ElasticSearch学习（十一）—— es7.2升级log4j版本

1. 下载log4j2.17

   下载地址：Apache Logging Serviceshttps://logging.apache.org/

2. 查找es安装目录下需要替换的log4j文件

   /opt/elk# find . -name log4j*
   ./elasticsearch-7.2.0/lib/log4j-api-2.11.1.jar
   ./elasticsearch-7.2.0/lib/log4j-core-2.11.1.jar
   ./elasticsearch-7.2.0/lib/log4j-1.2-api-2.11.1.jar
   ./elasticsearch-7.2.0/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
   ./elasticsearch-7.2.0/config/log4j2.properties

3. 备份旧文件

   #四个需要替换的旧文件
   ./elasticsearch-7.2.0/lib/log4j-api-2.11.1.jar
   ./elasticsearch-7.2.0/lib/log4j-core-2.11.1.jar
   ./elasticsearch-7.2.0/lib/log4j-1.2-api-2.11.1.jar
   ./elasticsearch-7.2.0/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
   

4. 将2.11.1文件替换为2.17.2

   ./elasticsearch-7.2.0/lib/log4j-1.2-api-2.17.2.jar
   ./elasticsearch-7.2.0/lib/log4j-api-2.17.2.jar
   ./elasticsearch-7.2.0/lib/log4j-core-2.17.2.jar
   ./elasticsearch-7.2.0/modules/x-pack-security/log4j-slf4j-impl-2.17.2.jar

5. 修改替换的文件权限

   chown -R esuser:esgroup ./elasticsearch-7.2.0/lib/log4j-1.2-api-2.17.2.jar
   chown -R esuser:esgroup ./elasticsearch-7.2.0/lib/log4j-api-2.17.2.jar
   chown -R esuser:esgroup ./elasticsearch-7.2.0/lib/log4j-core-2.17.2.jar
   chown -R esuser:esgroup ./elasticsearch-7.2.0/modules/x-pack-security/log4j-slf4j-impl-2.17.2.jar

   权限给到es用户

6. 重新启动
7. 启动报错

   [2022-05-08T19:17:33,019][INFO ][o.e.n.Node               ] [node-1] initialized
   [2022-05-08T19:17:33,021][INFO ][o.e.n.Node               ] [node-1] starting ...
   [2022-05-08T19:17:33,376][INFO ][o.e.t.TransportService   ] [node-1] publish_address {192.168.1.105:9301}, bound_addresses {[::]:9301}
   [2022-05-08T19:17:33,420][INFO ][o.e.b.BootstrapChecks    ] [node-1] bound or publishing to a non-loopback address, enforcing bootstrap checks
   [2022-05-08T19:17:33,462][INFO ][o.e.c.c.Coordinator      ] [node-1] cluster UUID [KsPJM8nLRxW8pLFH14GvQQ]
   [2022-05-08T19:17:33,813][WARN ][o.e.t.TcpTransport       ] [node-1] exception caught on transport layer [Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/0:0:0:0:0:0:0:1:60676}], closing connection
   io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
   	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:582) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:536) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) [netty-transport-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906) [netty-common-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.35.Final.jar:4.1.35.Final]
   	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
   Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
   	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) ~[?:?]
   	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]
   	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:?]
   	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
   	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_161]
   	at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1332) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1227) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
   	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
   	... 16 more

   解决

   network.host: 192.168.1.105

   修改elasticsearch.yml文件中的host 将默认的0.0.0.0修改为对应的服务器ip地址