Wazhu Indexer not starting in kali linux
135 views
Skip to first unread message
Muhammad Saim
Nov 24, 2023, 6:50:32 AM11/24/23
to Wazuh | Mailing List
i am trying to install wazhu indexer in kali linux everything worked fine but i hit an issue where the indexer wont start for some reason
Checking status gives me this
systemctl status wazuh-indexer.service × wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Fri 2023-11-24 06:45:01 EST; 50s ago
Docs: https://documentation.wazuh.com
Process: 12140 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 12140 (code=exited, status=1/FAILURE)
CPU: 13.097s
Nov 24 06:45:01 kali systemd-entrypoint[12140]: ^
Nov 24 06:45:01 kali systemd-entrypoint[12140]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:656)
Nov 24 06:45:01 kali systemd-entrypoint[12140]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:162)
Nov 24 06:45:01 kali systemd-entrypoint[12140]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:172)
Nov 24 06:45:01 kali systemd-entrypoint[12140]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:429)
Nov 24 06:45:01 kali systemd-entrypoint[12140]: ... 13 more
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Nov 24 06:45:01 kali systemd[1]: Failed to start wazuh-indexer.service - Wazuh-indexer.
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Consumed 13.097s CPU time.
while checking logs gives me
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
Nov 24 06:45:01 kali systemd[1]: Failed to start wazuh-indexer.service - Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 1489 and the job result is failed.
Nov 24 06:45:01 kali systemd[1]: wazuh-indexer.service: Consumed 13.097s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
any fix.
Thank You
Javier Sanchez Gil
Nov 24, 2023, 7:44:17 AM11/24/23
to Wazuh | Mailing List
Hi Muhammad Saim,
I understand you're trying to install Wazuh components on separate servers. Have you been using the Wazuh documentation for installing the wazuh-indexer?
It's located here: https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#wazuh-indexer
Could you share the command you used to install the Wazuh Indexer and the output of the following commands to check the process logs:
journalctl -xeu wazuh-indexer.service; cat /var/ossec/logs/ossec.log
I understand you're trying to install Wazuh components on separate servers. Have you been using the Wazuh documentation for installing the wazuh-indexer?
It's located here: https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#wazuh-indexer
Could you share the command you used to install the Wazuh Indexer and the output of the following commands to check the process logs:
journalctl -xeu wazuh-indexer.service; cat /var/ossec/logs/ossec.log
Muhammad Saim
Nov 25, 2023, 8:55:15 AM11/25/23
to Wazuh | Mailing List
UPDATE
i reinstall the wazhu indexer form the official documentation of wazhu after realising i mad an issue with ips
it still give me error
systemctl status wazuh-indexer.service
× wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Sat 2023-11-25 08:48:03 EST; 5min ago
Docs: https://documentation.wazuh.com
Process: 102105 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 102105 (code=exited, status=1/FAILURE)
CPU: 7.145s
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ^
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:656)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:162)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:172)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:429)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ... 13 more
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Nov 25 08:48:03 kali systemd[1]: Failed to start wazuh-indexer.service - Wazuh-indexer.
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Consumed 7.145s CPU time.
journalctl -xeu wazuh-indexer.service; cat /var/ossec/logs/ossec.log
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
i reinstall the wazhu indexer form the official documentation of wazhu after realising i mad an issue with ips
it still give me error
systemctl status wazuh-indexer.service
× wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Docs: https://documentation.wazuh.com
Process: 102105 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 102105 (code=exited, status=1/FAILURE)
CPU: 7.145s
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ^
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:656)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:162)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:172)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:429)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ... 13 more
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Nov 25 08:48:03 kali systemd[1]: Failed to start wazuh-indexer.service - Wazuh-indexer.
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Consumed 7.145s CPU time.
after running the above provided command
journalctl -xeu wazuh-indexer.service; cat /var/ossec/logs/ossec.log
it gives me this
i have no idea where the issue is any help would be appreciated
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ^
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:656)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:162)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:172)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:429)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ... 13 more
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:656)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:162)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:172)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:429)
Nov 25 08:48:03 kali systemd-entrypoint[102105]: ... 13 more
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit wazuh-indexer.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service has entered the 'failed' state with result 'exit-code'.
Nov 25 08:48:03 kali systemd[1]: Failed to start wazuh-indexer.service - Wazuh-indexer.
░░ Subject: A start job for unit wazuh-indexer.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit wazuh-indexer.service has finished with a failure.
░░
░░ The job identifier is 3409 and the job result is failed.
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Consumed 7.145s CPU time.
Nov 25 08:48:03 kali systemd[1]: wazuh-indexer.service: Consumed 7.145s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit wazuh-indexer.service completed and consumed the indicated resources.
lines 1239-1272/1272 (END)
Javier Sanchez Gil
Nov 27, 2023, 5:35:48 AM11/27/23
to Wazuh | Mailing List
The error might be related to potential syntax errors or recent changes that could have caused the issue.
Have you modified anything related to YAML? What error did you encounter regarding the IPs?
Could you please share the following information:
Wazuh Version: Could you confirm the current Wazuh version you are using?
Indexer Configuration: Have you recently updated or modified the indexer configuration file (opensearch.yml)? If so, could you share the updated configuration? This file is usually located at /etc/wazuh-indexer/opensearch.yml.
Indexer Logs: Could you provide the error logs from the indexer? You can obtain these by running the command cat /var/log/wazuh-indexer/wazuh-cluster.log | grep error. These logs might contain crucial clues to identify the source of the issue.
Please make sure to redact any sensitive information before sharing.
Additionally, if there have been any recent changes or updates in your Wazuh server's configuration, please share those details as well
Have you modified anything related to YAML? What error did you encounter regarding the IPs?
Could you please share the following information:
Wazuh Version: Could you confirm the current Wazuh version you are using?
Indexer Configuration: Have you recently updated or modified the indexer configuration file (opensearch.yml)? If so, could you share the updated configuration? This file is usually located at /etc/wazuh-indexer/opensearch.yml.
Indexer Logs: Could you provide the error logs from the indexer? You can obtain these by running the command cat /var/log/wazuh-indexer/wazuh-cluster.log | grep error. These logs might contain crucial clues to identify the source of the issue.
Please make sure to redact any sensitive information before sharing.
Additionally, if there have been any recent changes or updates in your Wazuh server's configuration, please share those details as well
Reply all
Reply to author
Forward
0 new messages