Opensearch anomaly detection plugin
407 views
Skip to first unread message
Srijan Nandi
Jul 14, 2022, 2:38:50 AM7/14/22
to Wazuh mailing list
Hello All,
I am trying to get the opensearch-anomaly-detection working. But it is not showing under Opensearch Plugins.
However, when I list the installed plugins, I see it in the list:
# /usr/share/wazuh-indexer/bin/opensearch-plugin list
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
opensearch-alerting
opensearch-anomaly-detection
opensearch-asynchronous-search
opensearch-cross-cluster-replication
opensearch-index-management
opensearch-job-scheduler
opensearch-knn
opensearch-observability
opensearch-performance-analyzer
opensearch-reports-scheduler
opensearch-security
opensearch-sql
Tried reinstalling it, however it failed.
# /usr/share/wazuh-indexer/bin/opensearch-plugin install opensearch-anomaly-detection = 1.2.4
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
-> Installing opensearch-anomaly-detection
-> Failed installing opensearch-anomaly-detection
-> Rolling back opensearch-anomaly-detection
-> Rolled back opensearch-anomaly-detection
A tool for managing installed opensearch plugins
Non-option arguments:
command
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
-h, --help Show help
-s, --silent Show minimal output
-v, --verbose Show verbose output
ERROR: Unknown plugin opensearch-anomaly-detection
# /usr/share/wazuh-indexer/bin/opensearch-plugin install https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
-> Installing https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Downloading https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
[=================================================] 100%
-> Failed installing https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Rolling back https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Rolled back https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
Exception in thread "main" java.nio.file.NoSuchFileException: /usr/share/wazuh-indexer/plugins/.installing-13416911816619194048/plugin-descriptor.properties
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
at java.base/java.nio.file.Files.newByteChannel(Files.java:426)
at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
at java.base/java.nio.file.Files.newInputStream(Files.java:160)
at org.opensearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:229)
at org.opensearch.plugins.InstallPluginCommand.loadPluginInfo(InstallPluginCommand.java:799)
at org.opensearch.plugins.InstallPluginCommand.installPlugin(InstallPluginCommand.java:858)
at org.opensearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:263)
at org.opensearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:237)
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100)
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
at org.opensearch.cli.MultiCommand.execute(MultiCommand.java:104)
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
at org.opensearch.cli.Command.main(Command.java:101)
at org.opensearch.plugins.PluginCli.main(PluginCli.java:60)
Can anyone show me how to get opensearch-anomaly-detection working under Opensearch Plugins.
I am trying to get the opensearch-anomaly-detection working. But it is not showing under Opensearch Plugins.
However, when I list the installed plugins, I see it in the list:
# /usr/share/wazuh-indexer/bin/opensearch-plugin list
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
opensearch-alerting
opensearch-anomaly-detection
opensearch-asynchronous-search
opensearch-cross-cluster-replication
opensearch-index-management
opensearch-job-scheduler
opensearch-knn
opensearch-observability
opensearch-performance-analyzer
opensearch-reports-scheduler
opensearch-security
opensearch-sql
Tried reinstalling it, however it failed.
# /usr/share/wazuh-indexer/bin/opensearch-plugin install opensearch-anomaly-detection = 1.2.4
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
-> Installing opensearch-anomaly-detection
-> Failed installing opensearch-anomaly-detection
-> Rolling back opensearch-anomaly-detection
-> Rolled back opensearch-anomaly-detection
A tool for managing installed opensearch plugins
Non-option arguments:
command
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
-h, --help Show help
-s, --silent Show minimal output
-v, --verbose Show verbose output
ERROR: Unknown plugin opensearch-anomaly-detection
# /usr/share/wazuh-indexer/bin/opensearch-plugin install https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
/usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
-> Installing https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Downloading https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
[=================================================] 100%
-> Failed installing https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Rolling back https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
-> Rolled back https://repo.pintexx.com/testing/community/x86_64/opensearch-anomaly-detection-plugin-1.2.4.0-1-x86_64.pkg.tar.zst.sig
Exception in thread "main" java.nio.file.NoSuchFileException: /usr/share/wazuh-indexer/plugins/.installing-13416911816619194048/plugin-descriptor.properties
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
at java.base/java.nio.file.Files.newByteChannel(Files.java:426)
at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
at java.base/java.nio.file.Files.newInputStream(Files.java:160)
at org.opensearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:229)
at org.opensearch.plugins.InstallPluginCommand.loadPluginInfo(InstallPluginCommand.java:799)
at org.opensearch.plugins.InstallPluginCommand.installPlugin(InstallPluginCommand.java:858)
at org.opensearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:263)
at org.opensearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:237)
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100)
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
at org.opensearch.cli.MultiCommand.execute(MultiCommand.java:104)
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
at org.opensearch.cli.Command.main(Command.java:101)
at org.opensearch.plugins.PluginCli.main(PluginCli.java:60)
Can anyone show me how to get opensearch-anomaly-detection working under Opensearch Plugins.
Thanks and Regards,
-=Srijan Nandi
Matias Ezequiel Moreno
Jul 14, 2022, 6:25:54 AM7/14/22
to Wazuh mailing list
Hi, thank you very much for using Wazuh, to give you a better support, could you tell me which is the specific version of Wazuh-indexer and Wazuh-dashboard you are using?
I am seeing that in the command execution it is trying to take a configuration into a directory that does not exist.
Could you check if this is really the case, you should be able to see the following output if you run the following command.
command:
ls -la /usr/share/wazuh-indexer/config/
output:
total 56
drwx------ 1 wazuh-indexer wazuh-indexer 4096 Jul 14 10:01 .
drwxr-xr-x 1 root root 4096 Jun 29 10:27 ..
dr-x------ 1 wazuh-indexer wazuh-indexer 4096 Jul 14 10:01 certs
-rw------- 1 wazuh-indexer wazuh-indexer 2352 Jun 21 12:31 jvm.options
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 jvm.options.d
-rw-r----- 1 wazuh-indexer wazuh-indexer 11646 Jun 21 12:31 log4j2.properties
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 opensearch-observability
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 opensearch-reports-scheduler
-rw-rw---- 1 wazuh-indexer wazuh-indexer 196 Jul 14 10:01 opensearch.keystore
-rw-r--r-- 1 wazuh-indexer wazuh-indexer 1882 Jun 8 17:35 opensearch.yml
Regards
I am seeing that in the command execution it is trying to take a configuration into a directory that does not exist.
Could you check if this is really the case, you should be able to see the following output if you run the following command.
command:
ls -la /usr/share/wazuh-indexer/config/
output:
total 56
drwx------ 1 wazuh-indexer wazuh-indexer 4096 Jul 14 10:01 .
drwxr-xr-x 1 root root 4096 Jun 29 10:27 ..
dr-x------ 1 wazuh-indexer wazuh-indexer 4096 Jul 14 10:01 certs
-rw------- 1 wazuh-indexer wazuh-indexer 2352 Jun 21 12:31 jvm.options
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 jvm.options.d
-rw-r----- 1 wazuh-indexer wazuh-indexer 11646 Jun 21 12:31 log4j2.properties
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 opensearch-observability
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 21 12:31 opensearch-reports-scheduler
-rw-rw---- 1 wazuh-indexer wazuh-indexer 196 Jul 14 10:01 opensearch.keystore
-rw-r--r-- 1 wazuh-indexer wazuh-indexer 1882 Jun 8 17:35 opensearch.yml
Regards
Srijan Nandi
Jul 14, 2022, 6:55:33 AM7/14/22
to Wazuh mailing list
Hello Matias,
The Wazuh version that I am using is "WAZUH_VERSION":"v4.3.5".
The config directory does not exist here:
/usr/share/wazuh-indexer# ls -al
total 272
drwxr-x--- 9 wazuh-indexer wazuh-indexer 4096 Jul 14 10:35 .
drwxr-xr-x 111 root root 4096 Jun 28 12:44 ..
drwxr-xr-x 2 wazuh-indexer wazuh-indexer 4096 Jul 14 10:53 backup-directory
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jul 14 11:45 bin
drwxr-x--- 9 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 jdk
drwxr-x--- 3 wazuh-indexer wazuh-indexer 12288 Jun 30 16:59 lib
-rw-r----- 1 wazuh-indexer wazuh-indexer 11358 Jan 14 09:05 LICENSE.txt
drwxr-x--- 20 wazuh-indexer wazuh-indexer 4096 Jun 24 10:09 modules
-rw-r----- 1 wazuh-indexer wazuh-indexer 215355 Jan 14 09:12 NOTICE.txt
drwxr-x--- 6 wazuh-indexer wazuh-indexer 4096 Jun 24 10:08 performance-analyzer-rca
drwxr-x--- 14 wazuh-indexer wazuh-indexer 4096 Jul 14 11:43 plugins
-r--r----- 1 wazuh-indexer wazuh-indexer 6 Jun 21 18:01 VERSION
The files that you mentioned are in the /etc/wazuh-indexer:
/etc/wazuh-indexer# ls -al
total 52
drwxr-x--- 6 wazuh-indexer wazuh-indexer 4096 Jul 14 12:28 .
drwxr-xr-x 100 root root 4096 Jul 14 10:13 ..
dr-x------ 2 wazuh-indexer wazuh-indexer 4096 Jun 24 10:13 certs
-rw-rw---- 1 wazuh-indexer wazuh-indexer 2561 Jun 24 10:23 jvm.options
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 24 10:25 jvm.options.d
-rw-rw---- 1 wazuh-indexer wazuh-indexer 11646 Jun 3 17:37 log4j2.properties
-rw-rw---- 1 wazuh-indexer wazuh-indexer 196 Jun 24 10:09 opensearch.keystore
-rw------- 1 wazuh-indexer wazuh-indexer 73 Jun 24 10:09 .opensearch.keystore.initial_md5sum
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 opensearch-observability
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 opensearch-reports-scheduler
-rw-rw---- 1 wazuh-indexer wazuh-indexer 2114 Jun 24 10:11 opensearch.yml
The Wazuh version that I am using is "WAZUH_VERSION":"v4.3.5".
The config directory does not exist here:
/usr/share/wazuh-indexer# ls -al
total 272
drwxr-x--- 9 wazuh-indexer wazuh-indexer 4096 Jul 14 10:35 .
drwxr-xr-x 111 root root 4096 Jun 28 12:44 ..
drwxr-xr-x 2 wazuh-indexer wazuh-indexer 4096 Jul 14 10:53 backup-directory
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jul 14 11:45 bin
drwxr-x--- 9 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 jdk
drwxr-x--- 3 wazuh-indexer wazuh-indexer 12288 Jun 30 16:59 lib
-rw-r----- 1 wazuh-indexer wazuh-indexer 11358 Jan 14 09:05 LICENSE.txt
drwxr-x--- 20 wazuh-indexer wazuh-indexer 4096 Jun 24 10:09 modules
-rw-r----- 1 wazuh-indexer wazuh-indexer 215355 Jan 14 09:12 NOTICE.txt
drwxr-x--- 6 wazuh-indexer wazuh-indexer 4096 Jun 24 10:08 performance-analyzer-rca
drwxr-x--- 14 wazuh-indexer wazuh-indexer 4096 Jul 14 11:43 plugins
-r--r----- 1 wazuh-indexer wazuh-indexer 6 Jun 21 18:01 VERSION
The files that you mentioned are in the /etc/wazuh-indexer:
/etc/wazuh-indexer# ls -al
total 52
drwxr-x--- 6 wazuh-indexer wazuh-indexer 4096 Jul 14 12:28 .
drwxr-xr-x 100 root root 4096 Jul 14 10:13 ..
dr-x------ 2 wazuh-indexer wazuh-indexer 4096 Jun 24 10:13 certs
-rw-rw---- 1 wazuh-indexer wazuh-indexer 2561 Jun 24 10:23 jvm.options
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 24 10:25 jvm.options.d
-rw-rw---- 1 wazuh-indexer wazuh-indexer 11646 Jun 3 17:37 log4j2.properties
-rw-rw---- 1 wazuh-indexer wazuh-indexer 196 Jun 24 10:09 opensearch.keystore
-rw------- 1 wazuh-indexer wazuh-indexer 73 Jun 24 10:09 .opensearch.keystore.initial_md5sum
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 opensearch-observability
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Jun 30 16:59 opensearch-reports-scheduler
-rw-rw---- 1 wazuh-indexer wazuh-indexer 2114 Jun 24 10:11 opensearch.yml
Thanks and Regards,
-=Srijan Nandi
Matias Ezequiel Moreno
Jul 14, 2022, 7:49:18 AM7/14/22
to Wazuh mailing list
Yes, this configuration file is generated only when you install wazuh-indexer. What is the process you used to install Wazuh-indexer? for some reason you must have had a failure that did not create the config directory.
Maybe you should try reinstalling wazuh-indexer and verify that the config folder exists.
I share with you the link to the documentation with the installation process.
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html
Let me know if this is helpful and of any details,
Cheers,
Matias From Wazuh team.
Maybe you should try reinstalling wazuh-indexer and verify that the config folder exists.
I share with you the link to the documentation with the installation process.
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html
Let me know if this is helpful and of any details,
Cheers,
Matias From Wazuh team.
Srijan Nandi
Jul 14, 2022, 8:31:35 AM7/14/22
to Wazuh mailing list
Hello Matias,
I followed the following doc to install the wazuh-indexer.
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
The new wazuh-index keep all the conf files in /etc/wazuh-indexer and not in /usr/share/wazuh-indexer. The opensearch-env required for the opensearch commands all look for the config file in /usr/share/wazuh-indexer/config whereas the correct path should be /etc/wazuh-indexer.
Not sure if I am correct, here.
Thanks and Regards,
-=Srijan Nandi
I followed the following doc to install the wazuh-indexer.
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html
The new wazuh-index keep all the conf files in /etc/wazuh-indexer and not in /usr/share/wazuh-indexer. The opensearch-env required for the opensearch commands all look for the config file in /usr/share/wazuh-indexer/config whereas the correct path should be /etc/wazuh-indexer.
Not sure if I am correct, here.
Thanks and Regards,
-=Srijan Nandi
Srijan Nandi
Jul 14, 2022, 8:36:55 AM7/14/22
to Wazuh mailing list
Hello Matias,
Here is what I see in wazuh-indexer.service:
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer
Here is what I see in wazuh-indexer.service:
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer
Thanks and Regards,
-=Srijan Nandi
Srijan Nandi
Jul 14, 2022, 9:16:36 AM7/14/22
to Wazuh mailing list
Hello Matias,
I changed the following lines in opensearch-env
if [ -z "$OPENSEARCH_PATH_CONF" ]; then OPENSEARCH_PATH_CONF="$OPENSEARCH_HOME"/config; fi
to
if [ -z "$OPENSEARCH_PATH_CONF" ]; then OPENSEARCH_PATH_CONF="/etc/wazuh-indexer"; fi
and I no longer see the following message /usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
But still cannot install opensearch-anomaly-detection
/usr/share/wazuh-indexer/bin# ./opensearch-plugin install opensearch-anomaly-detection = 1.2.4
-> Installing opensearch-anomaly-detection
-> Failed installing opensearch-anomaly-detection
-> Rolling back opensearch-anomaly-detection
-> Rolled back opensearch-anomaly-detection
A tool for managing installed opensearch plugins
Non-option arguments:
command
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
-h, --help Show help
-s, --silent Show minimal output
-v, --verbose Show verbose output
ERROR: Unknown plugin opensearch-anomaly-detection
I changed the following lines in opensearch-env
if [ -z "$OPENSEARCH_PATH_CONF" ]; then OPENSEARCH_PATH_CONF="$OPENSEARCH_HOME"/config; fi
to
if [ -z "$OPENSEARCH_PATH_CONF" ]; then OPENSEARCH_PATH_CONF="/etc/wazuh-indexer"; fi
and I no longer see the following message /usr/share/wazuh-indexer/bin/opensearch-env: line 89: cd: /usr/share/wazuh-indexer/config: No such file or directory
But still cannot install opensearch-anomaly-detection
/usr/share/wazuh-indexer/bin# ./opensearch-plugin install opensearch-anomaly-detection = 1.2.4
-> Installing opensearch-anomaly-detection
-> Failed installing opensearch-anomaly-detection
-> Rolling back opensearch-anomaly-detection
-> Rolled back opensearch-anomaly-detection
A tool for managing installed opensearch plugins
Non-option arguments:
command
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
-h, --help Show help
-s, --silent Show minimal output
-v, --verbose Show verbose output
ERROR: Unknown plugin opensearch-anomaly-detection
Thanks and Regards,
-=Srijan Nandi
-=Srijan Nandi
Reply all
Reply to author
Forward
0 new messages