Last apt-get update && apt-get dist-upgrade broke elasticsearch
539 views
Skip to first unread message
Wayne Veilleux
Apr 26, 2016, 1:28:43 PM4/26/16
to SELKS
I just did an apt-get update && apt-get dist-upgrade and it seem that it broke elasticsearch or logstash because I can't reload or re-install kibana-dashboards-stamus package.
Any clue ? :(
--
Wayne
Peter Manev
Apr 26, 2016, 7:12:03 PM4/26/16
to Wayne Veilleux, SELKS
On Tue, Apr 26, 2016 at 7:28 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> I just did an apt-get update && apt-get dist-upgrade and it seem that it
> broke elasticsearch or logstash because I can't reload or re-install
> kibana-dashboards-stamus package.
I just did an upgrade and it seems fine.
<wayne.v...@gmail.com> wrote:
> I just did an apt-get update && apt-get dist-upgrade and it seem that it
> broke elasticsearch or logstash because I can't reload or re-install
> kibana-dashboards-stamus package.
How is it broken ? The dashboards disappear?
You can always reset and reload the dashboards by -
root@SELKS:~# rm /etc/kibana/kibana-dashboards-loaded
root@SELKS:~# /etc/init.d/kibana-dashboards-stamus start
> Any clue ? :(
> --
> Wayne
>
> IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/theblog/
> Twitter: @StamusN
> g+: Stamus Networks
> ---
> You received this message because you are subscribed to the Google Groups
> "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to selks+un...@googlegroups.com.
> To post to this group, send email to se...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Regards,
Peter Manev
Wayne Veilleux
Apr 28, 2016, 12:46:37 PM4/28/16
to SELKS, wayne.v...@gmail.com
I already tried to reload the dashboards but the kibana-dashboards-stamus package seems broken because it is not installed correctly. Here is the message I got with apt-get install kibana-dashboards-stamus (sorry my system is in French...):
apt-get install kibana-dashboards-stamus
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
kibana-dashboards-stamus est déjà la plus récente version disponible.
0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.
1 partiellement installés ou enlevés.
Après cette opération, 0 o d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n]
Paramétrage de kibana-dashboards-stamus (2016040402) ...
Job for kibana-dashboards-stamus.service failed. See 'systemctl status kibana-dashboards-stamus.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript kibana-dashboards-stamus, action "start" failed.
dpkg: erreur de traitement du paquet kibana-dashboards-stamus (--configure) :
le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1
Des erreurs ont été rencontrées pendant l'exécution :
kibana-dashboards-stamus
E: Sub-process /usr/bin/dpkg returned an error code (1)
systemctl status kibana-dashboards-stamus.service:
● kibana-dashboards-stamus.service - LSB: Loads Kibana templates in ES from cmd
Loaded: loaded (/etc/init.d/kibana-dashboards-stamus)
Active: failed (Result: exit-code) since jeu 2016-04-28 12:06:55 EDT; 1min 23s ago
Process: 5742 ExecStart=/etc/init.d/kibana-dashboards-stamus start (code=exited, status=1/FAILURE)
avr 28 12:06:45 SELKS kibana-dashboards-stamus[5742]: The script will retry to connect 6 times - once every 10 sec
avr 28 12:06:45 SELKS kibana-dashboards-stamus[5742]: and exit afterwords if not successful!
avr 28 12:06:55 SELKS kibana-dashboards-stamus[5742]: localhost [127.0.0.1] 9200 (?) : Connection refused
avr 28 12:06:55 SELKS kibana-dashboards-stamus[5742]: Port 9200 is NOT listening/open !!
avr 28 12:06:55 SELKS kibana-dashboards-stamus[5742]: The script will retry to connect 6 times - once every 10 sec
avr 28 12:06:55 SELKS kibana-dashboards-stamus[5742]: and exit afterwords if not successful!
avr 28 12:06:55 SELKS kibana-dashboards-stamus[5742]: Tried to connect 6 times already...exiting!
avr 28 12:06:55 SELKS systemd[1]: kibana-dashboards-stamus.service: control process exited, code=exited status=1
avr 28 12:06:55 SELKS systemd[1]: Failed to start LSB: Loads Kibana templates in ES from cmd.
avr 28 12:06:55 SELKS systemd[1]: Unit kibana-dashboards-stamus.service entered failed state.
So I though maybe elastic search is not running, so let's check it:
/etc/init.d/elasticsearch status
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled)
Active: active (running) since jeu 2016-04-28 12:10:11 EDT; 1s ago
Docs: http://www.elastic.co
Process: 9156 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 9159 (java)
CGroup: /system.slice/elasticsearch.service
└─9159 /usr/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryErr...
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,293][WARN ][bootstrap ] Unable to lock JVM Memory: error=12,reason=Ne peut allouer de la mémoire
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,294][WARN ][bootstrap ] This can result in part of the JVM being swapped out.
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,294][WARN ][bootstrap ] Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 65536
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,294][WARN ][bootstrap ] These can be adjusted by modifying /etc/security/limits.conf, for example:
avr 28 12:10:12 SELKS elasticsearch[9159]: # allow user 'elasticsearch' mlockall
avr 28 12:10:12 SELKS elasticsearch[9159]: elasticsearch soft memlock unlimited
avr 28 12:10:12 SELKS elasticsearch[9159]: elasticsearch hard memlock unlimited
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,294][WARN ][bootstrap ] If you are logged in interactively, you will have to re-login for the new limits to take effect.
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,619][INFO ][node ] [Blitzkrieger] version[2.3.2], pid[9159], build[b9e4a6a/2016-04-21T16:03:47Z]
avr 28 12:10:12 SELKS elasticsearch[9159]: [2016-04-28 12:10:12,619][INFO ][node ] [Blitzkrieger] initializing ...
So, it's seem elastic search can't start because of some limits parameters in /etc/security/limits.conf , so I add these line in /etc/security/limits.conf based on those recommandation (http://mrzard.github.io/blog/2015/03/25/elasticsearch-enable-mlockall-in-centos-7/)
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
root - hemlock unlimited
And now elasticsearch is starting :)
But now, I got the "502 Bad Gateway" error on nginx/1.6.2 on any URL I try to reach on my SELKS server :( and I got this error in /var/log/nginx/stamus.error.log:
2016/04/28 12:27:45 [error] 4575#0: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.16.1.3, server: selks, request: "GET /rules/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:8080", host: "192.168.1.33"
So I found that kibana service process is not running and I have this error in /var/log/kibana.stdout:
{"type":"log","@timestamp":"2016-04-28T16:41:25+00:00","tags":["fatal"],"pid":2454,"level":"fatal","message":"listen EADDRINUSE 0.0.0.0:5601","error":{"message":"listen EADDRINUSE 0.0.0.0:5601","name":"Error","stack":"Error: listen EADDRINUSE 0.0.0.0:5601\n at Object.exports._errnoException (util.js:870:11)\n at exports._exceptionWithHostPort (util.js:893:20)\n at Server._listen2 (net.js:1236:14)\n at listen (net.js:1272:10)\n at net.js:1381:9\n at nextTickCallbackWith3Args (node.js:448:9)\n at process._tickDomainCallback (node.js:395:17)","code":"EADDRINUSE"}}
And I have a process listening on 5601:
netstat -an | grep 5601
tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN
And I have this process running with user cabana:
kibana 765 1 1 12:39 ? 00:00:03 /opt/kibana/bin/../node/bin/node /opt/kibana/bin/../src/cli
And now, I don't what else to do to find out a solution ... :(
Any help ? I can re-install the system (it's on ESXi) but I which to find out why I got this situation.
davor grgicevic
May 3, 2016, 9:25:16 AM5/3/16
to SELKS, wayne.v...@gmail.com
step 1:
execute:
/etc/init.d/elasticsearch stop
execute: bin/plugin remove delete-by-query
then
bin/plugin install delete-by-query
(incompatible plugin )
step 2:
/etc/init.d/scirius/stop
/etc/init.d/logstash stop
go to: /etc/logstash/conf.d/
edit scirius-logstash.conf
replace eve.total with eve-total
step 3:
go to:
/opt/selks/scirius/rules/templates/rules
execute: sed -i -- 's/eve.total/eve-total/g' *
the same in /opt/selks/scirius/rules
remove all your data ( optional) from ES
curator delete indices --all-indices
reboot.
Wayne Veilleux
May 3, 2016, 3:40:58 PM5/3/16
to SELKS, wayne.v...@gmail.com
Davor,
First of all, thank you very much for your answer.
I followed your step but in step 3, I don't have the "templates" folder in /opt/selks/scirius/rules :(
Peter Manev
May 4, 2016, 4:28:05 PM5/4/16
to Wayne Veilleux, SELKS
On Tue, May 3, 2016 at 10:40 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> Davor,
>
> First of all, thank you very much for your answer.
>
> I followed your step but in step 3, I don't have the "templates" folder in
> /opt/selks/scirius/rules :(
Wayne - I think step 1 as suggested by Davor should fix your Kibana
<wayne.v...@gmail.com> wrote:
> Davor,
>
> First of all, thank you very much for your answer.
>
> I followed your step but in step 3, I don't have the "templates" folder in
> /opt/selks/scirius/rules :(
dashboard problem. Did you check if it is working out for you? (please
make sure ES is up and running as well)
Thanks
Wayne Veilleux
May 6, 2016, 12:21:51 PM5/6/16
to SELKS, wayne.v...@gmail.com
Unfortunately, it did not. Now, when the system boot, elasticsearch and kibana are not running. When I start it manually, I get this:
root@SELKS:~# /etc/init.d/elasticsearch status
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled)
Active: active (running) since ven 2016-05-06 12:16:55 EDT; 2s ago
Docs: http://www.elastic.co
Process: 3334 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 3349 (java)
CGroup: /system.slice/elasticsearch.service
└─3349 /usr/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError ...
mai 06 12:16:56 SELKS elasticsearch[3349]: # allow user 'elasticsearch' mlockall
mai 06 12:16:56 SELKS elasticsearch[3349]: elasticsearch soft memlock unlimited
mai 06 12:16:56 SELKS elasticsearch[3349]: elasticsearch hard memlock unlimited
mai 06 12:16:56 SELKS elasticsearch[3349]: [2016-05-06 12:16:56,558][WARN ][bootstrap ] If you are logged in interactively, you will have to re-login for the new limits to take effect.
mai 06 12:16:56 SELKS elasticsearch[3349]: [2016-05-06 12:16:56,904][INFO ][node ] [Lucifer] version[2.3.2], pid[3349], build[b9e4a6a/2016-04-21T16:03:47Z]
mai 06 12:16:56 SELKS elasticsearch[3349]: [2016-05-06 12:16:56,905][INFO ][node ] [Lucifer] initializing ...
mai 06 12:16:57 SELKS elasticsearch[3349]: [2016-05-06 12:16:57,782][INFO ][plugins ] [Lucifer] modules [lang-groovy, reindex, lang-expression], plugins [delete-by-query], sites []
mai 06 12:16:57 SELKS elasticsearch[3349]: [2016-05-06 12:16:57,839][INFO ][env ] [Lucifer] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [170.7gb], net total_space...], types [ext4]
mai 06 12:16:57 SELKS elasticsearch[3349]: [2016-05-06 12:16:57,839][INFO ][env ] [Lucifer] heap size [989.8mb], compressed ordinary object pointers [true]
mai 06 12:16:57 SELKS elasticsearch[3349]: [2016-05-06 12:16:57,839][WARN ][env ] [Lucifer] max file descriptors [65535] for elasticsearch process likely too low, consider increasing ...t least [65536]
Hint: Some lines were ellipsized, use -l to show in full.
Wayne Veilleux
May 6, 2016, 12:26:37 PM5/6/16
to SELKS, wayne.v...@gmail.com
Finally, don't worry with my problem. I will reinstall it, it is only a PoC for me on a VM. Let me know before tomorrow if you really want to diagnose the root cause and repair it.
--
Wayne
Peter Manev
May 6, 2016, 1:19:37 PM5/6/16
to Wayne Veilleux, SELKS
Message has been deleted
Cyd Tazz
May 9, 2016, 7:05:21 PM5/9/16
to SELKS
Hello Peter,
After performing the apt-get update && apt-get dist-upgrad I get the below errors.
elasticsearch shows it is running
After performing the apt-get update && apt-get dist-upgrad I get the below errors.
elasticsearch shows it is running
# /etc/init.d/elasticsearch status
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/
elasticsearch.service; enabled)
Active: active (running) since Mon 2016-05-09 18:46:08 EDT; 2min 51s ago
Docs: http://www.elastic.co
Process: 652 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 726 (java)
CGroup: /system.slice/elasticsearch.service
└─726 /usr/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatin...
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,075][INFO ][node ] [Meteor Man] initialized
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,075][INFO ][node ] [Meteor Man] starting ...
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,305][INFO ][transport ] [Meteor Man] publish_address {127.0.0.1:9300}, bou....0.1:9300}
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,309][INFO ][discovery ] [Meteor Man] elasticsearch/ocV6-Q8-RLqOahspSjYuXg
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,355][INFO ][cluster.service ] [Meteor Man] new_master {Meteor Man}{ocV6-Q8-RLqOa... received)
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,378][INFO ][http ] [Meteor Man] publish_address {127.0.0.1:9200}, bou....0.1:9200}
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,379][INFO ][node ] [Meteor Man] started
May 09 18:46:29 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:29,102][INFO ][gateway ] [Meteor Man] recovered [9] indices into cluster_state
May 09 18:46:33 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:33,828][INFO ][cluster.routing.allocation] [Meteor Man] Cluster health status changed from [...4]] ...]).
May 09 18:47:06 asm-alph-selks elasticsearch[726]: [2016-05-09 18:47:06,808][INFO ][cluster.metadata ] [Meteor Man] [logstash-2016.05.09] update_mapping [logs]
Jesse
Active: active (running) since Mon 2016-05-09 18:46:08 EDT; 2min 51s ago
Docs: http://www.elastic.co
Process: 652 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 726 (java)
CGroup: /system.slice/elasticsearch.service
└─726 /usr/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatin...
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,075][INFO ][node ] [Meteor Man] initialized
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,075][INFO ][node ] [Meteor Man] starting ...
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,305][INFO ][transport ] [Meteor Man] publish_address {127.0.0.1:9300}, bou....0.1:9300}
May 09 18:46:25 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:25,309][INFO ][discovery ] [Meteor Man] elasticsearch/ocV6-Q8-RLqOahspSjYuXg
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,355][INFO ][cluster.service ] [Meteor Man] new_master {Meteor Man}{ocV6-Q8-RLqOa... received)
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,378][INFO ][http ] [Meteor Man] publish_address {127.0.0.1:9200}, bou....0.1:9200}
May 09 18:46:28 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:28,379][INFO ][node ] [Meteor Man] started
May 09 18:46:29 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:29,102][INFO ][gateway ] [Meteor Man] recovered [9] indices into cluster_state
May 09 18:46:33 asm-alph-selks elasticsearch[726]: [2016-05-09 18:46:33,828][INFO ][cluster.routing.allocation] [Meteor Man] Cluster health status changed from [...4]] ...]).
May 09 18:47:06 asm-alph-selks elasticsearch[726]: [2016-05-09 18:47:06,808][INFO ][cluster.metadata ] [Meteor Man] [logstash-2016.05.09] update_mapping [logs]
Jesse
Peter Manev
May 10, 2016, 2:40:01 AM5/10/16
to Cyd Tazz, SELKS
Hi,
When unable to connect to ES it is normal that there will be no
dashboards displayed.
The strange thing is that you show the Es is running - have you
changed the name of the host? (
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---HOSTNAME
)
You can also try to restart the nginx/scirius services as well(to be
on the safe side).
Thanks
--
Regards,
Peter Manev
When unable to connect to ES it is normal that there will be no
dashboards displayed.
The strange thing is that you show the Es is running - have you
changed the name of the host? (
https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---HOSTNAME
)
You can also try to restart the nginx/scirius services as well(to be
on the safe side).
Thanks
--
Regards,
Peter Manev
Wayne Veilleux
May 10, 2016, 12:40:29 PM5/10/16
to SELKS, wayne.v...@gmail.com
FYI Peter, I just installed from scratch SELKS 3.0RC and did and update&dist-upgrade and elasticsearch service won't load (it was working properly before the update&dist-upgrade). Here is the log (NB: I did a VMware Snapshot before the update&dist-upgrade so I can go back now without re-installing from scratch). It seem it has a problem with a Java plugin:
[2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
at org.elasticsearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:118)
at org.elasticsearch.plugins.PluginsService.getPluginBundles(PluginsService.java:378)
at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:128)
at org.elasticsearch.node.Node.<init>(Node.java:158)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
jvardam...@gmail.com
May 10, 2016, 2:18:57 PM5/10/16
to SELKS
I discovered my problem.
When I performed the apt-get update && apt-get upgrade command I was logged on to the system using ssh so I never saw the Message Screen about creating the database.
Next few times I performed the apt-get update && apt-get upgrade process from a console. I answered Yes to create the database.
Doing the above caused Elasticsearch to crash.
Last time I ran the process, I answered No to creating the database and everything is working now.
When I performed the apt-get update && apt-get upgrade command I was logged on to the system using ssh so I never saw the Message Screen about creating the database.
Next few times I performed the apt-get update && apt-get upgrade process from a console. I answered Yes to create the database.
Doing the above caused Elasticsearch to crash.
Last time I ran the process, I answered No to creating the database and everything is working now.
Peter Manev
May 10, 2016, 5:58:50 PM5/10/16
to jvardam...@gmail.com, SELKS
Peter Manev
May 10, 2016, 6:01:06 PM5/10/16
to Wayne Veilleux, SELKS
On Tue, May 10, 2016 at 7:40 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> FYI Peter, I just installed from scratch SELKS 3.0RC and did and
> update&dist-upgrade and elasticsearch service won't load (it was working
> properly before the update&dist-upgrade). Here is the log (NB: I did a
> VMware Snapshot before the update&dist-upgrade so I can go back now without
> re-installing from scratch). It seem it has a problem with a Java plugin:
>
> [2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
> java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible
> with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
> at
Can you try -
<wayne.v...@gmail.com> wrote:
> FYI Peter, I just installed from scratch SELKS 3.0RC and did and
> update&dist-upgrade and elasticsearch service won't load (it was working
> properly before the update&dist-upgrade). Here is the log (NB: I did a
> VMware Snapshot before the update&dist-upgrade so I can go back now without
> re-installing from scratch). It seem it has a problem with a Java plugin:
>
> [2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
> java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible
> with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
> at
/usr/share/elasticsearch/bin/plugin remove delete-by-query
/usr/share/elasticsearch/bin/plugin install delete-by-query
systemctl restart elasticsearch.service
Thanks
Wayne Veilleux
May 11, 2016, 8:30:49 AM5/11/16
to SELKS, wayne.v...@gmail.com
Le mardi 10 mai 2016 18:01:06 UTC-4, pevma a écrit :
On Tue, May 10, 2016 at 7:40 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> FYI Peter, I just installed from scratch SELKS 3.0RC and did and
> update&dist-upgrade and elasticsearch service won't load (it was working
> properly before the update&dist-upgrade). Here is the log (NB: I did a
> VMware Snapshot before the update&dist-upgrade so I can go back now without
> re-installing from scratch). It seem it has a problem with a Java plugin:
>
> [2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
> java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible
> with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
> at
Can you try -
/usr/share/elasticsearch/bin/plugin remove delete-by-query
/usr/share/elasticsearch/bin/plugin install delete-by-query
systemctl restart elasticsearch.service
Thanks
It is solved with the remove and re-install the plugin ! :)
But I had to set to false the http.cors.enabled variable in /etc/elasticsearch/elasticsearch.yml because I use Safari and Chrome as browser.
Here the link where I found this ELK issue: https://github.com/elastic/kibana/issues/6719
Many Thanks Peter !
Wayne Veilleux
May 11, 2016, 12:34:14 PM5/11/16
to SELKS, wayne.v...@gmail.com
Le mercredi 11 mai 2016 08:30:49 UTC-4, Wayne Veilleux a écrit :
Le mardi 10 mai 2016 18:01:06 UTC-4, pevma a écrit :On Tue, May 10, 2016 at 7:40 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> FYI Peter, I just installed from scratch SELKS 3.0RC and did and
> update&dist-upgrade and elasticsearch service won't load (it was working
> properly before the update&dist-upgrade). Here is the log (NB: I did a
> VMware Snapshot before the update&dist-upgrade so I can go back now without
> re-installing from scratch). It seem it has a problem with a Java plugin:
>
> [2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
> java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible
> with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
> at
Can you try -
/usr/share/elasticsearch/bin/plugin remove delete-by-query
/usr/share/elasticsearch/bin/plugin install delete-by-query
systemctl restart elasticsearch.service
ThanksIt is solved with the remove and re-install the plugin ! :)But I had to set to false the http.cors.enabled variable in /etc/elasticsearch/elasticsearch.yml because I use Safari and Chrome as browser.Here the link where I found this ELK issue: https://github.com/elastic/kibana/issues/6719Many Thanks Peter !
UPDATE: evebox doesn't work anymore, I got a "504 Gatewat Time-out with nginx/1.6.2" on the URL (https://selks-host/evebox). Is there a way to resolve this issue ?
Peter Manev
May 11, 2016, 1:32:10 PM5/11/16
to Wayne Veilleux, SELKS
Le mercredi 11 mai 2016 08:30:49 UTC-4, Wayne Veilleux a écrit :
Le mardi 10 mai 2016 18:01:06 UTC-4, pevma a écrit :On Tue, May 10, 2016 at 7:40 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> FYI Peter, I just installed from scratch SELKS 3.0RC and did and
> update&dist-upgrade and elasticsearch service won't load (it was working
> properly before the update&dist-upgrade). Here is the log (NB: I did a
> VMware Snapshot before the update&dist-upgrade so I can go back now without
> re-installing from scratch). It seem it has a problem with a Java plugin:
>
> [2016-05-10 12:34:53,484][ERROR][bootstrap ] Exception
> java.lang.IllegalArgumentException: Plugin [delete-by-query] is incompatible
> with Elasticsearch [2.3.2]. Was designed for version [2.3.1]
> at
Can you try -
/usr/share/elasticsearch/bin/plugin remove delete-by-query
/usr/share/elasticsearch/bin/plugin install delete-by-query
systemctl restart elasticsearch.service
ThanksIt is solved with the remove and re-install the plugin ! :)But I had to set to false the http.cors.enabled variable in /etc/elasticsearch/elasticsearch.yml because I use Safari and Chrome as browser.Here the link where I found this ELK issue: https://github.com/elastic/kibana/issues/6719Many Thanks Peter !UPDATE: evebox doesn't work anymore, I got a "504 Gatewat Time-out with nginx/1.6.2" on the URL (https://selks-host/evebox). Is there a way to resolve this issue ?
Restart ngninx?
Which evebox pkg version do you have?
Wayne Veilleux
May 11, 2016, 3:51:52 PM5/11/16
to SELKS
Retarting nginx version 1.6.2-5 did not resolve this issue.
Wayne Veilleux
May 11, 2016, 3:58:44 PM5/11/16
to SELKS
I forgot, I have evebox version 1:0.5.0~dev20160422152926 on my system.
Peter Manev
May 12, 2016, 4:33:15 AM5/12/16
to Wayne Veilleux, SELKS
On Wed, May 11, 2016 at 10:58 PM, Wayne Veilleux
<wayne.v...@gmail.com> wrote:
> I forgot, I have evebox version 1:0.5.0~dev20160422152926 on my system.
>
I have the exact same set up and can not reproduce the err you are getting.
<wayne.v...@gmail.com> wrote:
> I forgot, I have evebox version 1:0.5.0~dev20160422152926 on my system.
>
Have you made any changes tot he original set up? or how can i
reproduce it better?
Thanks
Wayne Veilleux
May 12, 2016, 7:03:23 AM5/12/16
to SELKS
Here is what I did:
- Fresh install from SELKS-3.0RC1 iso file (no-desktop) on ESXi 5.5 (6-cores/12GB/3NIC)
- Copy interfaces and suricata.xml file from a backup of SELKS 2 to setup network and suricata
- and I did a apt-get update & apt-get dist-upgrade
- Fresh install from SELKS-3.0RC1 iso file (no-desktop) on ESXi 5.5 (6-cores/12GB/3NIC)
- Copy interfaces and suricata.xml file from a backup of SELKS 2 to setup network and suricata
- and I did a apt-get update & apt-get dist-upgrade
I will try it again tonight, it takes only a few minutes. When you say you have the same setup, have you tried a fresh install ?
Peter Manev
May 12, 2016, 7:58:36 AM5/12/16
to Wayne Veilleux, SELKS
Wayne Veilleux
May 12, 2016, 9:53:06 AM5/12/16
to SELKS, wayne.v...@gmail.com
When the scirius package upgrade, it ask for a database configuration, do we say YES or NO ? I remember saying YES.
Peter Manev
May 12, 2016, 10:18:50 AM5/12/16
to Wayne Veilleux, SELKS
When the scirius package upgrade, it ask for a database configuration, do we say YES or NO ? I remember saying YES.
Yes.
Reply all
Reply to author
Forward
0 new messages