[syslog-ng] Trouble configuring elasticsearch2 destination

Tue Jul 3 09:53:36 UTC 2018

Hi,

The official distro packages do not contain the elasticsearch destinations
(missing dependencies from the distros to build it, not just openSUSE but
all others as well). There are unofficial packages with java/elasticsearch.
You can find the latest version of unofficial syslog-ng packages for
openSUSE here:
https://build.opensuse.org/project/show/home:czanik:syslog-ng316

As I can see, you use ElasticSearch 6.3. In that case only the http(s)
client mode is supported. Everything for that is included in the syslog-ng
package, you do not need to copy .jar files around.

Note, that libjvm.so needs to be available (
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/28#TOPIC-956490
) either through LD_LIBRARY_PATH or by adding it to ld.so.conf (the later
is recommended, unless you have multiple Java versions on your machine).
See
https://www.syslog-ng.com/community/b/blog/posts/troubleshooting-java-support-syslog-ng/
for more details.

Let me know if you need any further help,

Peter

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://syslog-ng.com/blog/author/peterczanik/
https://twitter.com/PCzanik

On Tue, Jul 3, 2018 at 11:34 AM, T4iga <niklastai97 at gmail.com> wrote:

>
> Hello Syslog-NG community,
>
> I am trying to configure syslog-ng to send messages to Elasticsearch for
> me to process them in Kibana. I get an error for the @module mod-java and
> the elasticsearch2 destination.
>
> I am running OpenSuse 42.3.
>
> syslog-ng --version:
> syslog-ng 3.8.1
> Installer-Version: 3.8.1
> Revision:
> Module-Directory: /usr/lib64/syslog-ng
> Module-Path: /usr/lib64/syslog-ng
> Available-Modules: add-contextual-data,afamqp,affile,afmongodb,afprog,
> afsocket,afstomp,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,
> dbparser,disk-buffer,graphite,json-plugin,kvformat,linux-
> kmsg-format,pseudofile,sdjournal,syslogformat,system-source
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: on
> Enable-TCP-Wrapper: on
> Enable-Linux-Caps: off
>
> I have downloaded and extracted Elasticsearch 6.3.0 and placed it in
> /usr/local/bin/elasticsearch-6.3.0/. In accordance to this:
> "Extract the Elasticsearch libraries into a temporary directory, then
> collect the various .jar files into
> a single directory (for example, /opt/elasticsearch/lib/ ) where syslog-ng
> OSE can access
> them. You must specify this directory in the syslog-ng OSE configuration
> file. The files are located
> in the lib directory and its subdirectories of the Elasticsearch release
> package." (quoted from Syslog-NG OSE 3.15 Admin Guide, 7.3.1. Procedure –
> Prerequisites, Step 3, page 175)
> I copied all JAR libraries inside elasticsearch-6.3.0/lib/ to the default
> path for syslog-ng plug-ins which is /usr/lib64/syslog-ng as stated below.
> Is this not what the step tells me to do?
>
> I get the following error:
>
> #[2018-07-03T11:20:39.403329] Plugin module not found in 'module-path';
> module-path='/usr/lib64/syslog-ng', module='mod-java'
> Error parsing destination, destination plugin elasticsearch2 not found in
> /etc/syslog-ng/syslog-ng.conf at line 141, column 2:
>
>     elasticsearch2(
>     ^^^^^^^^^^^^^^
>
> syslog-ng documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
> I seemt o be missing to necessary plug-ins:
> mod-java
> elasticsearch2
>
> Where can I get these?
> Feel free to request any additional info I might have missed out on.
>
> Sincerely
> Niklas Deffner
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180703/cf3d2a33/attachment.html>