error in start wazuh-indexer on ubuntu
2,491 views
Skip to first unread message
Esecurity
Oct 30, 2022, 4:59:17 PM10/30/22
to Wazuh mailing list
Hello friends
I am installing wazuh-indexer and when I run the start command I get the following error
Wazuh installation version 4.3.9
I am installing wazuh-indexer and when I run the start command I get the following error
Wazuh installation version 4.3.9
please help
---------------------------------------------------------------------
root@bmi:~# journalctl -xe
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: Caused by: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while parsing a block mapping
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 1, column 1:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: network.host: "0.0.0.0"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: expected <block end>, but found '<block sequence start>'
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 9, column 3:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: - "172.18.218.58"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at [Source: (sun.nio.ch.ChannelInputStream); line: 7, column: 30]
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException.from(MarkedYAMLException.java:28)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:407)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:64)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.fromXContent(Settings.java:677)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.fromXContent(Settings.java:646)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.access$400(Settings.java:96)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1156)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ... 9 more
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: Caused by: while parsing a block mapping
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 1, column 1:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: network.host: "0.0.0.0"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: expected <block end>, but found '<block sequence start>'
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 9, column 3:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: - "172.18.218.58"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:572)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:158)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:168)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:403)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ... 14 more
Oct 30 20:54:59 bmi systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStart= process belonging to unit wazuh-indexer.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Oct 30 20:54:59 bmi systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
Oct 30 20:54:59 bmi systemd[1]: Failed to start Wazuh-indexer.
-- Subject: A start job for unit wazuh-indexer.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit wazuh-indexer.service has finished with a failure.
--
-- The job identifier is 822 and the job result is failed.
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: Caused by: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while parsing a block mapping
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 1, column 1:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: network.host: "0.0.0.0"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: expected <block end>, but found '<block sequence start>'
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 9, column 3:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: - "172.18.218.58"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at [Source: (sun.nio.ch.ChannelInputStream); line: 7, column: 30]
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException.from(MarkedYAMLException.java:28)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:407)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:64)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.fromXContent(Settings.java:677)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.fromXContent(Settings.java:646)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings.access$400(Settings.java:96)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.opensearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1156)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ... 9 more
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: Caused by: while parsing a block mapping
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 1, column 1:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: network.host: "0.0.0.0"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: expected <block end>, but found '<block sequence start>'
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: in 'reader', line 9, column 3:
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: - "172.18.218.58"
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ^
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:572)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:158)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:168)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:403)
Oct 30 20:54:59 bmi systemd-entrypoint[2323]: ... 14 more
Oct 30 20:54:59 bmi systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStart= process belonging to unit wazuh-indexer.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Oct 30 20:54:59 bmi systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
Oct 30 20:54:59 bmi systemd[1]: Failed to start Wazuh-indexer.
-- Subject: A start job for unit wazuh-indexer.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit wazuh-indexer.service has finished with a failure.
--
-- The job identifier is 822 and the job result is failed.
Abdullah Al Rafi Fahim
Oct 30, 2022, 10:26:47 PM10/30/22
to Wazuh mailing list
Hello Hosseyni,
Thank you for using this community to share your problem!
Initially, reviewing the journal logs I suspect there is some misconfiguration in your /etc/wazuh-indexer/opensearch.yml configuration file. You can follow the steps described here to configure it properly.
If you still have issue finding the root cause, you can share the opensearch.yml file with us (removing or hiding the sensitive info like IP addresses, credentials etc.) so that we can help you to find the misconfiguration and solve the issue.
I hope it helps. Please let us know if you need anything else.
Abdullah Al Rafi Fahim
Nov 1, 2022, 2:27:13 AM11/1/22
to Wazuh mailing list
Hello Hosseyni,
Can you just remove the # before discovery.seed_hosts: and restart the wazuh-indexer again?
I hope it will solve your issue. Please let us know how it goes.
Message has been deleted
Esecurity
Nov 1, 2022, 2:03:08 PM11/1/22
to Wazuh mailing list
thanks for your guide
The problem was solved and the indexer was executed.
Just run this command /usr/share/wazuh-indexer/bin/indexer-security-init.sh
The problem was solved and the indexer was executed.
Just run this command /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Unfortunately, I get the following error
-----------------------------------------------------------------------------------------------------------
root@bmi:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 192.168.1.56:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Cannot retrieve cluster state due to: null. This is not an error, will keep on trying ...
Root cause: MasterNotDiscoveredException[null] (org.opensearch.discovery.MasterNotDiscoveredException/org.opensearch.discovery.MasterNotDiscoveredException)
* Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
* Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
* If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
* Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Security Admin v7
Will connect to 192.168.1.56:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Cannot retrieve cluster state due to: null. This is not an error, will keep on trying ...
Root cause: MasterNotDiscoveredException[null] (org.opensearch.discovery.MasterNotDiscoveredException/org.opensearch.discovery.MasterNotDiscoveredException)
* Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
* Make sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in opensearch.yml
* If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
* Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
----------------------------------------------------------------------------
please guide me
Reply all
Reply to author
Forward
0 new messages