<div dir="ltr"><div><div><font face="Helvetica, Arial, sans-serif"><span class="im">
option("cluster", "czpcluster")<br><br></span></font></div><font face="Helvetica, Arial, sans-serif"><span class="im">Unless your cluster is called "czpcluster", the above option won't work. This value is just an example (derived from my nick name :-) ).<br><br></span></font></div><font face="Helvetica, Arial, sans-serif"><span class="im">Bye,<br></span></font></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>Balabit / syslog-ng upstream<br><a href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a><br><a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div></div>
<br><div class="gmail_quote">On Fri, May 27, 2016 at 12:42 PM, Ivan Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">Well that one i fix it ...
export the new path of the libjvm.so file and it works. But now i
have another error :)<br>
<br>
<b>Error stating pattern database file, no automatic reload will
be performed; error='No such file or directory'</b><br>
.<br>
.<br>
<b>Add path to classpath:
/usr/share/elasticsearch/lib/spatial4j-0.5.jar;</b><b><br>
</b><b>[2016-05-27T06:38:30.933808] Add path to classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;</b><b><br>
</b><b>[2016-05-27T06:38:31.287344] Add path to classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;</b><b><br>
</b><b>[2016-05-27T06:38:31.333759] Error initializing message
pipeline;</b><b><br>
</b><br>
And i have no idea what is this problem as im using ES for the
first time. <br>
<br>
This is what i have:<span class=""><br>
<br>
source s_sys {<br>
system();<br>
internal();<br>
network(ip(0.0.0.0) port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d")<br>
) );<br>
<br>
};<br>
parser pattern_db {<br>
db-parser(<br>
file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br>
);<br>
};<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "czpcluster")<br>
option("flush_limit", "100")<br>
option( "message_template", "$(format-json --scope rfc3164
--scope nv-pairs --exclude R_DATE --key ISODATE)\n")<br>
);<br>
};<br>
<br>
<br></span>
Kind regards<span class="HOEnZb"><font color="#888888"><br>
Ivan<br>
</font></span></font><div><div class="h5"><br>
<div>On 05/27/2016 12:22 PM, Czanik, Péter
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,<br>
<br>
To enable Java support you need at least the "syslog-ng" and
"syslog-ng-java" packages from that repository. Optionally you
can also install the "syslog-ng-java-hack" package, which
includes all the necessary JAR files, or you can also point
your config to the JAR files of your Elasticsearch
installation. Note, that syslog-ng 3.7 only supports
Elasticsearch 1.X.<br>
<br>
You will also need to point syslog-ng to libjvm.so. There are
multiple ways: <a href="https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/" target="_blank">https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/</a>
My personal preference is the ld.so.conf trick, but note that
it has side effects if you have multiple Java versions on your
system.<br>
<br>
</div>
Bye,<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">Peter
Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>
Balabit / syslog-ng upstream<br>
<a href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a><br>
<a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div>
</div>
<br>
<div class="gmail_quote">On Fri, May 27, 2016 at 12:14 PM, Ivan
Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font face="Helvetica, Arial, sans-serif">So should i contact
him directly or should i wait here to reply on this list
?<span><font color="#888888"><br>
<br>
Ivan<br>
</font></span></font>
<div>
<div><br>
<div>On 05/27/2016 12:13 PM, Scheidler, Balázs wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">Hopefully Peter Czanik can help you
then, as he prepared those packages.</p>
<div class="gmail_quote">On May 27, 2016 11:10 AM,
"Ivan Adji - Krstev" <<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font face="Helvetica, Arial, sans-serif">Yes i
install that too.. still nothing.<br>
<br>
Ivan<br>
</font><br>
<div>On 05/27/2016 12:09 PM, Fabien Wernli
wrote:<br>
</div>
<blockquote type="cite">
<pre>On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
</pre>
<blockquote type="cite">
<pre>Hi Bazsi,
I get syslog from:
<a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" target="_blank">"https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"</a>
add the repo and then "yum install syslog-ng"
after that i have download the Elasticsearch and install it and that is it.
Im using CentOS 7.
</pre>
</blockquote>
<pre>you also want the package syslog-ng-java
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>