Erroro during Wazuh installation
548 views
Skip to first unread message
Jonathan G.
Dec 23, 2022, 10:05:54 AM12/23/22
to Wazuh mailing list
Hello hope you good,
I have an arror when i try to install Wzauh on now server...
Here the error :
23/12/2022 15:02:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.10
23/12/2022 15:02:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/12/2022 15:02:50 INFO: Wazuh repository added.
23/12/2022 15:02:50 INFO: --- Wazuh indexer ---
23/12/2022 15:02:50 INFO: Starting Wazuh indexer installation.
23/12/2022 15:03:28 INFO: Wazuh indexer installation finished.
23/12/2022 15:03:28 INFO: Wazuh indexer post-install configuration finished.
23/12/2022 15:03:28 INFO: Starting service wazuh-indexer.
23/12/2022 15:03:44 ERROR: wazuh-indexer could not be started.
23/12/2022 15:03:44 INFO: --- Removing existing Wazuh installation ---
23/12/2022 15:03:44 INFO: Removing Wazuh indexer.
23/12/2022 15:03:49 INFO: Wazuh indexer removed.
23/12/2022 15:03:49 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Here the content of wazuh-install.log
Dec 23 14:41:28 HOST systemd[1]: Starting Wazuh-indexer...
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: An illegal reflective access operation has occurred
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: All illegal access operations will be denied in a future release
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: ERROR: [1] bootstrap checks failed
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: fatal error in thread [Thread-3], exiting
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 23 14:41:43 HOST systemd[1]: Failed to start Wazuh-indexer.
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Consumed 52.669s CPU time.
Dec 23 14:51:32 HOST systemd[1]: Starting Wazuh-indexer...
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: An illegal reflective access operation has occurred
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: All illegal access operations will be denied in a future release
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: ERROR: [1] bootstrap checks failed
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: fatal error in thread [Thread-3], exiting
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 23 14:51:46 HOST systemd[1]: Failed to start Wazuh-indexer.
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Consumed 50.020s CPU time.
23/12/2022 14:51:46 INFO: --- Removing existing Wazuh installation ---
23/12/2022 14:51:46 INFO: Removing Wazuh indexer.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 639 MB disk space will be freed.
(Reading database ... 76062 files and directories currently installed.)
Removing wazuh-indexer (4.3.10-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 75130 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.3.10-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
23/12/2022 14:51:51 INFO: Wazuh indexer removed.
23/12/2022 14:51:51 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Anyone can help me with this issue please ?
Thanks !
I have an arror when i try to install Wzauh on now server...
Here the error :
23/12/2022 15:02:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.10
23/12/2022 15:02:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/12/2022 15:02:50 INFO: Wazuh repository added.
23/12/2022 15:02:50 INFO: --- Wazuh indexer ---
23/12/2022 15:02:50 INFO: Starting Wazuh indexer installation.
23/12/2022 15:03:28 INFO: Wazuh indexer installation finished.
23/12/2022 15:03:28 INFO: Wazuh indexer post-install configuration finished.
23/12/2022 15:03:28 INFO: Starting service wazuh-indexer.
23/12/2022 15:03:44 ERROR: wazuh-indexer could not be started.
23/12/2022 15:03:44 INFO: --- Removing existing Wazuh installation ---
23/12/2022 15:03:44 INFO: Removing Wazuh indexer.
23/12/2022 15:03:49 INFO: Wazuh indexer removed.
23/12/2022 15:03:49 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Here the content of wazuh-install.log
Dec 23 14:41:28 HOST systemd[1]: Starting Wazuh-indexer...
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: An illegal reflective access operation has occurred
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 23 14:41:40 HOST systemd-entrypoint[9461]: WARNING: All illegal access operations will be denied in a future release
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: ERROR: [1] bootstrap checks failed
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: fatal error in thread [Thread-3], exiting
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 23 14:41:42 HOST systemd-entrypoint[9461]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 23 14:41:43 HOST systemd[1]: Failed to start Wazuh-indexer.
Dec 23 14:41:43 HOST systemd[1]: wazuh-indexer.service: Consumed 52.669s CPU time.
Dec 23 14:51:32 HOST systemd[1]: Starting Wazuh-indexer...
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: An illegal reflective access operation has occurred
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 23 14:51:43 HOST systemd-entrypoint[11516]: WARNING: All illegal access operations will be denied in a future release
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: ERROR: [1] bootstrap checks failed
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: fatal error in thread [Thread-3], exiting
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 23 14:51:45 HOST systemd-entrypoint[11516]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 23 14:51:46 HOST systemd[1]: Failed to start Wazuh-indexer.
Dec 23 14:51:46 HOST systemd[1]: wazuh-indexer.service: Consumed 50.020s CPU time.
23/12/2022 14:51:46 INFO: --- Removing existing Wazuh installation ---
23/12/2022 14:51:46 INFO: Removing Wazuh indexer.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 639 MB disk space will be freed.
(Reading database ... 76062 files and directories currently installed.)
Removing wazuh-indexer (4.3.10-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 75130 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.3.10-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
23/12/2022 14:51:51 INFO: Wazuh indexer removed.
23/12/2022 14:51:51 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Anyone can help me with this issue please ?
Thanks !
Santiago David Vendramini
Dec 23, 2022, 3:48:47 PM12/23/22
to Wazuh mailing list
Hi! Sorry for the delay! Could you tell me what type of installation you are using? Maybe you are missing some dependency in your operating system.
Jonathan G.
Dec 26, 2022, 2:53:21 AM12/26/22
to Wazuh mailing list
Hi,
I follow this guide : https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/installation-assistant.html
I tryed with assistant and step by step et no one work :(
Santiago David Vendramini
Dec 26, 2022, 3:55:47 PM12/26/22
to Wazuh mailing list
Hi! Sorry for the delay! Can you send the /var/log/wazuh-indexer/wazuh-indexer-cluster.log ?
It would also be useful if you could send me information about your environment and the way you are trying to install wazuh.
Regards!
It would also be useful if you could send me information about your environment and the way you are trying to install wazuh.
Regards!
Jonathan G.
Dec 27, 2022, 2:50:49 AM12/27/22
to Wazuh mailing list
Hi
This file doenst exist. The script remove automatically wazuh-indexer and delete all file.
Jonathan G.
Dec 27, 2022, 5:17:43 AM12/27/22
to Wazuh mailing list
AS you can see here :
27/12/2022 10:12:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.10
27/12/2022 10:12:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/12/2022 10:12:46 INFO: Wazuh repository added.
27/12/2022 10:12:46 INFO: --- Wazuh indexer ---
27/12/2022 10:12:46 INFO: Starting Wazuh indexer installation.
27/12/2022 10:13:24 INFO: Wazuh indexer installation finished.
27/12/2022 10:13:24 INFO: Wazuh indexer post-install configuration finished.
27/12/2022 10:13:24 INFO: Starting service wazuh-indexer.
27/12/2022 10:13:40 ERROR: wazuh-indexer could not be started.
27/12/2022 10:13:40 INFO: --- Removing existing Wazuh installation ---
27/12/2022 10:13:40 INFO: Removing Wazuh indexer.
27/12/2022 10:13:44 INFO: Wazuh indexer removed.
27/12/2022 10:13:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
27/12/2022 10:12:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/12/2022 10:12:46 INFO: Wazuh repository added.
27/12/2022 10:12:46 INFO: --- Wazuh indexer ---
27/12/2022 10:12:46 INFO: Starting Wazuh indexer installation.
27/12/2022 10:13:24 INFO: Wazuh indexer installation finished.
27/12/2022 10:13:24 INFO: Wazuh indexer post-install configuration finished.
27/12/2022 10:13:24 INFO: Starting service wazuh-indexer.
27/12/2022 10:13:40 ERROR: wazuh-indexer could not be started.
27/12/2022 10:13:40 INFO: --- Removing existing Wazuh installation ---
27/12/2022 10:13:40 INFO: Removing Wazuh indexer.
27/12/2022 10:13:44 INFO: Wazuh indexer removed.
27/12/2022 10:13:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
After the error, the script remove wazuh-indexer and i have 0 log for this installation except the file
wazuh-install.log
Here the content of wazuh-install.log:
Dec 27 10:13:26 HOST01 systemd[1]: Starting Wazuh-indexer...
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: An illegal reflective access operation has occurred
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: All illegal access operations will be denied in a future release
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: ERROR: [1] bootstrap checks failed
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: fatal error in thread [Thread-3], exiting
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 27 10:13:40 HOST01 systemd[1]: Failed to start Wazuh-indexer.
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Consumed 48.950s CPU time.
27/12/2022 10:13:40 INFO: --- Removing existing Wazuh installation ---
27/12/2022 10:13:40 INFO: Removing Wazuh indexer.
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: An illegal reflective access operation has occurred
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Dec 27 10:13:37 HOST01 systemd-entrypoint[53659]: WARNING: All illegal access operations will be denied in a future release
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: ERROR: [1] bootstrap checks failed
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-indexer-cluster.log
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: fatal error in thread [Thread-3], exiting
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:47)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.Libsystemd.<clinit>(Libsystemd.java:46)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:137)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.systemd.SystemdPlugin.close(SystemdPlugin.java:163)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 27 10:13:38 HOST01 systemd-entrypoint[53659]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 27 10:13:40 HOST01 systemd[1]: Failed to start Wazuh-indexer.
Dec 27 10:13:40 HOST01 systemd[1]: wazuh-indexer.service: Consumed 48.950s CPU time.
27/12/2022 10:13:40 INFO: --- Removing existing Wazuh installation ---
27/12/2022 10:13:40 INFO: Removing Wazuh indexer.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 639 MB disk space will be freed.
(Reading database ... 85129 files and directories currently installed.)
Removing wazuh-indexer (4.3.10-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 84197 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.3.10-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
27/12/2022 10:13:44 INFO: Wazuh indexer removed.
27/12/2022 10:13:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
27/12/2022 10:13:45 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Jonathan G.
Dec 27, 2022, 6:22:35 AM12/27/22
to Wazuh mailing list
I'm following this guide : https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/installation-assistant.html
and i have the error after this command: bash wazuh-install.sh --wazuh-indexer node-1
Here the version of my server :
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Santiago David Vendramini
Dec 27, 2022, 7:21:32 AM12/27/22
to Wazuh mailing list
Have you edited the config.yml file? If not, can you share the file? Will all components be installed on one server?
Jonathan G.
Dec 27, 2022, 7:41:58 AM12/27/22
to Wazuh mailing list
Just edited with the IP of the server like this:
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: <MY IP>
#- name: node-2
# ip: <indexer-node-ip>
#- name: node-3
# ip: <indexer-node-ip>
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: <MY IP>
# node_type: master
#- name: wazuh-2
# ip: <wazuh-manager-ip>
# node_type: worker
#- name: wazuh-3
# ip: <wazuh-manager-ip>
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: <MY IP>
nodes:
# Wazuh indexer nodes
indexer:
- name: node-1
ip: <MY IP>
#- name: node-2
# ip: <indexer-node-ip>
#- name: node-3
# ip: <indexer-node-ip>
# Wazuh server nodes
# If there is more than one Wazuh server
# node, each one must have a node_type
server:
- name: wazuh-1
ip: <MY IP>
# node_type: master
#- name: wazuh-2
# ip: <wazuh-manager-ip>
# node_type: worker
#- name: wazuh-3
# ip: <wazuh-manager-ip>
# node_type: worker
# Wazuh dashboard nodes
dashboard:
- name: dashboard
ip: <MY IP>
Jonathan G.
Dec 27, 2022, 9:00:45 AM12/27/22
to Wazuh mailing list
Hey,
Tried the step by step guide, but it dont work.
Here the result of the command: systemctl start wazuh-indexer
× wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-12-27 13:52:38 UTC; 16s ago
Docs: https://documentation.wazuh.com
Process: 62739 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 62739 (code=exited, status=1/FAILURE)
CPU: 35.448s
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 27 13:52:38 HOST01 systemd[1]: Failed to start Wazuh-indexer.
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Consumed 35.448s CPU time.
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-12-27 13:52:38 UTC; 16s ago
Docs: https://documentation.wazuh.com
Process: 62739 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 62739 (code=exited, status=1/FAILURE)
CPU: 35.448s
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:112)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.node.Node.close(Node.java:1277)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:87)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:129)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.core.internal.io.IOUtils.close(IOUtils.java:79)
Dec 27 13:52:38 HOST01 systemd-entrypoint[62739]: at org.opensearch.bootstrap.Bootstrap$4.run(Bootstrap.java:206)
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Dec 27 13:52:38 HOST01 systemd[1]: Failed to start Wazuh-indexer.
Dec 27 13:52:38 HOST01 systemd[1]: wazuh-indexer.service: Consumed 35.448s CPU time.
Jonathan G.
Dec 27, 2022, 9:42:48 AM12/27/22
to Wazuh mailing list
I found the problem.
JNA is not active because /tmp is flagged with noexec.
After remounting /tmp with exec flag, wazuh-indexer service is now started.
Santiago David Vendramini
Dec 28, 2022, 7:17:40 AM12/28/22
to Wazuh mailing list
That's great to hear. Let me know if you need anything else. Best regards.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages