OpenSearch modifies log files permissions #2139
Description
Description
ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied
Full log
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1991)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1854)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1288)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.node.Node.<init>(Node.java:428)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.node.Node.<init>(Node.java:401)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:180)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.Command.main(Command.java:101)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103)
- In the analysis of https://github.com/wazuh/wazuh-jenkins/issues/4862 and Error defining attributes in Wazuh indexer log files #1971 issues, it has been found that the reported error is not produced by the OVA, AMI, Wazuh installation assistant or Wazuh indexer but by OpenSearch, it has been discovered that when the day changes, a rotated log is performed that modifies the permissions of the
wazuh-cluster.logandwazuh-cluster_server.jsonfiles from640to644, causing anaccess deniederror displayed in the Wazuh indexer journal:
Dec 07 16:01:17 wazuh-server systemd-entrypoint[997]: 2022-12-07 16:01:17,690 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
- Tests have been carried out on both OpenSearch 2.4.1 and OpenSearch 2.6.0 (latest version) and both present the same behavior, this can be reproduced as follows:
Steps to reproduce the error
- Install an AIO deployment in a VM
- Check file permissions (640)
- Shutdown VM
- Initialize the VM, access it, and check that the file permissions have not changed
- Shutdown VM, change host date (+1 day)
- Start VM and access it
- Check that the file permissions have changed (640 -> 644)
- The tests carried out in OpenSearch following this procedure are the following:
OpenSearch 2.4.1
-
OpenSearch 2.4.1 install
[root@centos7 vagrant]# yum localinstall opensearch-2.4.1-linux-x64.rpm Loaded plugins: fastestmirror Examining opensearch-2.4.1-linux-x64.rpm: opensearch-2.4.1-1.x86_64 Marking opensearch-2.4.1-linux-x64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package opensearch.x86_64 0:2.4.1-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================================================================================================== Installing: opensearch x86_64 2.4.1-1 /opensearch-2.4.1-linux-x64 747 M Transaction Summary =============================================================================================================================================================================================================================================================================== Install 1 Package Total size: 747 M Installed size: 747 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : opensearch-2.4.1-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch.service ### You can start opensearch service by executing sudo systemctl start opensearch.service ### Create opensearch demo certificates in /etc/opensearch/ See demo certs creation log in /var/log/opensearch/install_demo_configuration.log Verifying : opensearch-2.4.1-1.x86_64 1/1 Installed: opensearch.x86_64 0:2.4.1-1 Complete! -
Service start and files permissions
[root@centos7 vagrant]# ls -l /var/log/opensearch/ total 4 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log [root@centos7 vagrant]# systemctl start opensearch [root@centos7 vagrant]# systemctl status opensearch ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2023-03-23 16:06:19 UTC; 9s ago Docs: https://opensearch.org/ Main PID: 3463 (java) CGroup: /system.slice/opensearch.service └─3463 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceI... Mar 23 16:06:08 centos7 systemd[1]: Starting OpenSearch... Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: A terminally deprecated method in java.lang.System has been called Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar) Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager will be removed in a future release Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: A terminally deprecated method in java.lang.System has been called Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar) Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager will be removed in a future release Mar 23 16:06:19 centos7 systemd[1]: Started OpenSearch. [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 284 -rw-r--r--. 1 opensearch opensearch 37822 Mar 23 16:06 gc.log -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:06 gc.log.00 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log -rw-r-----. 1 opensearch opensearch 369 Mar 23 16:06 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 252 Mar 23 16:06 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.log -rw-r-----. 1 opensearch opensearch 33878 Mar 23 16:06 opensearch.log -rw-r-----. 1 opensearch opensearch 65792 Mar 23 16:06 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.log [root@centos7 vagrant]# shutdown now Connection to 127.0.0.1 closed by remote host. -
Files permissions after reboot (Service not enabled)
[vagrant@centos7 ~]$ sudo su [root@centos7 vagrant]# systemctl status opensearch ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://opensearch.org/ [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 160 -rw-r--r--. 1 opensearch opensearch 40129 Mar 23 16:06 gc.log -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:06 gc.log.00 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log -rw-r-----. 1 opensearch opensearch 369 Mar 23 16:06 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 252 Mar 23 16:06 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.log -rw-r-----. 1 opensearch opensearch 34578 Mar 23 16:06 opensearch.log -rw-r-----. 1 opensearch opensearch 68007 Mar 23 16:06 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.log [root@centos7 vagrant]# systemctl start opensearch [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 352 -rw-r--r--. 1 opensearch opensearch 35583 Mar 23 16:08 gc.log -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:06 gc.log.00 -rw-r--r--. 1 opensearch opensearch 40129 Mar 23 16:06 gc.log.01 -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:08 gc.log.02 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log -rw-r-----. 1 opensearch opensearch 738 Mar 23 16:08 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 504 Mar 23 16:08 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.log -rw-r-----. 1 opensearch opensearch 65197 Mar 23 16:08 opensearch.log -rw-r-----. 1 opensearch opensearch 126066 Mar 23 16:08 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.log [root@centos7 vagrant]# shutdown now Connection to 127.0.0.1 closed by remote host. -
Service enabled before system reboot with date change
vagrant@centos7 ~]$ sudo su [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 320 -rw-r--r--. 1 opensearch opensearch 37608 Mar 23 16:11 gc.log -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:06 gc.log.00 -rw-r--r--. 1 opensearch opensearch 40129 Mar 23 16:06 gc.log.01 -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:08 gc.log.02 -rw-r--r--. 1 opensearch opensearch 37715 Mar 23 16:08 gc.log.03 -rw-r--r--. 1 opensearch opensearch 2006 Mar 23 16:10 gc.log.04 -rw-r--r--. 1 opensearch opensearch 42955 Mar 23 16:11 gc.log.05 -rw-r--r--. 1 opensearch opensearch 1982 Mar 24 2023 gc.log.06 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log -rw-r--r--. 1 opensearch opensearch 18325 Mar 24 2023 opensearch-2023-03-23-1.json.gz -rw-r--r--. 1 opensearch opensearch 12521 Mar 24 2023 opensearch-2023-03-23-1.log.gz -rw-r-----. 1 opensearch opensearch 1476 Mar 24 2023 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 1008 Mar 24 2023 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_index_search_slowlog.log -rw-r--r--. 1 opensearch opensearch 30618 Mar 23 16:11 opensearch.log -rw-r--r--. 1 opensearch opensearch 58058 Mar 23 16:11 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:06 opensearch_task_detailslog.log [root@centos7 vagrant]# journalctl -r -u opensearch.service | grep ERROR Mar 24 17:11:06 centos7 systemd-entrypoint[365]: 2023-03-24 17:11:06,206 main ERROR Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") Mar 24 17:11:06 centos7 systemd-entrypoint[365]: 2023-03-24 17:11:06,191 main ERROR Could not define attribute view on path "/var/log/opensearch/opensearch_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") [root@centos7 vagrant]# /usr/share/opensearch/bin/opensearch -V WARNING: A terminally deprecated method in java.lang.System has been called WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar) WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch WARNING: System::setSecurityManager will be removed in a future release Version: 2.4.1, Build: rpm/f2f809ea280ffba217451da894a5899f1cec02ab/2022-12-12T22:17:31.255181151Z, JVM: 17.0.5
OpenSearch 2.6.0
-
OpenSearch 2.6.0 install and enable service
[root@centos7 vagrant]# yum localinstall opensearch-2.6.0-linux-x64.rpm -y Loaded plugins: fastestmirror Examining opensearch-2.6.0-linux-x64.rpm: opensearch-2.6.0-1.x86_64 Marking opensearch-2.6.0-linux-x64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package opensearch.x86_64 0:2.6.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================================================================================================== Installing: opensearch x86_64 2.6.0-1 /opensearch-2.6.0-linux-x64 931 M Transaction Summary =============================================================================================================================================================================================================================================================================== Install 1 Package Total size: 931 M Installed size: 931 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : opensearch-2.6.0-1.x86_64 [######################## ] 1 Installing : opensearch-2.6.0-1.x86_64 [########################## ] 1 Installing : opensearch-2.6.0-1.x86_64 [############################ ] 1 Installing : opensearch-2.6.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch.service ### You can start opensearch service by executing sudo systemctl start opensearch.service ### Create opensearch demo certificates in /etc/opensearch/ See demo certs creation log in /var/log/opensearch/install_demo_configuration.log Verifying : opensearch-2.6.0-1.x86_64 1/1 Installed: opensearch.x86_64 0:2.6.0-1 Complete! [root@centos7 vagrant]# systemctl enable opensearch Created symlink from /etc/systemd/system/multi-user.target.wants/opensearch.service to /usr/lib/systemd/system/opensearch.service. [root@centos7 vagrant]# systemctl status opensearch ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; enabled; vendor preset: disabled) Active: inactive (dead) Docs: https://opensearch.org/ -
Service start and files permissions
[root@centos7 vagrant]# ls -l /var/log/opensearch/ total 4 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:45 install_demo_configuration.log [root@centos7 vagrant]# systemctl start opensearch [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 288 -rw-r--r--. 1 opensearch opensearch 39466 Mar 23 16:46 gc.log -rw-r--r--. 1 opensearch opensearch 2007 Mar 23 16:46 gc.log.00 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:45 install_demo_configuration.log -rw-r-----. 1 opensearch opensearch 832 Mar 23 16:46 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 511 Mar 23 16:46 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_search_slowlog.log -rw-r-----. 1 opensearch opensearch 38029 Mar 23 16:46 opensearch.log -rw-r-----. 1 opensearch opensearch 75482 Mar 23 16:46 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_task_detailslog.log [root@centos7 vagrant]# shutdown now Connection to 127.0.0.1 closed by remote host. -
Service enabled before system reboot with date change
[vagrant@centos7 ~]$ sudo su [root@centos7 vagrant]# ls -l /var/log/opensearch/ total 360 -rw-r--r--. 1 opensearch opensearch 44912 Mar 23 16:49 gc.log -rw-r--r--. 1 opensearch opensearch 2007 Mar 23 16:46 gc.log.00 -rw-r--r--. 1 opensearch opensearch 42816 Mar 23 16:47 gc.log.01 -rw-r--r--. 1 opensearch opensearch 1983 Mar 23 16:47 gc.log.02 -rw-r--r--. 1 opensearch opensearch 42019 Mar 23 16:48 gc.log.03 -rw-r--r--. 1 opensearch opensearch 1983 Mar 24 2023 gc.log.04 -rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:45 install_demo_configuration.log -rw-r--r--. 1 opensearch opensearch 13616 Mar 24 2023 opensearch-2023-03-23-1.json.gz -rw-r--r--. 1 opensearch opensearch 12522 Mar 24 2023 opensearch-2023-03-23-1.log.gz -rw-r-----. 1 opensearch opensearch 1570 Mar 24 2023 opensearch_deprecation.json -rw-r-----. 1 opensearch opensearch 1015 Mar 24 2023 opensearch_deprecation.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_indexing_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_indexing_slowlog.log -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_search_slowlog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_index_search_slowlog.log -rw-r--r--. 1 opensearch opensearch 43079 Mar 23 16:48 opensearch.log -rw-r--r--. 1 opensearch opensearch 73723 Mar 23 16:48 opensearch_server.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_task_detailslog.json -rw-r-----. 1 opensearch opensearch 0 Mar 23 16:46 opensearch_task_detailslog.log [root@centos7 vagrant]# /usr/share/opensearch/bin/opensearch -V WARNING: A terminally deprecated method in java.lang.System has been called WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.6.0.jar) WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch WARNING: System::setSecurityManager will be removed in a future release Version: 2.6.0, Build: rpm/7203a5af21a8a009aece1474446b437a3c674db6/2023-02-24T18:57:09.290618503Z, JVM: 17.0.6