<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">So the cluster should be
the cluster name of the ES ? How can i see this name ? There is
nothing in the elasticsearch.yml file, do i have to specify there
?<br>
<br>
Kind regards<br>
Ivan<br>
</font>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<br>
<div class="moz-cite-prefix">On 05/27/2016 12:45 PM, Czanik, Péter
wrote:<br>
</div>
<blockquote
cite="mid:CANcUavuwpZ7AE6qxRf-9wBHYnYKYfx-_zBAUSbzEKEE5=cz+VQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div><font face="Helvetica, Arial, sans-serif"><span
class="im"> option("cluster", "czpcluster")<br>
<br>
</span></font></div>
<font face="Helvetica, Arial, sans-serif"><span class="im">Unless
your cluster is called "czpcluster", the above option
won't work. This value is just an example (derived from my
nick name :-) ).<br>
<br>
</span></font></div>
<font face="Helvetica, Arial, sans-serif"><span class="im">Bye,<br>
</span></font></div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">Peter
Czanik (CzP) <<a moz-do-not-send="true"
href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>
Balabit / syslog-ng upstream<br>
<a moz-do-not-send="true"
href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a><br>
<a moz-do-not-send="true" href="https://twitter.com/PCzanik"
target="_blank">https://twitter.com/PCzanik</a></div>
</div>
<br>
<div class="gmail_quote">On Fri, May 27, 2016 at 12:42 PM, Ivan
Adji - Krstev <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font
face="Helvetica, Arial, sans-serif">Well that one i fix
it ... export the new path of the libjvm.so file and it
works. But now i have another error :)<br>
<br>
<b>Error stating pattern database file, no automatic
reload will be performed; error='No such file or
directory'</b><br>
.<br>
.<br>
<b>Add path to classpath:
/usr/share/elasticsearch/lib/spatial4j-0.5.jar;</b><b><br>
</b><b>[2016-05-27T06:38:30.933808] Add path to
classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;</b><b><br>
</b><b>[2016-05-27T06:38:31.287344] Add path to
classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;</b><b><br>
</b><b>[2016-05-27T06:38:31.333759] Error initializing
message pipeline;</b><b><br>
</b><br>
And i have no idea what is this problem as im using ES
for the first time. <br>
<br>
This is what i have:<span class=""><br>
<br>
source s_sys {<br>
system();<br>
internal();<br>
network(ip(0.0.0.0) port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d")<br>
) );<br>
<br>
};<br>
parser pattern_db {<br>
db-parser(<br>
file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br>
);<br>
};<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index",
"syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "czpcluster")<br>
option("flush_limit", "100")<br>
option( "message_template", "$(format-json --scope
rfc3164 --scope nv-pairs --exclude R_DATE --key
ISODATE)\n")<br>
);<br>
};<br>
<br>
<br>
</span> Kind regards<span class="HOEnZb"><font
color="#888888"><br>
Ivan<br>
</font></span></font>
<div>
<div class="h5"><br>
<div>On 05/27/2016 12:22 PM, Czanik, Péter wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,<br>
<br>
To enable Java support you need at least the
"syslog-ng" and "syslog-ng-java" packages from
that repository. Optionally you can also install
the "syslog-ng-java-hack" package, which
includes all the necessary JAR files, or you can
also point your config to the JAR files of your
Elasticsearch installation. Note, that syslog-ng
3.7 only supports Elasticsearch 1.X.<br>
<br>
You will also need to point syslog-ng to
libjvm.so. There are multiple ways: <a
moz-do-not-send="true"
href="https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/"
target="_blank"><a class="moz-txt-link-freetext" href="https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/">https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/</a></a>
My personal preference is the ld.so.conf trick,
but note that it has side effects if you have
multiple Java versions on your system.<br>
<br>
</div>
Bye,<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">Peter
Czanik (CzP) <<a moz-do-not-send="true"
href="mailto:peter.czanik@balabit.com"
target="_blank">peter.czanik@balabit.com</a>><br>
Balabit / syslog-ng upstream<br>
<a moz-do-not-send="true"
href="http://czanik.blogs.balabit.com/"
target="_blank">http://czanik.blogs.balabit.com/</a><br>
<a moz-do-not-send="true"
href="https://twitter.com/PCzanik"
target="_blank">https://twitter.com/PCzanik</a></div>
</div>
<br>
<div class="gmail_quote">On Fri, May 27, 2016 at
12:14 PM, Ivan Adji - Krstev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:akivanradix@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font
face="Helvetica, Arial, sans-serif">So
should i contact him directly or should i
wait here to reply on this list ?<span><font
color="#888888"><br>
<br>
Ivan<br>
</font></span></font>
<div>
<div><br>
<div>On 05/27/2016 12:13 PM, Scheidler,
Balázs wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">Hopefully Peter Czanik
can help you then, as he prepared
those packages.</p>
<div class="gmail_quote">On May 27,
2016 11:10 AM, "Ivan Adji - Krstev"
<<a moz-do-not-send="true"
href="mailto:akivanradix@gmail.com"
target="_blank">akivanradix@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> <font
face="Helvetica, Arial,
sans-serif">Yes i install that
too.. still nothing.<br>
<br>
Ivan<br>
</font><br>
<div>On 05/27/2016 12:09 PM,
Fabien Wernli wrote:<br>
</div>
<blockquote type="cite">
<pre>On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
</pre>
<blockquote type="cite">
<pre>Hi Bazsi,
I get syslog from:
<a moz-do-not-send="true" href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" target="_blank">"https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"</a>
add the repo and then "yum install syslog-ng"
after that i have download the Elasticsearch and install it and that is it.
Im using CentOS 7.
</pre>
</blockquote>
<pre>you also want the package syslog-ng-java
______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a
moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a></a><br>
Documentation: <a
moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a></a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>