Technical Tip: How to unmask Elasticsearch process...

FortiSOAR Knowledge Base

FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.

Article Id 401642

Description

This article describes how to unmask the Elasticsearch process on the FortiSOAR Node due to deployment on low resources.

Scope

FortiSOAR.

Solution

In certain cases, where FortiSOAR is deployed and installed on low resources in a VM, such as the below:

Less than 4vCPU.
Less than 16GB RAM.
Low Storage hard disk.

In /opt/cyops/scripts/config-vm.sh , the Elasticsearch process will be masked. Thus, unable to see the status of Elasticsearch process in:

# csadm services --status

after config setup.png

elasticsearch masked.png

elasticsearch masked2.png

To safely unmask the Elasticsearch process, run the following commands on the FortiSOAR node backend SSH.

# systemctl unmask elasticsearch

# systemctl enable elasticsearch

# systemctl start elasticsearch

Now the Elasticsearch process is safely unmasked and visible in '# csadm services --status'.

Note:

Check for indices folder appearing in '/var/lib/elasticsearch'.

If there are no indices appearing, reach out to FortiSOAR support for further troubleshooting.

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to unmask Elasticsearch process on FortiSOAR node

You are leaving our website