<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">Thanks for the doc. I read
      them and i have the following error:<br>
      <br>
      <b>Error parsing destination, destination plugin java not found in
        /etc/syslog-ng/syslog-ng.conf at line 57, column 3:</b><b><br>
      </b><b>  java(<br>
        <br>
      </b>I have configure as follow:<br>
      @version:3.7<br>
      @include "scl.conf"<br>
      @module mod-java<br>
      <br>
      <b></b></font>source s_sys {<br>
            system();<br>
            internal();<br>
            network(ip(0.0.0.0) port(6514)<br>
            flags(syslog-protocol)<br>
            transport("tls")<br>
            tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
            cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
            ca_dir("/etc/syslog-ng/ca.d")<br>
            ) );<br>
    <br>
    };<br>
    <br>
    parser pattern_db {<br>
      db-parser(<br>
        file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br>
      );<br>
    };<br>
    <br>
    destination d_es {<br>
      java(<br>
       
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
       
    class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
        option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
        option("type", "test")<br>
        option("cluster", "czpcluster")<br>
        option("flush_limit", "100")<br>
        option( "message_template", "$(format-json --scope rfc3164
    --scope nv-pairs --exclude R_DATE --key ISODATE)\n")<br>
      );<br>
    };<br>
    <br>
    I have installed just Syslog-NG and Elasticsearch ? Do i need to
    install somethign else ?<br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 05/26/2016 04:53 PM, Szabó, István
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAFT=jpopN0V9iP3KzMN_3hWiOeZY4Eyy3La=OtgKxPcWSL5wWQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi,<br>
        <br>
        For using syslog-ng together with elasticsearch and Kibana this
        is a pretty good description, also giving you a good
        understanding of what it enables you to do:<br>
        <br>
        <a moz-do-not-send="true"
href="https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/">https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/</a><br>
        <br>
        <a moz-do-not-send="true"
href="https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/">https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/</a><br>
        <br>
        /Istvan<br>
        <div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>

</pre>
    </blockquote>
    <br>
  </body>
</html>