<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Systemd was enabled at OS deployment so I believe systemd libs were already installed unless a systemd-devel package needed to be added ?&nbsp;</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""># /opt/syslog-ng/sbin/syslog-ng -V</div><div class="">syslog-ng 3.8.0alpha0</div><div class="">Installer-Version: 3.8.0alpha0</div><div class="">Revision:</div><div class="">Module-Directory: /opt/syslog-ng/lib/syslog-ng</div><div class="">Module-Path: /opt/syslog-ng/lib/syslog-ng</div><div class="">Available-Modules: syslogformat,afsocket,affile,afprog,afuser,afamqp,afmongodb,afsmtp,csvparser,confgen,system-source,linux-kmsg-format,basicfuncs,cryptofuncs,dbparser,json-plugin,geoip-plugin,afstomp,pseudofile,graphite,sdjournal,mod-java,kvformat,date,cef,disk-buffer</div><div class="">Enable-Debug: off</div><div class="">Enable-GProf: off</div><div class="">Enable-Memtrace: off</div><div class="">Enable-IPv6: on</div><div class="">Enable-Spoof-Source: on</div><div class="">Enable-TCP-Wrapper: off</div><div class="">Enable-Linux-Caps: off</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">ALSO, getting this error I can’t track down related to elasticsearchv2. &nbsp;</div><div class=""><br class=""></div><div class="">[root@loghost etc]# /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid &nbsp;-F -d --trace -v |tail&nbsp;</div><div class=""><div class="">[2016-04-13T08:00:35.417016] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar;</div><div class="">[2016-04-13T08:00:35.417158] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;</div><div class="">[2016-04-13T08:00:35.417288] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar;</div><div class="">[2016-04-13T08:00:35.417407] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar;</div><div class="">[2016-04-13T08:00:35.417527] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;</div><div class="">[2016-04-13T08:00:35.417630] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar;</div><div class="">[2016-04-13T08:00:35.499351] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar;</div><div class=""><b class="">[2016-04-13T08:00:35.556808] Error initializing message pipeline;</b></div></div><div class=""><br class=""></div><div class=""><div class=""><br class=""></div><div class="">### External Network sources</div><div class="">source s_net {</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>udp(ip(0.0.0.0) port(514) so_rcvbuf(262142));</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(262142) log_iw_size(25000) );</div><div class="">};</div></div><div class=""><br class=""></div><div class=""><div class="">destination d_es {</div><div class="">&nbsp; &nbsp;elasticsearch(</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;type("syslog-ng") # Description: The type of the index. For example, type("test")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;class-path("/opt/syslog-ng/lib/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar:/usr/share/elasticsearch/modules/*/*.jar")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;client_mode("node")</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># Transport mode.</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># The syslog-ng OSE application uses the transport client API of Elasticsearch</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># and uses the server(), port(), and cluster() options from the syslog-ng OSE configuration file.</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># Node mode.</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># The syslog-ng OSE application acts as an Elasticsearch node (client no-data)</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span># using the node client API of Elasticsearch. You must set further options for the node in an Elasticsearch configuration file specified in the resource() option.</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;server("127.0.0.1")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;port("9300")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;cluster("syslog-ng")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;#resource("/etc/elasticsearch/elasticsearch.yml")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;#template("$(format-json -s all-nv-pairs -p @timestamp=$ISODATE -p @message=$MSG)")</div><div class="">&nbsp; &nbsp; &nbsp; &nbsp;template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})")</div><div class="">&nbsp; &nbsp;);</div><div class="">};</div></div><div class=""><br class=""></div><div class=""><div class=""># sending logs to ES destination</div><div class="">log {</div><div class="">&nbsp; source(s_net);</div><div class="">&nbsp; parser(pattern_db);</div><div class="">&nbsp; destination(d_es);</div><div class="">&nbsp; flags(flow-control);</div><div class="">};</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">&nbsp;</div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 13, 2016, at 5:46 AM, Gergely Nagy &lt;<a href="mailto:algernon@madhouse-project.org" class="">algernon@madhouse-project.org</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class="">On Tue, Apr 12, 2016 at 9:00 PM, Scot Needy &lt;<a href="mailto:scotrn@gmail.com" class="">scotrn@gmail.com</a>&gt; wrote:<br class=""><blockquote type="cite" class="">Compiled syslog-ng &nbsp;syslog-ng 3.8.0alpha0 no problems.<br class=""></blockquote><br class="">When compiling, did you have the systemd libs installed? If not, then<br class="">the Type=notify will not work, as the systemd libs are required for<br class="">that support to be compiled in. Without those, syslog-ng will happily<br class="">start on the CLI or via sysvinit scripts, but since it does not notify<br class="">systemd, Type=notify won't work.<br class=""><br class="">Can you post the summary of the configure run? It should print a list<br class="">of enabled features.<br class=""><br class="">-- <br class="">|8]<br class="">______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></body></html>