<div dir="ltr">Hi,<div><br></div><div>Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?</div><div><br></div><div>--</div><div>László Várady</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">OK so i get syslog-ng
running with the default configuration.... this have some problem
with the TLS configuration. <br>
<br>
What i have done i have create the certificate procedures ( self
signed certificate ) on my laptop following this article: <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html" target="_blank"></a><a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html" target="_blank">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html</a><br>
<br>
So i generate the server certificate on my laptop and the other
certificates for the clients. I copy them and put the
configuration. <br>
<br>
Any other configuration in syslog-ng.conf to put and try to
working with TLS ?<br>
<br>
Kind regards<br>
<br>
<br>
</font><span class=""><br>
<div>On 05/12/2016 12:42 PM, jrhendri wrote:<br>
</div>
</span><div><div class="h5"><blockquote type="cite">
<div>This has to be something very basic.</div>
<div>Have you tried checking if another syslog server is running? </div>
<div>ps -aef |grep syslog</div>
<div><br>
</div>
<div>Assuming this shows nothing, try a very simple syslog-ng
config file and a manual start on the command line. </div>
<div><br>
</div>
<div>Make sure you check all the things in your configuration that
your copy should open beforehand. </div>
<div><br>
</div>
<div>This should narrow down the problem I hope :-)</div>
<div><br>
</div>
<div>Jim</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div style="font-size:85%;color:#575757" dir="auto">Sent from my
Verizon, Samsung Galaxy smartphone</div>
</div>
<div><br>
</div>
<div style="font-size:100%;color:#000000">
<div>-------- Original message --------</div>
<div>From: Ivan Adji - Krstev <a href="mailto:akivanradix@gmail.com" target="_blank"><akivanradix@gmail.com></a> </div>
<div>Date: 5/12/16 5:26 AM (GMT-05:00) </div>
<div>To: <a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a> </div>
<div>Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS
7 </div>
<div><br>
</div>
</div>
<font face="Helvetica, Arial, sans-serif">So i have install EPEL
and i have install syslog-ng and mongodb and when i start the
syslog-ng service with <b>syslog-ng -Fevd </b>command i have
the following error AGAIN :). <br>
<br>
Im not sure what is it and how to prevent it and what to do. But
i really need this to work :(.<br>
<br>
[2016-05-12T05:21:10.739940] Error binding socket;
addr='AF_INET(0.0.0.0:6514)', error='Address already in use
(98)'<br>
[2016-05-12T05:21:10.739973] Error initializing message
pipeline;<br>
<br>
<br>
[root@syslogserver loganalyzer]# netstat -tupl <br>
Active Internet connections (only servers)<br>
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name <br>
tcp 0 0 localhost:27017
0.0.0.0:* LISTEN 1352/mongod <br>
tcp 0 0 0.0.0.0:syslog-tls
0.0.0.0:* LISTEN 11377/syslog-ng <br>
tcp 0 0 0.0.0.0:ssh
0.0.0.0:* LISTEN 8562/sshd <br>
tcp 0 0 localhost:smtp
0.0.0.0:* LISTEN 1778/master <br>
tcp6 0 0 [::]:http
[::]:* LISTEN 11264/httpd <br>
tcp6 0 0 [::]:ssh
[::]:* LISTEN 8562/sshd <br>
tcp6 0 0 localhost:smtp
[::]:* LISTEN 1778/master <br>
udp 0 0 0.0.0.0:bootpc
0.0.0.0:* 638/dhclient <br>
udp 0 0 <a href="http://0.0.0.0:60094" target="_blank">0.0.0.0:60094</a>
0.0.0.0:* 638/dhclient <br>
udp6 0 0 [::]:3126
[::]:* 638/dhclient <br>
<br>
<br>
<br>
[root@syslogserver loganalyzer]# lsof | grep LISTEN<br>
mongod 1352 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 1393 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2028 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2033 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2034 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2138 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2139 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2141 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2148 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2404 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2446 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2447 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2448 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2449 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2450 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 2451 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
mongod 1352 11380 mongod 6u IPv4
17057 0t0 TCP localhost:27017 (LISTEN)<br>
master 1778 root 13u IPv4
15893 0t0 TCP localhost:smtp (LISTEN)<br>
master 1778 root 14u IPv6
15894 0t0 TCP localhost:smtp (LISTEN)<br>
sshd 8562 root 3u IPv4
23963 0t0 TCP *:ssh (LISTEN)<br>
sshd 8562 root 4u IPv6
23965 0t0 TCP *:ssh (LISTEN)<br>
httpd 11264 root 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11265 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11267 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11268 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11269 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11270 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11275 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11276 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11277 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
httpd 11278 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
syslog-ng 11377 root 14u IPv4
34906 0t0 TCP *:syslog-tls (LISTEN)<br>
syslog-ng 11377 11378 root 14u IPv4
34906 0t0 TCP *:syslog-tls (LISTEN)<br>
syslog-ng 11377 11541 root 14u IPv4
34906 0t0 TCP *:syslog-tls (LISTEN)<br>
httpd 11384 apache 4u IPv6
32697 0t0 TCP *:http (LISTEN)<br>
<br>
<br>
<br>
and the source config is as follow:<br>
<br>
source s_sys {<br>
system();<br>
unix-stream("/dev/log");<br>
internal();<br>
network(<br>
port(6514)<br>
# tcp(port(5140));<br>
# file("/proc/kmsg" log_prefix("kernel: "));<br>
transport("tls")<br>
tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d"))<br>
);<br>
};<br>
<br>
<br>
<br>
<br>
destination d_mongodb {<br>
mongodb(<br>
# servers("localhost:27017")<br>
# database("syslog")<br>
# uri('mongodb://localhost/syslog-ng')<br>
collection("messages")<br>
value-pairs(<br>
scope("selected-macros" "nv-pairs" "sdata")<br>
)<br>
);<br>
};<br>
<br>
<br>
Kind regards<br>
Ivan<br>
</font><br>
<div>On 05/10/2016 01:35 PM, Czanik, Péter
wrote:<br>
</div>
<blockquote type="cite">
<pre>Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
as some of the dependencies are missing from the base distribution:
<a href="https://fedoraproject.org/wiki/EPEL" target="_blank">https://fedoraproject.org/wiki/EPEL</a>
Bye,
Peter Czanik (CzP) <a href="mailto:peter.czanik@balabit.com" target="_blank"><peter.czanik@balabit.com></a>
Balabit / syslog-ng upstream
<a href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a>
<a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a>
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev
<a href="mailto:akivanradix@gmail.com" target="_blank"><akivanradix@gmail.com></a> wrote:
</pre>
<blockquote type="cite">
<pre>Hi i note this error of mine but i try the other one:
<a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" target="_blank">https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo</a>
And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS
yum update
yum install httpd php vim wget
then install mongodb ( add repo )
then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core)
And im having the following repos:
[root@syslogserver ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* extras: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* updates: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
repo id
repo name
status
base/7/x86_64
CentOS-7 - Base
9,007
czanik-syslog-ng37/x86_64
Copr repo for syslog-ng37 owned by czanik
59
extras/7/x86_64
CentOS-7 - Extras
266
mongodb-org-3.2/7
MongoDB Repository
35
updates/7/x86_64
CentOS-7 - Updates
1,437
repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* extras: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
* updates: <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a>
Resolving Dependencies
--> Running transaction check
---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
--> Processing Dependency: ivykis >= 0.36.1 for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libevtlog.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libnet.so.1()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Running transaction check
---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
--> Processing Dependency: ivykis >= 0.36.1 for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libevtlog.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Processing Dependency: libivykis.so.0()(64bit) for package:
syslog-ng-3.7.3-3.el7.centos.x86_64
--> Finished Dependency Resolution
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: ivykis >= 0.36.1
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libevtlog.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file:
<a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" target="_blank">https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo</a>
to yum and not just download individual packages. You can use then
"yum install syslog-ng" which will also download all necessary
dependencies.
Bye,
Peter Czanik (CzP) <a href="mailto:peter.czanik@balabit.com" target="_blank"><peter.czanik@balabit.com></a>
Balabit / syslog-ng upstream
<a href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a>
<a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a>
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev
<a href="mailto:akivanradix@gmail.com" target="_blank"><akivanradix@gmail.com></a> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution
Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
Requires: libevtlog.so.0()(64bit)
Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
Requires: libpcre.so.0()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards
Ivan
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>