Kibana server is not ready yet
1 746 visningar
Hoppa till det första olästa meddelandet
Hami Unal
25 mars 2020 07:14:352020-03-25
till Wazuh mailing list
Hello All
I installed the wazuh server from VM appliance and i updated the server. when i login to kibana web user interface with
https://OVA_IP_ADDRESS as written in the guide. i get "Kibana server is not ready yet" error. i stoped and started kibana, elasticsearch, wazuh-manager services
should i edit kibana.yml file
Thanks
Jonathan Martín Valera
25 mars 2020 09:01:162020-03-25
till Wazuh mailing list
Hello Hami Unal,
In order to reproduce your case, I need some additional information.
As I understand it, you have performed a wazuh upgrade on the OVA, and after that upgrade you are having the "Kibana server is not ready yet" problem, right?
Which initial version of wazuh, elasticsearch and kibana did you have, and which have you updated to?
Troubleshooting tips
- Could you please check if Elasticsearch and Kibana are in the same version? You can do it by executing the following commands:
The compatibility matrix is available on:
- https://www.elastic.co/support/matrix#matrix_compatibility
- Check in Kibana /etc/kibana/kibana.yml configuration file if elasticsearch.hosts: setting is set correctly.
In order to reproduce your case, I need some additional information.
As I understand it, you have performed a wazuh upgrade on the OVA, and after that upgrade you are having the "Kibana server is not ready yet" problem, right?
Which initial version of wazuh, elasticsearch and kibana did you have, and which have you updated to?
Troubleshooting tips
- Could you please check if Elasticsearch and Kibana are in the same version? You can do it by executing the following commands:
/usr/share/elasticsearch/bin/elasticsearch --version
/usr/share/kibana/bin/kibana --versionThe compatibility matrix is available on:
- https://www.elastic.co/support/matrix#matrix_compatibility
- Check in Kibana /etc/kibana/kibana.yml configuration file if elasticsearch.hosts: setting is set correctly.
- If you are using Kibana in v7.6.1 or v7.6.0 the issue can be caused by the Kibana plugins optimization process.
Please edit /etc/default/kibana by adding a new line at the end with the following content:
NODE_OPTIONS="--max-old-space-size=2048"and restart Kibana service
This would give nodejs, which is a base for Kibana, more memory for the heap so the optimization process will be able to finish. Please note, that it can still take 10-15 minutes depending on the hardware.
I hope this information is helpful to you, and if not, please tell me again by answering the questions above.
Best regards.
Best regards.
Hami Unal
25 mars 2020 12:29:052020-03-25
till Jonathan Martín Valera, Wazuh mailing list
Thanks for response Jonathan
i just did initial setup with the OVA file. I didn't do anything else.
All services are running.
wazuh version is 3.7.2
kibana and elasticsearch version is 6.5.3
Jonathan Martín Valera <jonatha...@wazuh.com>, 25 Mar 2020 Çar, 16:01 tarihinde şunu yazdı:
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/05c069e8-36cf-492c-a03c-e8eec5252499%40googlegroups.com.
Jonathan Martín Valera
26 mars 2020 05:30:542020-03-26
till Wazuh mailing list
Hi Hami Unal,
Okay, so you just imported the OVA and you can't access the kibana service with default settings and status, right?
When you said "and i updated the server", what did you mean?
Please make the following checks:
- Check the versions of the following components and share the output:
Elasticsearch, kibana an Wazuh
rpm -qa | grep elasticsearch && rpm -qa | grep kibana && rpm -qa | grep wazuh
Wazuh App
cat /usr/share/kibana/plugins/wazuh/package.json | grep "version" | head -n 1
systemctl status elasticsearch- If elasticsearch is running, execute the following command and share the output
curl http://<OVA_IP_ADDRESS>:9200- Wait a few minutes after booting the system and check the status of kibana
systemctl status kibana- Execute the following command. Please, share with us the output obtained
journalctl -r -u kibana -lBest regards.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Hami Unal
26 mars 2020 09:28:332020-03-26
till Jonathan Martín Valera, Wazuh mailing list
Hi Jonathon
Yes ,I imported the OVA with default settings
The outputs are follow as
[root@localhost ~]# rpm -qa | grep elasticsearch && rpm -qa | grep kibana && rpm -qa | grep wazuh elasticsearch-6.5.3-1.noarch kibana-6.5.3-1.x86_64 wazuh-manager-3.7.2-1.x86_64 wazuh-api-3.7.2-1.x86_64
[root@localhost ~]# cat /usr/share/kibana/plugins/wazuh/package.json | grep "version" | head -n 1 "version": "3.7.2",
[root@localhost ~]# systemctl status elasticsearch
�-� elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/elasticsearch.service.d
�""�"�elasticsearch.conf
Active: active (running) since Thu 2020-03-26 13:04:37 UTC; 42s agoBut The Elasticsearch service stops after a while
[root@localhost ~]# curl http://ova_ip:9200 curl: (7) Failed connect to ova_ip:9200; Connection refused
[root@localhost ~]# systemctl status kibana �-� kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-03-26 13:15:22 UTC; 5min ago
[root@localhost ~]# journalctl -r -u kibana -l -- Logs begin at Thu 2020-03-26 13:15:12 UTC, end at Thu 2020-03-26 13:23:42 UTC. -- Mar 26 13:23:42 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:42Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:42 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:42Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:37 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:37Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:37 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:37Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:32 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:32Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:32 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:32Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:27 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:27Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:27 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:27Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:22 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:22Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:22 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:22Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:19 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:19Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:19 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:19Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:17 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:17Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:17 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:17Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:15Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:23:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:23:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:23:14 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:14Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:14 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:14Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:12 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:12Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:12 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:12Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:09 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:09Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:09 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:09Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:07 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:07Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:07 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:07Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:04 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:04Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:04 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:04Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:02 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:02Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:23:02 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:23:02Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:59 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:59Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:59 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:59Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:57 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:57Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:57 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:57Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:54 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:54Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:54 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:54Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:52 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:52Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:52 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:52Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:49 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:49Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:49 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:49Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:47 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:47Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:47 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:47Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:45Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:22:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:45Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:22:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:45Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:22:44 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:44Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:44 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:44Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:42 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:42Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:42 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:42Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:37 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:37Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:37 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:37Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:32 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:32Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:32 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:32Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:27 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:27Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:27 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:27Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:22 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:22Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:22 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:22Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:19 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:19Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:19 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:19Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:16 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:16Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:16 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:16Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:15Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:22:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:22:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:22:14 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:14Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:14 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:14Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:11 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:11Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:11 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:11Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:09 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:09Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:09 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:09Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:06 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:06Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:06 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:06Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:04 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:04Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:04 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:04Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:01 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:01Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:22:01 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:22:01Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:59 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:59Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:59 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:59Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:58 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:58Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:56 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:56Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:56 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:56Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:54 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:54Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:54 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:54Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:51 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:51Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:51 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:51Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:49 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:49Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:49 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:49Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:46 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:46Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:46 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:46Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:45Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:21:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:45Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:45 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:45Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:44 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:44Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:44 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:44Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:41 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:41Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:41 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:41Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:39 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:39Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:36 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:36Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:36 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:36Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:34 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:34Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:31 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:31Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:31 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:31Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:29 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:29Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:28 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:28Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:26 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:26Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:26 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:26Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:25 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:25Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:25 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:25Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:24Z","tags":["reporting","warning"],"pid":3017,"message":"En Mar 26 13:21:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:24 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:24Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:20 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:20Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:20 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:20Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:20 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:20Z","tags":["status","plugin:reporting@6.5.3","error"],"pid Mar 26 13:21:20 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:20Z","tags":["reporting","warning"],"pid":3017,"message":"Ge Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:rollup@6.5.3","error"],"pid":3 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:index_management@6.5.3","error Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:beats_management@6.5.3","error Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:logstash@6.5.3","error"],"pid" Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:grokdebugger@6.5.3","error"]," Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:watcher@6.5.3","error"],"pid": Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:tilemap@6.5.3","error"],"pid": Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:ml@6.5.3","error"],"pid":3017, Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:searchprofiler@6.5.3","error"] Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:security@6.5.3","error"],"pid" Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:spaces@6.5.3","error"],"pid":3 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:graph@6.5.3","error"],"pid":30 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:xpack_main@6.5.3","error"],"pi Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["license","warning","xpack"],"pid":3017,"messag Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","data"],"pid":3017,"m Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:elasticsearch@6.5.3","error"], Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:rollup@6.5.3","error"],"pid":3 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:index_management@6.5.3","error Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:beats_management@6.5.3","error Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:logstash@6.5.3","error"],"pid" Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:grokdebugger@6.5.3","error"]," Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:watcher@6.5.3","error"],"pid": Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:tilemap@6.5.3","error"],"pid": Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:ml@6.5.3","error"],"pid":3017, Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:searchprofiler@6.5.3","error"] Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:security@6.5.3","error"],"pid" Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:spaces@6.5.3","error"],"pid":3 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:graph@6.5.3","error"],"pid":30 Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:xpack_main@6.5.3","error"],"pi Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","elasticsearch","admin"],"pid":3017," Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["error","elasticsearch","data"],"pid":3017,"mes Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"error","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","process"],"pid":3017,"level":"erro Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"error","@timestamp":"2020-03-26T13:21:15Z","tags":["warning","process"],"pid":3017,"level":"erro Mar 26 13:21:15 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:15Z","tags":["status","plugin:wazuh@3.7.2","info"],"pid":301 Mar 26 13:21:14 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:14Z","tags":["status","plugin:timelion@6.5.3","info"],"pid": Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:metrics@6.5.3","info"],"pid":3 Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:rollup@6.5.3","error"],"pid":3 Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:infra@6.5.3","info"],"pid":301 Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:notifications@6.5.3","info"]," Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:console_extensions@6.5.3","inf Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:console@6.5.3","info"],"pid":3 Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:index_management@6.5.3","error Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:license_management@6.5.3","inf Mar 26 13:21:13 localhost.localdomain kibana[3017]: {"type":"log","@timestamp":"2020-03-26T13:21:13Z","tags":["status","plugin:canvas@6.5.3","info"],"pid":30
Jonathan Martín Valera <jonatha...@wazuh.com>, 26 Mar 2020 Per, 12:30 tarihinde şunu yazdı:
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/05c069e8-36cf-492c-a03c-e8eec5252499%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/79f86a7d-98ca-4bc2-bc1c-3a542e4c29b6%40googlegroups.com.
Jonathan Martín Valera
26 mars 2020 12:50:412020-03-26
till Wazuh mailing list
Hello Hami Unal,
Okay, if the elasticsearch service stops it is because it has a problem, and that is causing you to not be able to visualize the data through Kibana.
Let's see what may be happening with elasticsearch.
Okay, if the elasticsearch service stops it is because it has a problem, and that is causing you to not be able to visualize the data through Kibana.
Let's see what may be happening with elasticsearch.
- Execute the following command. Please, share with us the output obtained
cat /etc/elasticsearch/elasticsearch.yml- Execute the following command. Please, share with us the output obtained
cat /var/log/elasticsearch/$(cat /etc/elasticsearch/elasticsearch.yml | grep "cluster.name" | awk '{print $2}').logBest regards.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/05c069e8-36cf-492c-a03c-e8eec5252499%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Hami Unal
26 mars 2020 13:33:202020-03-26
till Jonathan Martín Valera, Wazuh mailing list
Hi Jonathan
the outputs
[root@localhost ~]# cat /etc/elasticsearch/elasticsearch.yml cluster.name: wazuh-cluster node.name: ${HOSTNAME} path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch bootstrap.memory_lock: true network.host: ["127.0.0.1"] discovery.zen.minimum_master_nodes: 1
[root@localhost ~]# cat /var/log/elasticsearch/$(cat /etc/elasticsearch/elasticsearch.yml | grep "cluster.name" | awk '{print $2}').log [2019-01-16T10:17:51,787][INFO ][o.e.e.NodeEnvironment ] [wazuhmanager] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [33.8gb], net total_space [39.2gb], types [rootfs] [2019-01-16T10:17:51,789][INFO ][o.e.e.NodeEnvironment ] [wazuhmanager] heap size [990.7mb], compressed ordinary object pointers [true] [2019-01-16T10:17:51,791][INFO ][o.e.n.Node ] [wazuhmanager] node name [wazuhmanager], node ID [J5fdqkxYTtyQG_Z3TiAPHA] [2019-01-16T10:17:51,791][INFO ][o.e.n.Node ] [wazuhmanager] version[6.5.3], pid[6189], build[default/rpm/159a78a/2018-12-06T20:11:28.826501Z], OS[Linux/3.10.0-957.1.3.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_202/25.202-b08] [2019-01-16T10:17:51,792][INFO ][o.e.n.Node ] [wazuhmanager] JVM arguments [-Xms1g, -Xms1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.Af1eeAmE, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [aggs-matrix-stats] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [analysis-common] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [ingest-common] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-expression] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-mustache] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-painless] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [mapper-extras] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [parent-join] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [percolator] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [rank-eval] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [reindex] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [repository-url] [2019-01-16T10:17:53,491][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [transport-netty4] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [tribe] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-ccr] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-core] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-deprecation] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-graph] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-logstash] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-ml] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-monitoring] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-rollup] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-security] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-sql] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-upgrade] [2019-01-16T10:17:53,492][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-watcher] [2019-01-16T10:17:53,493][INFO ][o.e.p.PluginsService ] [wazuhmanager] no plugins loaded [2019-01-16T10:17:57,440][INFO ][o.e.x.s.a.s.FileRolesStore] [wazuhmanager] parsed [0] roles from file [/etc/elasticsearch/roles.yml] [2019-01-16T10:17:57,872][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [wazuhmanager] [controller/6259] [Main.cc@109] controller (64 bit): Version 6.5.3 (Build f418a701d70c6e) Copyright (c) 2018 Elasticsearch BV [2019-01-16T10:17:58,189][DEBUG][o.e.a.ActionModule ] [wazuhmanager] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security [2019-01-16T10:17:58,393][INFO ][o.e.d.DiscoveryModule ] [wazuhmanager] using discovery type [zen] and host providers [settings] [2019-01-16T10:17:59,479][INFO ][o.e.n.Node ] [wazuhmanager] initialized [2019-01-16T10:17:59,479][INFO ][o.e.n.Node ] [wazuhmanager] starting ... [2019-01-16T10:17:59,590][INFO ][o.e.t.TransportService ] [wazuhmanager] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300} [2019-01-16T10:18:02,701][INFO ][o.e.c.s.MasterService ] [wazuhmanager] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{qdlWXH8kTWuvrROHvI4Kew}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} [2019-01-16T10:18:02,707][INFO ][o.e.c.s.ClusterApplierService] [wazuhmanager] new_master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{qdlWXH8kTWuvrROHvI4Kew}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{qdlWXH8kTWuvrROHvI4Kew}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]]) [2019-01-16T10:18:02,723][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [wazuhmanager] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200} [2019-01-16T10:18:02,723][INFO ][o.e.n.Node ] [wazuhmanager] started [2019-01-16T10:18:02,738][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [wazuhmanager] Failed to clear cache for realms [[]] [2019-01-16T10:18:02,789][INFO ][o.e.g.GatewayService ] [wazuhmanager] recovered [0] indices into cluster_state [2019-01-16T10:18:02,905][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.triggered_watches] for index patterns [.triggered_watches*] [2019-01-16T10:18:02,952][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.watch-history-9] for index patterns [.watcher-history-9*] [2019-01-16T10:18:02,979][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.watches] for index patterns [.watches*] [2019-01-16T10:18:03,004][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-6-*] [2019-01-16T10:18:03,043][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.monitoring-es] for index patterns [.monitoring-es-6-*] [2019-01-16T10:18:03,068][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.monitoring-beats] for index patterns [.monitoring-beats-6-*] [2019-01-16T10:18:03,088][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.monitoring-alerts] for index patterns [.monitoring-alerts-6] [2019-01-16T10:18:03,108][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-6-*] [2019-01-16T10:18:03,223][INFO ][o.e.l.LicenseService ] [wazuhmanager] license [a06a7cc7-0aee-4493-9543-bb38410aaccb] mode [basic] - valid [2019-01-16T10:18:03,736][INFO ][o.e.c.m.MetaDataIndexTemplateService] [wazuhmanager] adding template [wazuh] for index patterns [wazuh-alerts-3.x-*] [2019-01-16T10:18:24,648][INFO ][o.e.n.Node ] [wazuhmanager] stopping ... [2019-01-16T10:18:24,660][INFO ][o.e.x.w.WatcherService ] [wazuhmanager] stopping watch service, reason [shutdown initiated] [2019-01-16T10:18:25,036][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [wazuhmanager] [controller/6259] [Main.cc@148] Ml controller exiting [2019-01-16T10:18:25,040][INFO ][o.e.x.m.j.p.NativeController] [wazuhmanager] Native controller process has stopped - no new native processes can be started [2019-01-16T10:18:25,062][INFO ][o.e.n.Node ] [wazuhmanager] stopped [2019-01-16T10:18:25,062][INFO ][o.e.n.Node ] [wazuhmanager] closing ... [2019-01-16T10:18:25,074][INFO ][o.e.n.Node ] [wazuhmanager] closed [2019-01-16T10:23:00,908][INFO ][o.e.e.NodeEnvironment ] [wazuhmanager] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [32.7gb], net total_space [39.2gb], types [rootfs] [2019-01-16T10:23:00,920][INFO ][o.e.e.NodeEnvironment ] [wazuhmanager] heap size [990.7mb], compressed ordinary object pointers [true] [2019-01-16T10:23:00,922][INFO ][o.e.n.Node ] [wazuhmanager] node name [wazuhmanager], node ID [J5fdqkxYTtyQG_Z3TiAPHA] [2019-01-16T10:23:00,922][INFO ][o.e.n.Node ] [wazuhmanager] version[6.5.3], pid[6846], build[default/rpm/159a78a/2018-12-06T20:11:28.826501Z], OS[Linux/3.10.0-957.1.3.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_202/25.202-b08] [2019-01-16T10:23:00,922][INFO ][o.e.n.Node ] [wazuhmanager] JVM arguments [-Xms1g, -Xms1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.Qga5o2mX, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:/var/log/elasticsearch/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [aggs-matrix-stats] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [analysis-common] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [ingest-common] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-expression] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-mustache] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [lang-painless] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [mapper-extras] [2019-01-16T10:23:02,754][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [parent-join] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [percolator] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [rank-eval] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [reindex] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [repository-url] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [transport-netty4] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [tribe] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-ccr] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-core] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-deprecation] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-graph] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-logstash] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-ml] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-monitoring] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-rollup] [2019-01-16T10:23:02,755][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-security] [2019-01-16T10:23:02,756][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-sql] [2019-01-16T10:23:02,756][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-upgrade] [2019-01-16T10:23:02,756][INFO ][o.e.p.PluginsService ] [wazuhmanager] loaded module [x-pack-watcher] [2019-01-16T10:23:02,756][INFO ][o.e.p.PluginsService ] [wazuhmanager] no plugins loaded [2019-01-16T10:23:06,945][INFO ][o.e.x.s.a.s.FileRolesStore] [wazuhmanager] parsed [0] roles from file [/etc/elasticsearch/roles.yml] [2019-01-16T10:23:07,516][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [wazuhmanager] [controller/6916] [Main.cc@109] controller (64 bit): Version 6.5.3 (Build f418a701d70c6e) Copyright (c) 2018 Elasticsearch BV [2019-01-16T10:23:07,880][DEBUG][o.e.a.ActionModule ] [wazuhmanager] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security [2019-01-16T10:23:08,297][INFO ][o.e.d.DiscoveryModule ] [wazuhmanager] using discovery type [zen] and host providers [settings] [2019-01-16T10:23:09,400][INFO ][o.e.n.Node ] [wazuhmanager] initialized [2019-01-16T10:23:09,400][INFO ][o.e.n.Node ] [wazuhmanager] starting ... [2019-01-16T10:23:09,517][INFO ][o.e.t.TransportService ] [wazuhmanager] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300} [2019-01-16T10:23:12,676][INFO ][o.e.c.s.MasterService ] [wazuhmanager] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{LRkm2ZkYRh6n5h7lv6ocXg}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} [2019-01-16T10:23:12,682][INFO ][o.e.c.s.ClusterApplierService] [wazuhmanager] new_master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{LRkm2ZkYRh6n5h7lv6ocXg}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {wazuhmanager}{J5fdqkxYTtyQG_Z3TiAPHA}{LRkm2ZkYRh6n5h7lv6ocXg}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=3973287936, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]]) [2019-01-16T10:23:12,697][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [wazuhmanager] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200} [2019-01-16T10:23:12,697][INFO ][o.e.n.Node ] [wazuhmanager] started [2019-01-16T10:23:12,919][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [wazuhmanager] Failed to clear cache for realms [[]] [2019-01-16T10:23:12,964][INFO ][o.e.l.LicenseService ] [wazuhmanager] license [a06a7cc7-0aee-4493-9543-bb38410aaccb] mode [basic] - valid [2019-01-16T10:23:12,974][INFO ][o.e.g.GatewayService ] [wazuhmanager] recovered [0] indices into cluster_state [root@localhost ~]#
Jonathan Martín Valera <jonatha...@wazuh.com>, 26 Mar 2020 Per, 19:50 tarihinde şunu yazdı:
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/05c069e8-36cf-492c-a03c-e8eec5252499%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/79f86a7d-98ca-4bc2-bc1c-3a542e4c29b6%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/487935b6-f901-477d-b93b-95013a7cf44d%40googlegroups.com.
Jonathan Martín Valera
27 mars 2020 12:47:282020-03-27
till Wazuh mailing list
Hi Hami Unal,
As I see in the elasticsearch log, there is no error. Have you waited to look and share the elasticsearch log after the service crash?
After starting the elasticsearch service, wait about 2 minutes and run the following commands sharing the outputs.
I have been testing OVA 3.7.2 and apparently have not encountered any problems. I'm going to ask you a couple of questions to see if we detect the problem :)
- Could you re-import it to see if this problem continues to occur?
- Have you modified any hardware specification of the default configuration? By default, that OVA is allocated 4 GB of memory and 4 cores.
As I see in the elasticsearch log, there is no error. Have you waited to look and share the elasticsearch log after the service crash?
After starting the elasticsearch service, wait about 2 minutes and run the following commands sharing the outputs.
systemctl status elasticsearch
cat /var/log/elasticsearch/$(cat /etc/elasticsearch/elasticsearch.yml | grep "cluster.name" | awk '{print $2}').logI have been testing OVA 3.7.2 and apparently have not encountered any problems. I'm going to ask you a couple of questions to see if we detect the problem :)
- Could you re-import it to see if this problem continues to occur?
- Have you modified any hardware specification of the default configuration? By default, that OVA is allocated 4 GB of memory and 4 cores.
- Have you verified that the host machine has enough resources to provide them to the OVA?
Best regards.
...
Hami Unal
28 mars 2020 06:44:002020-03-28
till Jonathan Martín Valera, Wazuh mailing list
Hi Jonathon
Thanks for your advice. I eventually solved the issue. The problem was caused by insufficient resource.i increased VM's ram and cpu resources and i access the kibana web interface.
Thanks again:))
Jonathan Martín Valera <jonatha...@wazuh.com>, 27 Mar 2020 Cum, 19:47 tarihinde şunu yazdı:
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0c197f36-6fd4-4c8f-becc-fbfab91855f0%40googlegroups.com.
Svara alla
Svara författaren
Vidarebefordra
0 nya meddelanden