<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi Bazsi, <br>
I get syslog from: <br>
<a class="moz-txt-link-rfc2396E" href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo">"https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"</a><br>
add the repo and then "yum install syslog-ng"<br>
after that i have download the Elasticsearch and install it and
that is it.<br>
Im using CentOS 7.<br>
<br>
Ivan<br>
</font><br>
<div class="moz-cite-prefix">On 05/27/2016 11:57 AM, Balazs
Scheidler wrote:<br>
</div>
<blockquote
cite="mid:CAKcfE+bqVyrDcf8vYq3J=VjZyj_VP0RsaBca98UFLrQoDt6TWg@mail.gmail.com"
type="cite">
<p dir="ltr">Your build of syslog-ng seems to lack java support.
It should be present in 3.7.x releases, but it also depends on
who compiled them. Where did you get your binaries from?</p>
<p dir="ltr">BTW, someone builds syslog-ng docker images that has
java support. You might try that to get through the initial
hassles. Then later you may decide whether to use the docker in
production or rather get a recent and properly built binary.</p>
<p dir="ltr">Bazsi</p>
<div class="gmail_quote">On May 27, 2016 10:16 AM, "Ivan Adji -
Krstev" <<a moz-do-not-send="true"
href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font face="Helvetica,
Arial, sans-serif">Thanks for the doc. I read them and i
have the following error:<br>
<br>
<b>Error parsing destination, destination plugin java not
found in /etc/syslog-ng/syslog-ng.conf at line 57,
column 3:</b><b><br>
</b><b> java(<br>
<br>
</b>I have configure as follow:<br>
@version:3.7<br>
@include "scl.conf"<br>
@module mod-java<br>
<br>
</font>source s_sys {<br>
system();<br>
internal();<br>
network(ip(0.0.0.0) port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d")<br>
) );<br>
<br>
};<br>
<br>
parser pattern_db {<br>
db-parser(<br>
file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br>
);<br>
};<br>
<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "czpcluster")<br>
option("flush_limit", "100")<br>
option( "message_template", "$(format-json --scope
rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")<br>
);<br>
};<br>
<br>
I have installed just Syslog-NG and Elasticsearch ? Do i
need to install somethign else ?<br>
<br>
<br>
<br>
<div>On 05/26/2016 04:53 PM, Szabó, István wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,<br>
<br>
For using syslog-ng together with elasticsearch and
Kibana this is a pretty good description, also giving
you a good understanding of what it enables you to do:<br>
<br>
<a moz-do-not-send="true"
href="https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/"
target="_blank">https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/</a><br>
<br>
<a moz-do-not-send="true"
href="https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/"
target="_blank">https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/</a><br>
<br>
/Istvan<br>
<div> </div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>