Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FortiKoala
Staff
Staff

Created on ‎03-01-2019 08:41 AM

Article Id 189848

Technical Note: ZoneFox 3 - Elasticsearch doesn't start automatically after a system reboot

Description

Elasticsearch doesn't start automatically after a system reboot


Scope

Installation and Administration


Solution

Problem

The Elasticsearch service attempts to start automatically after the Centos server is rebooted, but fails to start.  The service can be started manually.


Workaround

This behaviour has been seen to be caused by different issues:

  1. The Elasticsearch service attempts to start before the networkmanager service has started, resulting in Elasticsearch being unable to resolve its own hostname.  An error message is displayed in the Elasticsearch log file.
    To fix this issue, you can add the following to the /lib/systemd/system/elasticsearch-es-01.service file:
       [Unit]
       After=NetworkManager.service




  2. The Elasticsearch service attempts to start before the NFS share is mounted, meaning Elasticsearch cannot access its log file in /data/elasticsearch/log/ZoneFox_Cluster.log.  An error message is displayed in /var/log/messages.
    To fix this issue, you can add the following to the /lib/systemd/system/elasticsearch-es-01.service file:
       [Unit]
       RequiresMountsFor=/data


Labels:
254
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.