<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi All,<br class=""><div>I am trying to setup syslog-ng to use elasticsearch as its destination on Ubuntu 14.04.<br class="">This the version of syslog (the unofficial versions installed from laszlo_budai rep:<br class=""><font color="#5856d6" class=""><br class=""></font>syslog-ng 3.7.3<br class="">Installer-Version: 3.7.3<br class="">Revision: 3.7.3-8<br class="">Compile-Date: Jun 1 2016 16:33:00<br class="">Available-Modules: basicfuncs,linux-kmsg-format,riemann,afuser,afstomp,afprog,json-plugin,afsmtp,affile,csvparser,mod-java,pseudofile,confgen,afsocket,afamqp,redis,sdjournal,kvformat,syslogformat,afsql,system-source,mod-python,graphite,dbparser,geoip-plugin,afmongodb,cryptofuncs<br class=""><font color="#5856d6" class=""><br class=""></font>Elastic search is:<br class=""><font color="#5856d6" class=""><br class=""></font> "name" : "Theresa Cassidy",<br class=""> "cluster_name" : "elasticsearch",<br class=""> "version" : {<br class=""> "number" : "2.3.3",<br class=""> "build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",<br class=""> "build_timestamp" : "2016-05-17T15:40:04Z",<br class=""> "build_snapshot" : false,<br class=""> "lucene_version" : “5.5.0"<br class=""><font color="#5856d6" class=""><br class=""><br class=""></font>And my custom configuration in /etc/syslog-ng/conf.d/test.conf which is:<br class=""><font color="#5856d6" class=""><br class=""></font>@module mod-java<br class=""><font color="#5856d6" class=""><br class=""></font>source s_net {<br class=""> udp();<br class=""> tcp();<br class="">};<br class=""><font color="#5856d6" class=""><br class=""></font>destination d_elastic {<br class=""> elasticsearch(<br class=""> index("syslog-ng_${YEAR}.${MONTH}.${DAY}")<br class=""> type("test")<br class=""> client_lib_dir("/usr/share/elasticsearch/lib")<br class=""> );<br class="">};<br class=""><font color="#5856d6" class=""><br class=""></font>log {<br class=""> source(s_net);<br class=""> destination(d_elastic);<br class=""> flags(flow-control);<br class="">};<br class=""><font color="#5856d6" class=""><br class=""><br class=""></font>When I try to launch syslog in debug mode this is what I get:<br class=""><font color="#5856d6" class=""><br class=""></font>[2016-06-16T15:54:29.378356] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/syslog-ng-core.jar;<br class="">[2016-06-16T15:54:29.382446] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/syslog-ng-core.jar;<br class="">[2016-06-16T15:54:29.382660] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/kafka.jar;<br class="">[2016-06-16T15:54:29.382862] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/http.jar;<br class="">[2016-06-16T15:54:29.383052] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/hdfs.jar;<br class="">[2016-06-16T15:54:29.383258] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/elastic.jar;<br class="">[2016-06-16T15:54:29.383479] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/syslog-ng-common.jar;<br class="">[2016-06-16T15:54:29.383670] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/log4j-1.2.16.jar;<br class="">[2016-06-16T15:54:29.383917] Add path to classpath: /usr/share/elasticsearch/lib/guava-18.0.jar;<br class="">[2016-06-16T15:54:29.384098] Add path to classpath: /usr/share/elasticsearch/lib/jna-4.1.0.jar;<br class="">[2016-06-16T15:54:29.384293] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar;<br class="">[2016-06-16T15:54:29.384494] Add path to classpath: /usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar;<br class="">[2016-06-16T15:54:29.386104] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial-5.5.0.jar;<br class="">[2016-06-16T15:54:29.386342] Add path to classpath: /usr/share/elasticsearch/lib/lucene-backward-codecs-5.5.0.jar;<br class="">[2016-06-16T15:54:29.386507] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar;<br class="">[2016-06-16T15:54:29.386677] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.6.jar;<br class="">[2016-06-16T15:54:29.386865] Add path to classpath: /usr/share/elasticsearch/lib/lucene-memory-5.5.0.jar;<br class="">[2016-06-16T15:54:29.387044] Add path to classpath: /usr/share/elasticsearch/lib/jackson-core-2.6.6.jar;<br class="">[2016-06-16T15:54:29.387216] Add path to classpath: /usr/share/elasticsearch/lib/joda-time-2.8.2.jar;<br class="">[2016-06-16T15:54:29.387394] Add path to classpath: /usr/share/elasticsearch/lib/lucene-join-5.5.0.jar;<br class="">[2016-06-16T15:54:29.387673] Add path to classpath: /usr/share/elasticsearch/lib/lucene-grouping-5.5.0.jar;<br class="">[2016-06-16T15:54:29.388476] Add path to classpath: /usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar;<br class="">[2016-06-16T15:54:29.388647] Add path to classpath: /usr/share/elasticsearch/lib/compiler-0.8.13.jar;<br class="">[2016-06-16T15:54:29.388818] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar;<br class="">[2016-06-16T15:54:29.388972] Add path to classpath: /usr/share/elasticsearch/lib/lucene-misc-5.5.0.jar;<br class="">[2016-06-16T15:54:29.389518] Add path to classpath: /usr/share/elasticsearch/lib/lucene-analyzers-common-5.5.0.jar;<br class="">[2016-06-16T15:54:29.389711] Add path to classpath: /usr/share/elasticsearch/lib/lucene-sandbox-5.5.0.jar;<br class="">[2016-06-16T15:54:29.390094] Add path to classpath: /usr/share/elasticsearch/lib/elasticsearch-2.3.3.jar;<br class="">[2016-06-16T15:54:29.390283] Add path to classpath: /usr/share/elasticsearch/lib/commons-cli-1.3.1.jar;<br class="">[2016-06-16T15:54:29.390488] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar;<br class="">[2016-06-16T15:54:29.390659] Add path to classpath: /usr/share/elasticsearch/lib/jsr166e-1.1.0.jar;<br class="">[2016-06-16T15:54:29.390935] Add path to classpath: /usr/share/elasticsearch/lib/lucene-core-5.5.0.jar;<br class="">[2016-06-16T15:54:29.391176] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar;<br class="">[2016-06-16T15:54:29.394616] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.6.jar;<br class="">[2016-06-16T15:54:29.395279] Add path to classpath: /usr/share/elasticsearch/lib/log4j-1.2.17.jar;<br class="">[2016-06-16T15:54:29.395458] Add path to classpath: /usr/share/elasticsearch/lib/joda-convert-1.2.jar;<br class="">[2016-06-16T15:54:29.395970] Add path to classpath: /usr/share/elasticsearch/lib/hppc-0.7.1.jar;<br class="">[2016-06-16T15:54:29.396734] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.6.jar;<br class="">[2016-06-16T15:54:29.397919] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queryparser-5.5.0.jar;<br class="">[2016-06-16T15:54:29.398106] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial3d-5.5.0.jar;<br class="">[2016-06-16T15:54:29.398281] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queries-5.5.0.jar;<br class="">[2016-06-16T15:54:29.398440] Add path to classpath: /usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar;<br class="">[2016-06-16T15:54:29.398610] Add path to classpath: /usr/share/elasticsearch/lib/lucene-highlighter-5.5.0.jar;<br class="">[2016-06-16T15:54:29.398784] Add path to classpath: /usr/share/elasticsearch/lib/jts-1.13.jar;<br class="">[2016-06-16T15:54:29.398925] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar;<br class="">[2016-06-16T15:54:29.501879] Add path to classpath: /usr/lib/syslog-ng/3.7/java-modules/syslog-ng-core.jar;<br class="">[2016-06-16T15:54:29.519443] Error initializing message pipeline;<br class=""><font color="#5856d6" class=""><br class=""><br class=""></font>Was anyone able to make this work or suggest a way to fix this?</div><div>I hope I am on the right place and if not apologies in advance.<br class=""><font color="#5856d6" class=""><br class=""></font>Thanks,<br class=""><div class=""><div class="">Marco</div></div></div><br class=""></body></html>