[16.04.6.4] Logstash: fail status

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 519 forks source link

[16.04.6.4] Logstash: fail status #1743

Closed forensenellanebbia closed 4 years ago

forensenellanebbia commented 4 years ago

I created a VM for Security Onion (securityonion-16.04.6.4.iso) with VMware Workstation 14 Pro, but I can't get logstash to start. Its status always remains as fail.

sostatus

sostat-redacted sostat-redacted.txt

I installed SO as a standalone server. I tried using the command so-elastic-restart, installing updates by using soup and with/without installing VMware tools. The same issue happens with VirtualBox. The path /var/log/logstash is empty. Thanks

dougburks commented 4 years ago

Hi @forensenellanebbia ,

Looking at your sostat-redacted.txt, it appears you only have 4GB RAM. We normally recommend at least 8GB RAM: https://securityonion.readthedocs.io/en/latest/hardware.html

If you can't increase the RAM in the VM, you can try sosetup-minimal as it can run with less RAM.

If you have further questions or problems, please use the mailing list (https://securityonion.readthedocs.io/en/latest/mailing-lists.html) instead of this issue tracker.

Thanks!