Troubleshooting Guide - V1D1AN/S1EM Wiki

Original URL: https://github.com/V1D1AN/S1EM/wiki/Troubleshooting-Guide

Troubleshooting

System (On Linux)

Elasticsearch

If you have this error in log elastisearch:

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

Edit "/etc/sysctl.conf", add this line:

vm.max_map_count=262144

Do this command for changing the parameter:

sysctl -p

Docker

System

Docker-compose must be installed on the system

The user must be on the group "docker" or you do that:

sudo groupadd docker
sudo usermod -aG docker $USER

Run the following command or Logout and login again and run (that doesn't work you may need to reboot your machine first)

newgrp docker

Check if docker can be run without root

docker ps

If you have this warning:

WARNING: The HOSTNAME variable is not set. Defaulting to a blank string

You must do:

export HOSTNAME
docker-compose up -d

Network

Change default network of docker

To change your default network driver:

Edit or create config file for docker daemon:

nano /etc/docker/daemon.json

Add lines:

    {
      "default-address-pools":
        [
          {"base":"10.10.0.0/16","size":24}
        ]
    }

Restart dockerd:

service docker restart

IPV6

If you have environment without ipv6 ( ipv6.disable=1 in grub ), you can have errors when you start the solution. You must edit the docker-compose.yml and change ports:

Example:

Before:

ports:
  - "5044:5044"

After:

ports:
  - "0.0.0.0:5044:5044"

Rsyslog (On Linux)

vi /etc/rsyslog.conf

Add the following line:

$FileCreateMode 0644 

Filebeat can read the logs in the "/var/log" with the user rights