<div dir="ltr">Hi Ivan,<div><br></div><div>I think the problem is in the: <span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">class-name("org.syslog_ng.</span><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">elasticsearch.</span><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">ElasticSearchDestination"). </span></div><div><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">You have installed Elasticsearch version 2.3.3 (seen in: </span><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">Add path to classpath: /usr/share/elasticsearch/lib/</span><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">elasticsearch-2.3.3.jar;</span><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">), and with the above line you say that let syslog-ng use the Elasticsearch version 1 java module. </span></div><div><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">To use syslog-ng with Elasticsearch version 2 java module the proper class-name would be: </span><span style="color:rgb(51,51,51);font-family:Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre">class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")</span></div><div><span style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">Or you can configure syslog-ng with the help of scl-s, where you can skip the class-name() option. In this case an example configuration can be the following :</span><br></div><div><br></div><div><div>@module mod-java</div><div>@include "scl.conf"</div><div><br></div><div>elasticsearch2(</div><div> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div><div> type("test")</div><div> cluster("syslog-ng")</div><div>);</div></div><div><br></div><div>Best regards,</div><div>Andras</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 31, 2016 at 5:18 PM, Ivan Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi all, <br>
I have the following error when i trying to run syslog-ng. <br>
<br>
[2016-05-31T11:17:31.298897] Seeking the journal to the last
cursor position;
cursor='s=6b605b6b981a471ea3d1abe52861ae82;i=21a8;b=42ab72c238874f7d8afc3c2cf0fea52d;m=38dbdc6d9;t=533be9608d083;x=140acfae276a2e55'<br>
[2016-05-31T11:17:31.299921] Module loaded and initialized
successfully; module='syslogformat'<br>
[2016-05-31T11:17:31.299958] Failed to acquire
/run/systemd/journal/syslog socket, disabling systemd-syslog
source;<br>
[2016-05-31T11:17:31.796854] Add path to classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:31.797915] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/commons-codec-1.9.jar;<br>
[2016-05-31T11:17:31.798191] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/commons-lang3-3.4.jar;<br>
[2016-05-31T11:17:31.798466] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/commons-logging-1.2.jar;<br>
[2016-05-31T11:17:31.798821] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/dummy.jar;<br>
[2016-05-31T11:17:31.799058] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/elastic-v2.jar;<br>
[2016-05-31T11:17:31.799296] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/elastic.jar;<br>
[2016-05-31T11:17:31.799503] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/gson-2.6.2.jar;<br>
[2016-05-31T11:17:31.799778] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/guava-19.0.jar;<br>
[2016-05-31T11:17:31.799988] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/hdfs.jar;<br>
[2016-05-31T11:17:31.800249] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/http.jar;<br>
[2016-05-31T11:17:31.800477] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/httpasyncclient-4.1.1.jar;<br>
[2016-05-31T11:17:31.800684] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/httpclient-4.5.2.jar;<br>
[2016-05-31T11:17:31.800940] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/httpcore-4.4.4.jar;<br>
[2016-05-31T11:17:31.801215] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/httpcore-nio-4.4.4.jar;<br>
[2016-05-31T11:17:31.801449] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/jest-2.0.2.jar;<br>
[2016-05-31T11:17:31.801667] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/jest-common-2.0.2.jar;<br>
[2016-05-31T11:17:31.801932] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/kafka.jar;<br>
[2016-05-31T11:17:31.802119] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/log4j-1.2.16.jar;<br>
[2016-05-31T11:17:31.802353] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/slf4j-api-1.7.13.jar;<br>
[2016-05-31T11:17:31.802569] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/syslog-ng-common.jar;<br>
[2016-05-31T11:17:31.802849] Add path to classpath:
/usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:31.803043] Add path to classpath:
/usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar;<br>
[2016-05-31T11:17:31.803264] Add path to classpath:
/usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar;<br>
[2016-05-31T11:17:31.803497] Add path to classpath:
/usr/share/elasticsearch/lib/commons-cli-1.3.1.jar;<br>
[2016-05-31T11:17:31.803746] Add path to classpath:
/usr/share/elasticsearch/lib/compiler-0.8.13.jar;<br>
[2016-05-31T11:17:31.803992] Add path to classpath:
/usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar;<br>
[2016-05-31T11:17:31.804249] Add path to classpath:
/usr/share/elasticsearch/lib/elasticsearch-2.3.3.jar;<br>
[2016-05-31T11:17:31.804436] Add path to classpath:
/usr/share/elasticsearch/lib/guava-18.0.jar;<br>
[2016-05-31T11:17:31.804651] Add path to classpath:
/usr/share/elasticsearch/lib/hppc-0.7.1.jar;<br>
[2016-05-31T11:17:31.804877] Add path to classpath:
/usr/share/elasticsearch/lib/jackson-core-2.6.6.jar;<br>
[2016-05-31T11:17:31.805109] Add path to classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.6.jar;<br>
[2016-05-31T11:17:31.805383] Add path to classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.6.jar;<br>
[2016-05-31T11:17:31.805663] Add path to classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.6.jar;<br>
[2016-05-31T11:17:31.805908] Add path to classpath:
/usr/share/elasticsearch/lib/jna-4.1.0.jar;<br>
[2016-05-31T11:17:31.806160] Add path to classpath:
/usr/share/elasticsearch/lib/joda-convert-1.2.jar;<br>
[2016-05-31T11:17:31.806402] Add path to classpath:
/usr/share/elasticsearch/lib/joda-time-2.8.2.jar;<br>
[2016-05-31T11:17:31.806654] Add path to classpath:
/usr/share/elasticsearch/lib/jsr166e-1.1.0.jar;<br>
[2016-05-31T11:17:31.806889] Add path to classpath:
/usr/share/elasticsearch/lib/jts-1.13.jar;<br>
[2016-05-31T11:17:31.807087] Add path to classpath:
/usr/share/elasticsearch/lib/log4j-1.2.17.jar;<br>
[2016-05-31T11:17:31.807260] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-analyzers-common-5.5.0.jar;<br>
[2016-05-31T11:17:31.807476] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-backward-codecs-5.5.0.jar;<br>
[2016-05-31T11:17:31.807759] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-core-5.5.0.jar;<br>
[2016-05-31T11:17:31.808003] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-grouping-5.5.0.jar;<br>
[2016-05-31T11:17:31.808261] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-highlighter-5.5.0.jar;<br>
[2016-05-31T11:17:31.808476] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-join-5.5.0.jar;<br>
[2016-05-31T11:17:31.808653] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-memory-5.5.0.jar;<br>
[2016-05-31T11:17:31.808929] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-misc-5.5.0.jar;<br>
[2016-05-31T11:17:31.809140] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-queries-5.5.0.jar;<br>
[2016-05-31T11:17:31.809362] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-queryparser-5.5.0.jar;<br>
[2016-05-31T11:17:31.809595] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-sandbox-5.5.0.jar;<br>
[2016-05-31T11:17:31.809823] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-spatial-5.5.0.jar;<br>
[2016-05-31T11:17:31.810023] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-spatial3d-5.5.0.jar;<br>
[2016-05-31T11:17:31.810229] Add path to classpath:
/usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar;<br>
[2016-05-31T11:17:31.810427] Add path to classpath:
/usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;<br>
[2016-05-31T11:17:31.810628] Add path to classpath:
/usr/share/elasticsearch/lib/securesm-1.0.jar;<br>
[2016-05-31T11:17:31.810885] Add path to classpath:
/usr/share/elasticsearch/lib/snakeyaml-1.15.jar;<br>
[2016-05-31T11:17:31.811065] Add path to classpath:
/usr/share/elasticsearch/lib/spatial4j-0.5.jar;<br>
[2016-05-31T11:17:31.811279] Add path to classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;<br>
[2016-05-31T11:17:33.037026] Add path to classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:33.073362] Error initializing message pipeline;<br>
<br>
Im running with Elasticsearch with the following configuration:<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "elasticsearch")<br>
# option("flush_limit", "100")<br>
option( "message_template", "$(format-json --scope rfc3164
--scope nv-pairs --exclude R_DATE --key ISODATE)\n")<br>
);<br>
};<br>
<br>
Any hints on this ?<span class=""><font color="#888888"><br>
<br>
Ivan<br>
</font></span></font>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div></div>