch elasticsearch  13542 Sep 23 17:37 wzhj-cfs-es_server.json

What should I provide you to help?

I'm using Centos, installed by rpm --install elasticsearch-7.3.2-x86_64.rpm. After installation, I changed some settings in /etc/elasticsearch/jvm.options and /etc/elasticsearch/elasticsearch.yml.

when I su elasticsearch, I can ls and write to /var/log/elasticsearch/wzhj-cfs-es_server.json.

[root@A04-R08-I245-163-BCPLLP2 elasticsearch]# su elasticsearch
bash-4.2$ ls /var/log/elasticsearch/wzhj-cfs-es_deprecation.log
/var/log/elasticsearch/wzhj-cfs-es_deprecation.log
bash-4.2$ ls /var/log/elasticsearch/wzhj-cfs-es_server.json
/var/log/elasticsearch/wzhj-cfs-es_server.json
bash-4.2$ echo 'hello'>> /var/log/elasticsearch/wzhj-cfs-es_server.json
bash-4.2$ exit
exit
[root@A04-R08-I245-163-BCPLLP2 elasticsearch]# cat /etc/passwd | grep elasticsearch
elasticsearch:x:995:993:elasticsearch user:/nonexistent:/bin/bash
[root@A04-R08-I245-163-BCPLLP2 elasticsearch]# vim /etc/passwd
[root@A04-R08-I245-163-BCPLLP2 elasticsearch]# cat /etc/passwd | grep elasticsearch
elasticsearch:x:995:993:elasticsearch user:/nonexistent:/sbin/nologin

Frank_Wang · September 23, 2019, 10:53am

Solved this problem by setting

path.logs:/elk/logs

and

chown -R elasticsearch.elasticsearch /elk

system · October 21, 2019, 10:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.