That log file does not exist. I only found
# ls -al /var/log/elasticsearch/
total 56
drwxr-s--- 1 elasticsearch elasticsearch 246 Jan 30 16:23 .
drwxr-xr-x 1 root root 1038 Jan 19 00:00 ..
-rw-r--r-- 1 elasticsearch elasticsearch 2800 Jan 30 16:23 gc.log
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 18 12:02 gc.log.00
-rw-r--r-- 1 elasticsearch elasticsearch 2442 Jan 18 12:02 gc.log.01
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 18 12:02 gc.log.02
-rw-r--r-- 1 elasticsearch elasticsearch 2266 Jan 18 12:02 gc.log.03
-rw-r--r-- 1 elasticsearch elasticsearch 2100 Jan 18 12:54 gc.log.04
-rw-r--r-- 1 elasticsearch elasticsearch 2241 Jan 18 12:54 gc.log.05
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 18 14:09 gc.log.06
-rw-r--r-- 1 elasticsearch elasticsearch 2266 Jan 18 14:10 gc.log.07
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 18 14:10 gc.log.08
-rw-r--r-- 1 elasticsearch elasticsearch 2266 Jan 18 14:10 gc.log.09
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 18 15:36 gc.log.10
-rw-r--r-- 1 elasticsearch elasticsearch 2266 Jan 18 15:36 gc.log.11
-rw-r--r-- 1 elasticsearch elasticsearch 2125 Jan 30 16:23 gc.log.12
In gc.log I can’t see any errors…
But in journalctl -xeu elasticsearch.service I found:
Jan 30 16:25:56 zammad02 systemd-entrypoint[22353]: Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: org.elasticsearch.cli.UserException: unable to create temporary keystore at [/etc/elasticsearch/elasticsearch.keystore.tmp], write permissions required for [/etc/elasticsearch] or run>
Permissions:
# ls -al /etc/elasticsearch/
total 44
drwxr-s--- 1 root elasticsearch 264 Jan 17 16:50 .
drwxr-xr-x 1 root root 3814 Jan 20 13:33 ..
-rw-rw---- 1 root elasticsearch 1042 Dec 2 18:35 elasticsearch-plugins.example.yml
-rw-rw---- 1 root elasticsearch 3431 Dec 2 18:35 elasticsearch.yml
-rw-rw---- 1 root elasticsearch 3329 Dec 2 18:35 jvm.options
drwxr-s--- 1 root elasticsearch 0 Dec 2 18:38 jvm.options.d
-rw-rw---- 1 root elasticsearch 19304 Dec 2 18:35 log4j2.properties
-rw-rw---- 1 root elasticsearch 473 Dec 2 18:35 role_mapping.yml
-rw-rw---- 1 root elasticsearch 197 Dec 2 18:35 roles.yml
-rw-rw---- 1 root elasticsearch 0 Dec 2 18:35 users
-rw-rw---- 1 root elasticsearch 0 Dec 2 18:35 users_roles
# chmod -Rc g+w /etc/elasticsearch/
mode of '/etc/elasticsearch/' changed from 2750 (rwxr-s---) to 2770 (rwxrws---)
mode of '/etc/elasticsearch/jvm.options.d' changed from 2750 (rwxr-s---) to 2770 (rwxrws---)
Now Elasticsearch is up and running. Thanks.