[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Elasticsearch keeps crashing
From: Kevin Branch <kevin () branchnetconsulting ! com>
Date: 2017-08-30 0:08:08
Message-ID: CA+dGL9FC46jq7g-MDO+2BpnOEtRVoZxgMRoRJX2qo25F_SBNug () mail ! gmail ! com
[Download RAW message or body]
Great, now you can use so-elastic-status to keep an eye on how much of that
8g the so-elasticsearch container is actually making use of.
Kevin
On Tue, Aug 29, 2017 at 11:18 AM, Eric Vanderveer <eric@ericvanderveer.com>
wrote:
> On Tuesday, August 29, 2017 at 10:46:03 AM UTC-4, Kevin Branch wrote:
> > Eric,
> >
> > You might start by setting this line to allocate 8 gig to Elasticsearch
> (/etc/nsm/securityonion.conf)
> >
> > ELASTICSEARCH_HEAP="8g"While you are in there you may also want to raise
> Logstash heap space a bit. It does not need near as much as ES though.
> >
> > LOGSTASH_HEAP="1g"
> >
> >
> > Follow that change with running "so-elastic-restart" and see if your
> OutOfMemoryError issue goes away. If not, then increase from 8g to
> something bigger.
> >
> >
> >
> > Kevin
> >
> >
> > On Tue, Aug 29, 2017 at 10:35 AM, Eric Vanderveer <
> er...@ericvanderveer.com> wrote:
> > On Tuesday, August 29, 2017 at 10:04:54 AM UTC-4, Wes wrote:
> >
> > > Eric,
> >
> > >
> >
> > >
> >
> > > You can try checking the logs in /var/log/elasticsearch/ or
> /var/log/kibana/ clues.
> >
> > >
> >
> > >
> >
> > >
> >
> > > Thanks,
> >
> > > Wes
> >
> > >
> >
> > >
> >
> > > On Tue, Aug 29, 2017 at 9:56 AM, Eric Vanderveer <
> er...@ericvanderveer.com> wrote:
> >
> > > After about 5 to 10 minutes after a reboot Elasticsearch keeps
> crashing and Kibana shows "Unable to connect to Elasticsearch at
> http://elasticsearch:9200' What should I be looking at to find out what
> is causing this and also what can I do to restart elasticsearch without
> rebooting.
> >
> > >
> >
> > > Thanks
> >
> > >
> >
> > >
> >
> > >
> >
> > > Eric
> >
> > >
> >
> > >
> >
> > >
> >
> > > --
> >
> > >
> >
> > > Follow Security Onion on Twitter!
> >
> > >
> >
> > > https://twitter.com/securityonion
> >
> > >
> >
> > > ---
> >
> > >
> >
> > > You received this message because you are subscribed to the Google
> Groups "security-onion" group.
> >
> > >
> >
> > > To unsubscribe from this group and stop receiving emails from it, send
> an email to security-onio...@googlegroups.com.
> >
> > >
> >
> > > To post to this group, send email to securit...@googlegroups.com.
> >
> > >
> >
> > > Visit this group at https://groups.google.com/group/security-onion.
> >
> > >
> >
> > > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > Ok so I am seeing java.lang.OutOfMemoryError: Java heap space in the
> docker-cluster.log in elasticsearch. I have 24Gig of memory, do I need
> more? And if so how to tell how much more.
> >
> >
> >
> >
> >
> > --
> >
> > Follow Security Onion on Twitter!
> >
> > https://twitter.com/securityonion
> >
> > ---
> >
> > You received this message because you are subscribed to the Google
> Groups "security-onion" group.
> >
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to security-onio...@googlegroups.com.
> >
> > To post to this group, send email to securit...@googlegroups.com.
> >
> > Visit this group at https://groups.google.com/group/security-onion.
> >
> > For more options, visit https://groups.google.com/d/optout.
>
> That did it. Well it's been 15 minutes (better than 2 minutes) and it's
> still up. Thanks!
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
>
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #3 (text/html)]
<div dir="ltr">Great, now you can use so-elastic-status to keep an eye on how much of \
that 8g the so-elasticsearch container is actually making use \
of.<div><br></div><div>Kevin</div></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Tue, Aug 29, 2017 at 11:18 AM, Eric Vanderveer <span \
dir="ltr"><<a href="mailto:eric@ericvanderveer.com" \
target="_blank">eric@ericvanderveer.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class="">On Tuesday, August 29, 2017 at 10:46:03 AM \
UTC-4, Kevin Branch wrote:<br> > Eric,<br>
><br>
> You might start by setting this line to allocate 8 gig to Elasticsearch \
(/etc/nsm/securityonion.conf)<br> ><br>
> ELASTICSEARCH_HEAP="8g"While you are in there you may also want to \
raise Logstash heap space a bit. It does not need near as much as ES though.<br> \
><br> > LOGSTASH_HEAP="1g"<br>
><br>
><br>
> Follow that change with running "so-elastic-restart" and see if your \
OutOfMemoryError issue goes away. If not, then increase from 8g to something \
bigger.<br> ><br>
><br>
><br>
> Kevin<br>
><br>
><br>
</span><div><div class="h5">> On Tue, Aug 29, 2017 at 10:35 AM, Eric Vanderveer \
<<a href="mailto:er...@ericvanderveer.com">er...@ericvanderveer.com</a>> \
wrote:<br> > On Tuesday, August 29, 2017 at 10:04:54 AM UTC-4, Wes wrote:<br>
><br>
> > Eric,<br>
><br>
> ><br>
><br>
> ><br>
><br>
> > You can try checking the logs in /var/log/elasticsearch/ or \
/var/log/kibana/ clues.<br> ><br>
> ><br>
><br>
> ><br>
><br>
> ><br>
><br>
> > Thanks,<br>
><br>
> > Wes<br>
><br>
> ><br>
><br>
> ><br>
><br>
> > On Tue, Aug 29, 2017 at 9:56 AM, Eric Vanderveer <<a \
href="mailto:er...@ericvanderveer.com">er...@ericvanderveer.com</a>> wrote:<br> \
><br> > > After about 5 to 10 minutes after a reboot Elasticsearch keeps \
crashing and Kibana shows "Unable to connect to Elasticsearch at <a \
href="http://elasticsearch:9200" rel="noreferrer" \
target="_blank">http://elasticsearch:9200</a>' What should I be looking at to \
find out what is causing this and also what can I do to restart elasticsearch without \
rebooting.<br> ><br>
> ><br>
><br>
> > Thanks<br>
><br>
> ><br>
><br>
> ><br>
><br>
> ><br>
><br>
> > Eric<br>
><br>
> ><br>
><br>
> ><br>
><br>
> ><br>
><br>
> > --<br>
><br>
> ><br>
><br>
> > Follow Security Onion on Twitter!<br>
><br>
> ><br>
><br>
> > <a href="https://twitter.com/securityonion" rel="noreferrer" \
target="_blank">https://twitter.com/<wbr>securityonion</a><br> ><br>
> ><br>
><br>
> > ---<br>
><br>
> ><br>
><br>
> > You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> ><br>
> ><br>
><br>
> > To unsubscribe from this group and stop receiving emails from it, send an \
email to <a href="mailto:security-onio...@googlegroups.com">security-onio...@googlegroups.<wbr>com</a>.<br>
><br>
> ><br>
><br>
> > To post to this group, send email to <a \
href="mailto:securit...@googlegroups.com">securit...@googlegroups.com</a>.<br> \
><br> > ><br>
><br>
> > Visit this group at <a \
href="https://groups.google.com/group/security-onion" rel="noreferrer" \
target="_blank">https://groups.google.com/<wbr>group/security-onion</a>.<br> ><br>
> ><br>
><br>
> > For more options, visit <a href="https://groups.google.com/d/optout" \
rel="noreferrer" target="_blank">https://groups.google.com/d/<wbr>optout</a>.<br> \
><br> ><br>
><br>
> Ok so I am seeing java.lang.OutOfMemoryError: Java heap space in the \
docker-cluster.log in elasticsearch. I have 24Gig of memory, do I need more? And \
if so how to tell how much more.<br> ><br>
><br>
><br>
><br>
><br>
> --<br>
><br>
> Follow Security Onion on Twitter!<br>
><br>
> <a href="https://twitter.com/securityonion" rel="noreferrer" \
target="_blank">https://twitter.com/<wbr>securityonion</a><br> ><br>
> ---<br>
><br>
> You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> ><br>
> To unsubscribe from this group and stop receiving emails from it, send an email \
to <a href="mailto:security-onio...@googlegroups.com">security-onio...@googlegroups.<wbr>com</a>.<br>
><br>
> To post to this group, send email to <a \
href="mailto:securit...@googlegroups.com">securit...@googlegroups.com</a>.<br> \
><br> > Visit this group at <a \
href="https://groups.google.com/group/security-onion" rel="noreferrer" \
target="_blank">https://groups.google.com/<wbr>group/security-onion</a>.<br> ><br>
> For more options, visit <a href="https://groups.google.com/d/optout" \
rel="noreferrer" target="_blank">https://groups.google.com/d/<wbr>optout</a>.<br> \
<br> </div></div>That did it. Well it's been 15 minutes (better than 2 minutes) \
and it's still up. Thanks!<br> <div class="HOEnZb"><div class="h5"><br>
--<br>
Follow Security Onion on Twitter!<br>
<a href="https://twitter.com/securityonion" rel="noreferrer" \
target="_blank">https://twitter.com/<wbr>securityonion</a><br>
---<br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@<wbr>googlegroups.com</a>.<br>
To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.<wbr>com</a>.<br>
Visit this group at <a href="https://groups.google.com/group/security-onion" \
rel="noreferrer" target="_blank">https://groups.google.com/<wbr>group/security-onion</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" \
rel="noreferrer" target="_blank">https://groups.google.com/d/<wbr>optout</a>.<br> \
</div></div></blockquote></div><br></div>
<p></p>
-- <br />
Follow Security Onion on Twitter!<br />
<a href="https://twitter.com/securityonion">https://twitter.com/securityonion</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br \
/> Visit this group at <a \
href="https://groups.google.com/group/security-onion">https://groups.google.com/group/security-onion</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic