Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
External ELK Stack - Elasticsearch process still starting locally + drops
« previous
next »
Print
Pages: [
1
]
Author
Topic: External ELK Stack - Elasticsearch process still starting locally + drops (Read 2010 times)
d8472
Newbie
Posts: 8
Karma: 0
External ELK Stack - Elasticsearch process still starting locally + drops
«
on:
February 16, 2022, 09:08:08 am »
Hi all,
OPNsense 22.1-amd64
Zenarmor - 1.10.1
I have a couple of issues with Zenarmor since upgrading to 22.1
Randomly, Zenarmor seems to cause a reset of the ports. The dmesg log shows the same type of entry as if the packet engine is restarted and the Zenarmor logs show the service terminates and restarts. I have performed a clean install and again just now so I will send a bug report when it happens again.
The second issue has come about while I try to mitigate the first. In case there was a resource issue I completely removed Zenarmor and reinstalled it completely clean (i.e. not using a config backup) but attached to my external ELK stack on a separate bare metal box.
However, after the service has been running a few minutes I see the Java Elastic Search process start which consumes several GB of memory and is the reason I offloaded it in the first place. If I kill the process, it stays gone and Zenarmor and the reports seem to work from what I can see.
Can anyone assist with either of these? Thanks!
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: External ELK Stack - Elasticsearch process still starting locally + drops
«
Reply #1 on:
February 16, 2022, 11:57:55 am »
Hi,
Please send a bug report then the team is going to look into the logs and send you some debug instructions.
For elastic issue, Zenarmor doesn't use local elasticsearch if you configured it to use an external one. Is there any plugin that uses elasticsearch?
Logged
d8472
Newbie
Posts: 8
Karma: 0
Re: External ELK Stack - Elasticsearch process still starting locally + drops
«
Reply #2 on:
February 16, 2022, 12:00:11 pm »
As soon as it happens again I will send the bug report, thanks Sy.
Regarding ElasticSearch, no not that I am aware of. And if I am monitoring processes via the Top command and remove Zenarmor then the Elastic process is terminated, even though I am using the external server, which implies to me it is responsible. When I reinstall and start Zenarmor, a minute or two after it is complete it starts again.
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: External ELK Stack - Elasticsearch process still starting locally + drops
«
Reply #3 on:
February 17, 2022, 03:21:03 pm »
Hi,
Can you share the output of the "pkg info elasticsearch" command?
Logged
d8472
Newbie
Posts: 8
Karma: 0
Re: External ELK Stack - Elasticsearch process still starting locally + drops
«
Reply #4 on:
February 21, 2022, 09:24:18 am »
It states this - pkg: No package(s) matching elasticsearch
It has not done it again since the last time. In top it said it was java running with the elasticsearch user as per the screenshot. So either it was not actually elasticsearch just another process using that user, or after the last reboot since then something else changed and the package was fully removed?
The issue with dropped interfaces happened again btw, so I sent the bug report as requested.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
External ELK Stack - Elasticsearch process still starting locally + drops