Wazuh Indexer Not Works
1,860 views
Skip to first unread message
Aditya Sharma
May 30, 2022, 12:57:55 AM5/30/22
to Wazuh mailing list
Hi Plozex, Thanks for using Wazuh!
As I can see in the screenshot you shared that JVM memory is not able to allocate that why it is not able to start so in order to start it please check these options below and restart it accordingly:
# Xms represents the initial size of total heap space
For correct installation of Wazuh-Indexer, Wazuh-Dashboard & Wazuh-manager also please check out this: https://documentation.wazuh.com/current/installation-guide/
Regards
Aditya Sharma
As I can see in the screenshot you shared that JVM memory is not able to allocate that why it is not able to start so in order to start it please check these options below and restart it accordingly:
You can tune these options to increase the size of memory available for Elastic in the file: /etc/wazuh-indexer/jvm.options. There, add the number of Gigabytes of RAM you want to allocate to the Wazuh-indexer's heap. It is recommendable to set it to half of the available RAM with a maximum of 32GB. So for example, if you have 8GB of memory, you would allocate 4 as follows:
# Xmx represents the maximum size of total heap space
-Xms4g
-Xmx4g
Please share with us the result of systemctl status wazuh-indexer & journalctl -xe
Please share with us the result of systemctl status wazuh-indexer & journalctl -xe
Regards
Aditya Sharma
Paulo Magalhães
May 30, 2022, 11:40:00 AM5/30/22
to Aditya Sharma, Wazuh mailing list
Hi Aditya!
After change in file
/etc/wazuh-indexer/jvm.options, the same error persist.
Follow attached configuration files
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/V5D-h68yVtA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2577bd69-61c3-4fa9-810c-d7223ff34c4an%40googlegroups.com.
Aditya Sharma
May 30, 2022, 11:52:37 PM5/30/22
to Wazuh mailing list
From the errors in your log, the problems seem to be when creating the Java VM. To solve this issue, please follow these steps:
1-Set bootstrap.memory_lock:Uncomment or add this line to the /etc/wazuh-indexer/opensearch.yml file:
bootstrap.memory_lock: true1-Set bootstrap.memory_lock:Uncomment or add this line to the /etc/wazuh-indexer/opensearch.yml file:
2-Edit the limit of system resources:
mkdir -p /etc/systemd/system/wazuh-indexer.service.d/cat > /etc/systemd/system/wazuh-indexer.service.d/opensearch.conf << EOF
[Service]
LimitMEMLOCK=infinity
EOF
3-Limit memory:
mkdir -p /etc/systemd/system/wazuh-indexer.service.d/cat > /etc/systemd/system/wazuh-indexer.service.d/opensearch.conf << EOF
[Service]
LimitMEMLOCK=infinity
EOF
3-Limit memory:
- Use no more than 50% of available RAM.
- Use no more than 32 GB.
Add the following to the /etc/wazuh-indexer/jvm.options file:
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms4g
-Xmx4g
-Xms4g
-Xmx4g
Please change the values depending on your environment and the criteria mentioned before. Both values must be the same to prevent JVM heap resizing at runtime.
4-Restart Elasticsearch:
systemctl daemon-reload
4-Restart Elasticsearch:
systemctl restart wazuh-indexer
Once you are done with these steps, please try again. I hope this helps you. Don't hesitate to ask your questions/concerns.
tmha...@gmail.com
Sep 27, 2022, 9:34:18 AM9/27/22
to Wazuh mailing list
Has this been resolved?
I have applied the CIS Ubuntu 18.04 hardening standards and then this happens.
If i install on a clean Ubuntu, then it works perfectly.
I, however, must have the CIS standards applied for my use case (I can tweak some of the values if it is justifiable).
I get the below:
Sep 27 15:11:10 i4-hids systemd[1]: Starting Wazuh-indexer...
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: output:
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: [0.000s][error][logging] Error opening log file '/var/log/wazuh-indexer/gc.log': Permission denied
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: [0.000s][error][logging] Initialization of output 'file=/var/log/wazuh-indexer/gc.log' using options 'filecount=32,filesize=64m' failed.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: error:
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m', see error log for details.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Error: Could not create the Java Virtual Machine.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Error: A fatal exception has occurred. Program will exit.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:139)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:101)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:72)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:152)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:110)
Sep 27 15:11:11 i4-hids systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 15:11:11 i4-hids systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Sep 27 15:11:11 i4-hids systemd[1]: Failed to start Wazuh-indexer.
Sep 27 15:17:05 i4-hids systemd[1]: Starting Wazuh-indexer...
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: output:
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: [0.000s][error][logging] Error opening log file '/var/log/wazuh-indexer/gc.log': Permission denied
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: [0.000s][error][logging] Initialization of output 'file=/var/log/wazuh-indexer/gc.log' using options 'filecount=32,filesize=64m' failed.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: error:
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m', see error log for details.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Error: Could not create the Java Virtual Machine.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Error: A fatal exception has occurred. Program will exit.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:139)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:101)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:72)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:152)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:110)
Sep 27 15:17:06 i4-hids systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 15:17:06 i4-hids systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Sep 27 15:17:06 i4-hids systemd[1]: Failed to start Wazuh-indexer.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: output:
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: [0.000s][error][logging] Error opening log file '/var/log/wazuh-indexer/gc.log': Permission denied
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: [0.000s][error][logging] Initialization of output 'file=/var/log/wazuh-indexer/gc.log' using options 'filecount=32,filesize=64m' failed.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: error:
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m', see error log for details.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Error: Could not create the Java Virtual Machine.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: Error: A fatal exception has occurred. Program will exit.
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:139)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:101)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:72)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:152)
Sep 27 15:11:11 i4-hids systemd-entrypoint[32128]: at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:110)
Sep 27 15:11:11 i4-hids systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 15:11:11 i4-hids systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Sep 27 15:11:11 i4-hids systemd[1]: Failed to start Wazuh-indexer.
Sep 27 15:17:05 i4-hids systemd[1]: Starting Wazuh-indexer...
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: output:
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: [0.000s][error][logging] Error opening log file '/var/log/wazuh-indexer/gc.log': Permission denied
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: [0.000s][error][logging] Initialization of output 'file=/var/log/wazuh-indexer/gc.log' using options 'filecount=32,filesize=64m' failed.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: error:
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m', see error log for details.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Error: Could not create the Java Virtual Machine.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: Error: A fatal exception has occurred. Program will exit.
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:139)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:101)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:72)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmOptionsParser.jvmOptions(JvmOptionsParser.java:152)
Sep 27 15:17:06 i4-hids systemd-entrypoint[2517]: at org.opensearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:110)
Sep 27 15:17:06 i4-hids systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 15:17:06 i4-hids systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Sep 27 15:17:06 i4-hids systemd[1]: Failed to start Wazuh-indexer.
tmha...@gmail.com
Sep 28, 2022, 4:42:59 AM9/28/22
to Wazuh mailing list
I could get it a bit better by removing noexec from the /tmp directory but still cannot get the indexer to start but the error is now a different one.
If I figure out something, I will post it here, alternatively, I will just have to justify not hardening the server until OpenSearch can fix their issue.
WARNING: An illegal reflective access operation has occurred
Bhaskar Patel
Oct 3, 2022, 9:35:37 AM10/3/22
to Wazuh mailing list
"I need to enable 2fector on the wazuh-indexer console is it possible? Does anyone have an idea related to my Question or has anyone done this before this will help me lot?
thanks,
Bhaskar Patel
Reply all
Reply to author
Forward
0 new messages