Wazuh server - don't understand why cannot install wazuh indexer
KevinK Leung
Dear Team,
I followed the steps below to install the Wazuh Indexer. The CLI log can’t provide much information why it was failed. Can anyone please advise? Since this is not the first Wazuh server in my environment. But it was the first time have this kind of error.
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/installation-assistant.html
the logs in the /var/log/Wazuh-installer.log is:
Info: Wazuh-indexer service started
INFO: Initalizating Wazuh index cluster security settings
ERROR: Cannot Initalize Wazuh indexer cluster.\
INFO: -- removing existing Wazuh installation.
INFO: Removing Wazuh indexer
Loaded Plugins: fastestmirror
Desolving Dependencies
è Running transaction check
Package Wazuh-indexer.x86_64 0:4.3.5-1 will be erased
è Finished Dependency Resolution
….
…..
Installed size: 614M
Downloading packages;
Running transaction check
Running transaction test
Transaction test seceded.
Running transcation…..
Stopping Wazuh-indexer service … OK
Removed…..wazuh-insexer.x86_64
Completed!
Kevin Leung
IT Security Specialist
Easy Great Technology Limited
KevinK Leung
The error messages as below:
# bash wazuh-install.sh --wazuh-indexer node-1
13/07/2022 14:54:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.5
13/07/2022 14:54:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
13/07/2022 14:54:07 INFO: Wazuh repository added.
13/07/2022 14:54:07 INFO: --- Wazuh indexer ---
13/07/2022 14:54:07 INFO: Starting Wazuh indexer installation.
13/07/2022 14:56:09 INFO: Wazuh indexer installation finished.
13/07/2022 14:56:09 INFO: Wazuh indexer post-install configuration finished.
13/07/2022 14:56:09 INFO: Starting service wazuh-indexer.
13/07/2022 14:56:19 INFO: wazuh-indexer service started.
13/07/2022 14:56:19 INFO: Initializing Wazuh indexer cluster security settings.
13/07/2022 14:58:19 ERROR: Cannot initialize Wazuh indexer cluster.
13/07/2022 14:58:19 INFO: --- Removing existing Wazuh installation ---
13/07/2022 14:58:19 INFO: Removing Wazuh indexer.
13/07/2022 14:58:21 INFO: Wazuh indexer removed.
13/07/2022 14:58:21 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Content of /var/log/Wazuh-install.log
]# cat wazuh-install.log
13/07/2022 14:54:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.5
13/07/2022 14:54:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
13/07/2022 14:54:07 INFO: Wazuh repository added.
13/07/2022 14:54:07 INFO: --- Wazuh indexer ---
13/07/2022 14:54:07 INFO: Starting Wazuh indexer installation.
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.nethub.com.hk
* extras: centos.nethub.com.hk
* updates: centos.nethub.com.hk
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.5-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wazuh-indexer x86_64 4.3.5-1 wazuh 361 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 361 M
Installed size: 614 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wazuh-indexer-4.3.5-1.x86_64 1/1
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Installed:
wazuh-indexer.x86_64 0:4.3.5-1
Complete!
13/07/2022 14:56:09 INFO: Wazuh indexer installation finished.
13/07/2022 14:56:09 INFO: Wazuh indexer post-install configuration finished.
13/07/2022 14:56:09 INFO: Starting service wazuh-indexer.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
13/07/2022 14:56:19 INFO: wazuh-indexer service started.
13/07/2022 14:56:19 INFO: Initializing Wazuh indexer cluster security settings.
13/07/2022 14:58:19 ERROR: Cannot initialize Wazuh indexer cluster.
13/07/2022 14:58:19 INFO: --- Removing existing Wazuh installation ---
13/07/2022 14:58:19 INFO: Removing Wazuh indexer.
Loaded plugins: fastestmirror
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.5-1 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
wazuh-indexer x86_64 4.3.5-1 @wazuh 614 M
Transaction Summary
================================================================================
Remove 1 Package
Installed size: 614 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-indexer service... OK
Erasing : wazuh-indexer-4.3.5-1.x86_64 1/1
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave
warning: /etc/wazuh-indexer/jvm.options saved as /etc/wazuh-indexer/jvm.options.rpmsave
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Removed:
wazuh-indexer.x86_64 0:4.3.5-1
Complete!
13/07/2022 14:58:21 INFO: Wazuh indexer removed.
13/07/2022 14:58:21 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.
Luis González Romero
Hello @kevin.k.leung, hope you’re doing great.
I am looking into your problem. In order to replicate your case, could you please share the config.yml you use when you get this error? Thanks in advance.
Regards,
Luis.