Failed to start wazuh-indexer
280 views
Skip to first unread message
fkfmilrp
Sep 28, 2024, 4:33:00 AM9/28/24
to Wazuh | Mailing List
the dashboard and wazuh manager is up and running but when i restart wazuh-indexer it says
"Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details."
i have attached the following screenshots to check
-journalctl
"Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details."
i have attached the following screenshots to check
-journalctl
-filebeat output
-wazuh-cluster.log
Ujunwa Okonkwo
Sep 28, 2024, 6:29:14 AM9/28/24
to Wazuh | Mailing List
Hello,
The error messages suggest a communication issue between Filebeat and the Wazuh Indexer, or there might be a problem with the Wazuh Indexer itself.
hosts: ["http://<wazuh-indexer-ip>:9200"]
The error messages suggest a communication issue between Filebeat and the Wazuh Indexer, or there might be a problem with the Wazuh Indexer itself.
Ensure that Filebeat is correctly configured to send logs to the Wazuh Indexer. The configuration file for Filebeat is typically located in /etc/filebeat/filebeat.yml:
nano /etc/filebeat/filebeat.yml
Verify the correct IP address and port for the Wazuh Indexer are configured under the output.elasticsearch section.
hosts: ["http://<wazuh-indexer-ip>:9200"]
Ensure that the Wazuh Indexer is reachable from the server running Filebeat. You can test it with curl:
curl http://<wazuh-indexer-ip>:9200
Ensure that there are no firewalls or security groups blocking communication between Filebeat and the Wazuh Indexer.
Most times, the issue has to do with permissions.
Ensure that the necessary files exist and have the correct permissions. For example, if the error message suggests that a file is missing, check its existence and ensure Filebeat or Wazuh has the right permissions to read it. use the following to put the necessary permissions:
chown
chmod 644
chown
chmod 644
Another common issue might be storage, verify you have enough storage space for Wazuh indexer to work properly.
You can also check the health of the Wazuh Indexer cluster:
curl -X GET "localhost:9200/_cluster/health?pretty"
Remember to restart the Wazuh indexer service after making any changes to effect the changes.
I hope this is useful for you.
Regards,
Reply all
Reply to author
Forward
0 new messages