0

I'm using ElasticSearch / Logstash / Kibana to centralize my logs.

On the servers I'm running NXlog to send eventlogs. It's been running fine for a couple of days, but while troubleshooting something it stopped receiving any logs.

From my NXlog log:

ERROR couldn't connect to tcp socket on ...:port_no; No connection could be made because the target machine actively refused it.

and Elastic search is throwing exception

Caused by: java.io.IOException: Cannot run program "./.ddos2.4": error=2, No such file or           
    at java.lang.ProcessBuilder.start(ProcessBuilder.java:1047)
    at java.lang.Runtime.exec(Runtime.java:617)
    at java.lang.Runtime.exec(Runtime.java:450)
    at java.lang.Runtime.exec(Runtime.java:347)
    ... 36 more
 Caused by: java.io.IOException: error=2, No such file or directory
    at java.lang.UNIXProcess.forkAndExec(Native Method)
    at java.lang.UNIXProcess.<init>(UNIXProcess.java:186)
    at java.lang.ProcessImpl.start(ProcessImpl.java:130)
    at java.lang.ProcessBuilder.start(ProcessBuilder.java:1028)
Morix Dev
  • 2,700
  • 1
  • 28
  • 49
thejas
  • 1
  • 1
  • 3
  • Please check: 1. All process are running in server(where you want to send the log msg) 2. In Server is listening to correct port number. 3. In server any firewall rule is blocking this? 4. Restart all process(client and server) then check. – Chittaranjan Sethi Jan 01 '15 at 04:16

1 Answers1

0

I think you have a virus on your system. Please search on /tmp/sx or somthing like this. It's 99% that your elasticsearch server is compromised. http://www.computerworld.com/article/2490432/cloud-security/attackers-install-ddos-bots-on-amazon-cloud--exploit-elasticsearch-weakness.html http://www.exploit-db.com/exploits/33370/

alin.calinciuc
  • 490
  • 4
  • 7