<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">And why when i execute
like Syslog-NG -Fevd command works and i can see the logs but when
i try to execute like "systemctl start syslog-ng" it Failed ?<br>
<br>
Ivan<br>
</font><br>
<div class="moz-cite-prefix">On 05/31/2016 08:18 PM, Mitzki, András
wrote:<br>
</div>
<blockquote
cite="mid:CAJynDaMK93q0Vd8XwynQAXC=6kNu1s=TMJHOX5x=VLTApt1N5g@mail.gmail.com"
type="cite">
<div dir="ltr">Sorry about that (it was a quick copy-paste). The
proper configuration snippet would be:
<div><br>
</div>
<div>[syslog-ng.conf:]</div>
<div>@version: 3.7<br>
</div>
<div>
<div style="font-size:12.8px">@module "mod-java"</div>
<div style="font-size:12.8px">@include "scl.conf"</div>
</div>
<div>...</div>
<div>[your global options]</div>
<div>...</div>
<div>[your source drivers]</div>
<div>....</div>
<div>destination d_es {</div>
<div> elasticsearch2(</div>
<div> [your elasticsearch options in the following way for
example: <span style="font-size:12.8px"> </span><span
style="font-size:12.8px">cluster("syslog-ng")</span> ]</div>
<div>);</div>
<div>};</div>
<div>...</div>
<div>[your logpath]</div>
<div><br>
</div>
<div>You can find other configuration examples at :</div>
<div><a moz-do-not-send="true"
href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#configuring-destinations-elasticsearch">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#configuring-destinations-elasticsearch</a><br>
</div>
<div><br>
</div>
<div>Best Regards, </div>
<div>Andras<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 31, 2016 at 8:06 PM, Ivan
Adji - Krstev <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font
face="Helvetica, Arial, sans-serif">Hi Andres,<br>
<br>
The classn_name was the problem, you are right. This
change help me to fix the problem. I try the example you
have send <br>
</font><span class=""><br>
<div>elasticsearch2(</div>
<div> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div>
<div> type("test")</div>
<div> cluster("syslog-ng")</div>
</span>
<div>);<br>
<br>
And on this one i have the following error:<br>
2016-05-31T14:05:36.700320] Using /dev/log Unix socket
with systemd is not possible. Changing to systemd-syslog
source, which supports socket activation.;<br>
Error parsing config, root plugin elasticsearch2 not
found in /etc/syslog-ng/syslog-ng.conf at line 55,
column 1:<br>
<br>
elasticsearch2(<br>
<br>
Is there any difference between the two of them.<span
class="HOEnZb"><font color="#888888"><br>
<br>
Ivan<br>
</font></span></div>
<div>
<div class="h5"> <br>
<div>On 05/31/2016 07:38 PM, Mitzki, András wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Ivan,
<div><br>
</div>
<div>I think the problem is in the: <span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">class-name("org.syslog_ng.</span><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">elasticsearch.</span><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">ElasticSearchDestination"). </span></div>
<div><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">You
have installed Elasticsearch version 2.3.3
(seen in: </span><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">Add
path to classpath:
/usr/share/elasticsearch/lib/</span><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">elasticsearch-2.3.3.jar;</span><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">), and
with the above line you say that let syslog-ng
use the Elasticsearch version 1 java module. </span></div>
<div><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">To
use syslog-ng with Elasticsearch version 2
java module the proper class-name would be: </span><span style="color:rgb(51,51,51);font-family:Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre-wrap">class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")</span></div>
<div><span
style="font-family:Helvetica,Arial,sans-serif;font-size:12.8px">Or
you can configure syslog-ng with the help of
scl-s, where you can skip the class-name()
option. In this case an example configuration
can be the following :</span><br>
</div>
<div><br>
</div>
<div>
<div>@module mod-java</div>
<div>@include "scl.conf"</div>
<div><br>
</div>
<div>elasticsearch2(</div>
<div>
index("syslog-ng_${YEAR}.${MONTH}.${DAY}")</div>
<div> type("test")</div>
<div> cluster("syslog-ng")</div>
<div>);</div>
</div>
<div><br>
</div>
<div>Best regards,</div>
<div>Andras</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 31, 2016 at
5:18 PM, Ivan Adji - Krstev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:akivanradix@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font
face="Helvetica, Arial, sans-serif">Hi
all, <br>
I have the following error when i trying
to run syslog-ng. <br>
<br>
[2016-05-31T11:17:31.298897] Seeking the
journal to the last cursor position;
cursor='s=6b605b6b981a471ea3d1abe52861ae82;i=21a8;b=42ab72c238874f7d8afc3c2cf0fea52d;m=38dbdc6d9;t=533be9608d083;x=140acfae276a2e55'<br>
[2016-05-31T11:17:31.299921] Module
loaded and initialized successfully;
module='syslogformat'<br>
[2016-05-31T11:17:31.299958] Failed to
acquire /run/systemd/journal/syslog
socket, disabling systemd-syslog source;<br>
[2016-05-31T11:17:31.796854] Add path to
classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:31.797915] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/commons-codec-1.9.jar;<br>
[2016-05-31T11:17:31.798191] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/commons-lang3-3.4.jar;<br>
[2016-05-31T11:17:31.798466] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/commons-logging-1.2.jar;<br>
[2016-05-31T11:17:31.798821] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/dummy.jar;<br>
[2016-05-31T11:17:31.799058] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/elastic-v2.jar;<br>
[2016-05-31T11:17:31.799296] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/elastic.jar;<br>
[2016-05-31T11:17:31.799503] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/gson-2.6.2.jar;<br>
[2016-05-31T11:17:31.799778] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/guava-19.0.jar;<br>
[2016-05-31T11:17:31.799988] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/hdfs.jar;<br>
[2016-05-31T11:17:31.800249] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/http.jar;<br>
[2016-05-31T11:17:31.800477] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/httpasyncclient-4.1.1.jar;<br>
[2016-05-31T11:17:31.800684] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/httpclient-4.5.2.jar;<br>
[2016-05-31T11:17:31.800940] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/httpcore-4.4.4.jar;<br>
[2016-05-31T11:17:31.801215] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/httpcore-nio-4.4.4.jar;<br>
[2016-05-31T11:17:31.801449] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/jest-2.0.2.jar;<br>
[2016-05-31T11:17:31.801667] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/jest-common-2.0.2.jar;<br>
[2016-05-31T11:17:31.801932] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/kafka.jar;<br>
[2016-05-31T11:17:31.802119] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/log4j-1.2.16.jar;<br>
[2016-05-31T11:17:31.802353] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/slf4j-api-1.7.13.jar;<br>
[2016-05-31T11:17:31.802569] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/syslog-ng-common.jar;<br>
[2016-05-31T11:17:31.802849] Add path to
classpath:
/usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:31.803043] Add path to
classpath:
/usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar;<br>
[2016-05-31T11:17:31.803264] Add path to
classpath:
/usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar;<br>
[2016-05-31T11:17:31.803497] Add path to
classpath:
/usr/share/elasticsearch/lib/commons-cli-1.3.1.jar;<br>
[2016-05-31T11:17:31.803746] Add path to
classpath:
/usr/share/elasticsearch/lib/compiler-0.8.13.jar;<br>
[2016-05-31T11:17:31.803992] Add path to
classpath:
/usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar;<br>
[2016-05-31T11:17:31.804249] Add path to
classpath:
/usr/share/elasticsearch/lib/elasticsearch-2.3.3.jar;<br>
[2016-05-31T11:17:31.804436] Add path to
classpath:
/usr/share/elasticsearch/lib/guava-18.0.jar;<br>
[2016-05-31T11:17:31.804651] Add path to
classpath:
/usr/share/elasticsearch/lib/hppc-0.7.1.jar;<br>
[2016-05-31T11:17:31.804877] Add path to
classpath:
/usr/share/elasticsearch/lib/jackson-core-2.6.6.jar;<br>
[2016-05-31T11:17:31.805109] Add path to
classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.6.jar;<br>
[2016-05-31T11:17:31.805383] Add path to
classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.6.jar;<br>
[2016-05-31T11:17:31.805663] Add path to
classpath:
/usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.6.jar;<br>
[2016-05-31T11:17:31.805908] Add path to
classpath:
/usr/share/elasticsearch/lib/jna-4.1.0.jar;<br>
[2016-05-31T11:17:31.806160] Add path to
classpath:
/usr/share/elasticsearch/lib/joda-convert-1.2.jar;<br>
[2016-05-31T11:17:31.806402] Add path to
classpath:
/usr/share/elasticsearch/lib/joda-time-2.8.2.jar;<br>
[2016-05-31T11:17:31.806654] Add path to
classpath:
/usr/share/elasticsearch/lib/jsr166e-1.1.0.jar;<br>
[2016-05-31T11:17:31.806889] Add path to
classpath:
/usr/share/elasticsearch/lib/jts-1.13.jar;<br>
[2016-05-31T11:17:31.807087] Add path to
classpath:
/usr/share/elasticsearch/lib/log4j-1.2.17.jar;<br>
[2016-05-31T11:17:31.807260] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-analyzers-common-5.5.0.jar;<br>
[2016-05-31T11:17:31.807476] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-backward-codecs-5.5.0.jar;<br>
[2016-05-31T11:17:31.807759] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-core-5.5.0.jar;<br>
[2016-05-31T11:17:31.808003] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-grouping-5.5.0.jar;<br>
[2016-05-31T11:17:31.808261] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-highlighter-5.5.0.jar;<br>
[2016-05-31T11:17:31.808476] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-join-5.5.0.jar;<br>
[2016-05-31T11:17:31.808653] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-memory-5.5.0.jar;<br>
[2016-05-31T11:17:31.808929] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-misc-5.5.0.jar;<br>
[2016-05-31T11:17:31.809140] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-queries-5.5.0.jar;<br>
[2016-05-31T11:17:31.809362] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-queryparser-5.5.0.jar;<br>
[2016-05-31T11:17:31.809595] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-sandbox-5.5.0.jar;<br>
[2016-05-31T11:17:31.809823] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-spatial-5.5.0.jar;<br>
[2016-05-31T11:17:31.810023] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-spatial3d-5.5.0.jar;<br>
[2016-05-31T11:17:31.810229] Add path to
classpath:
/usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar;<br>
[2016-05-31T11:17:31.810427] Add path to
classpath:
/usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;<br>
[2016-05-31T11:17:31.810628] Add path to
classpath:
/usr/share/elasticsearch/lib/securesm-1.0.jar;<br>
[2016-05-31T11:17:31.810885] Add path to
classpath:
/usr/share/elasticsearch/lib/snakeyaml-1.15.jar;<br>
[2016-05-31T11:17:31.811065] Add path to
classpath:
/usr/share/elasticsearch/lib/spatial4j-0.5.jar;<br>
[2016-05-31T11:17:31.811279] Add path to
classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;<br>
[2016-05-31T11:17:33.037026] Add path to
classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;<br>
[2016-05-31T11:17:33.073362] Error
initializing message pipeline;<br>
<br>
Im running with Elasticsearch with the
following configuration:<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index",
"syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "elasticsearch")<br>
# option("flush_limit", "100")<br>
option( "message_template",
"$(format-json --scope rfc3164 --scope
nv-pairs --exclude R_DATE --key
ISODATE)\n")<br>
);<br>
};<br>
<br>
Any hints on this ?<span><font
color="#888888"><br>
<br>
Ivan<br>
</font></span></font> </div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>