<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">From the server where ES is running curl <a href="http://localhost:9200" class="">http://localhost:9200</a> <div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On May 27, 2016, at 7:43 AM, Ivan Adji - Krstev <<a href="mailto:akivanradix@gmail.com" class="">akivanradix@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<font face="Helvetica, Arial, sans-serif" class="">So the cluster should be
the cluster name of the ES ? How can i see this name ? There is
nothing in the elasticsearch.yml file, do i have to specify there
?<br class="">
<br class="">
Kind regards<br class="">
Ivan<br class="">
</font>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252" class="">
<br class="">
<div class="moz-cite-prefix">On 05/27/2016 12:45 PM, Czanik, Péter
wrote:<br class="">
</div>
<blockquote cite="mid:CANcUavuwpZ7AE6qxRf-9wBHYnYKYfx-_zBAUSbzEKEE5=cz+VQ@mail.gmail.com" type="cite" class="">
<div dir="ltr" class="">
<div class="">
<div class=""><font face="Helvetica, Arial, sans-serif" class=""><span class="im"> option("cluster", "czpcluster")<br class="">
<br class="">
</span></font></div>
<font face="Helvetica, Arial, sans-serif" class=""><span class="im">Unless
your cluster is called "czpcluster", the above option
won't work. This value is just an example (derived from my
nick name :-) ).<br class="">
<br class="">
</span></font></div>
<font face="Helvetica, Arial, sans-serif" class=""><span class="im">Bye,<br class="">
</span></font></div>
<div class="gmail_extra"><br clear="all" class="">
<div class="">
<div class="gmail_signature" data-smartmail="gmail_signature">Peter
Czanik (CzP) <<a moz-do-not-send="true" href="mailto:peter.czanik@balabit.com" target="_blank" class="">peter.czanik@balabit.com</a>><br class="">
Balabit / syslog-ng upstream<br class="">
<a moz-do-not-send="true" href="http://czanik.blogs.balabit.com/" target="_blank" class="">http://czanik.blogs.balabit.com/</a><br class="">
<a moz-do-not-send="true" href="https://twitter.com/PCzanik" target="_blank" class="">https://twitter.com/PCzanik</a></div>
</div>
<br class="">
<div class="gmail_quote">On Fri, May 27, 2016 at 12:42 PM, Ivan
Adji - Krstev <span dir="ltr" class=""><<a moz-do-not-send="true" href="mailto:akivanradix@gmail.com" target="_blank" class="">akivanradix@gmail.com</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""> <font face="Helvetica, Arial, sans-serif" class="">Well that one i fix
it ... export the new path of the libjvm.so file and it
works. But now i have another error :)<br class="">
<br class="">
<b class="">Error stating pattern database file, no automatic
reload will be performed; error='No such file or
directory'</b><br class="">
.<br class="">
.<br class="">
<b class="">Add path to classpath:
/usr/share/elasticsearch/lib/spatial4j-0.5.jar;</b><b class=""><br class="">
</b><b class="">[2016-05-27T06:38:30.933808] Add path to
classpath:
/usr/share/elasticsearch/lib/t-digest-3.0.jar;</b><b class=""><br class="">
</b><b class="">[2016-05-27T06:38:31.287344] Add path to
classpath:
//usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar;</b><b class=""><br class="">
</b><b class="">[2016-05-27T06:38:31.333759] Error initializing
message pipeline;</b><b class=""><br class="">
</b><br class="">
And i have no idea what is this problem as im using ES
for the first time. <br class="">
<br class="">
This is what i have:<span class=""><br class="">
<br class="">
source s_sys {<br class="">
system();<br class="">
internal();<br class="">
network(ip(0.0.0.0) port(6514)<br class="">
flags(syslog-protocol)<br class="">
transport("tls")<br class="">
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br class="">
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br class="">
ca_dir("/etc/syslog-ng/ca.d")<br class="">
) );<br class="">
<br class="">
};<br class="">
parser pattern_db {<br class="">
db-parser(<br class="">
file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br class="">
);<br class="">
};<br class="">
destination d_es {<br class="">
java(<br class="">
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br class="">
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br class="">
option("index",
"syslog-ng_${YEAR}.${MONTH}.${DAY}")<br class="">
option("type", "test")<br class="">
option("cluster", "czpcluster")<br class="">
option("flush_limit", "100")<br class="">
option( "message_template", "$(format-json --scope
rfc3164 --scope nv-pairs --exclude R_DATE --key
ISODATE)\n")<br class="">
);<br class="">
};<br class="">
<br class="">
<br class="">
</span> Kind regards<span class="HOEnZb"><font color="#888888" class=""><br class="">
Ivan<br class="">
</font></span></font>
<div class="">
<div class="h5"><br class="">
<div class="">On 05/27/2016 12:22 PM, Czanik, Péter wrote:<br class="">
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">
<div class="">Hi,<br class="">
<br class="">
To enable Java support you need at least the
"syslog-ng" and "syslog-ng-java" packages from
that repository. Optionally you can also install
the "syslog-ng-java-hack" package, which
includes all the necessary JAR files, or you can
also point your config to the JAR files of your
Elasticsearch installation. Note, that syslog-ng
3.7 only supports Elasticsearch 1.X.<br class="">
<br class="">
You will also need to point syslog-ng to
libjvm.so. There are multiple ways: <a moz-do-not-send="true" href="https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/" target="_blank" class=""></a><a class="moz-txt-link-freetext" href="https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/">https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/</a>
My personal preference is the ld.so.conf trick,
but note that it has side effects if you have
multiple Java versions on your system.<br class="">
<br class="">
</div>
Bye,<br class="">
</div>
<div class="gmail_extra"><br clear="all" class="">
<div class="">
<div data-smartmail="gmail_signature" class="">Peter
Czanik (CzP) <<a moz-do-not-send="true" href="mailto:peter.czanik@balabit.com" target="_blank" class="">peter.czanik@balabit.com</a>><br class="">
Balabit / syslog-ng upstream<br class="">
<a moz-do-not-send="true" href="http://czanik.blogs.balabit.com/" target="_blank" class="">http://czanik.blogs.balabit.com/</a><br class="">
<a moz-do-not-send="true" href="https://twitter.com/PCzanik" target="_blank" class="">https://twitter.com/PCzanik</a></div>
</div>
<br class="">
<div class="gmail_quote">On Fri, May 27, 2016 at
12:14 PM, Ivan Adji - Krstev <span dir="ltr" class=""><<a moz-do-not-send="true" href="mailto:akivanradix@gmail.com" target="_blank" class=""></a><a class="moz-txt-link-abbreviated" href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""> <font face="Helvetica, Arial, sans-serif" class="">So
should i contact him directly or should i
wait here to reply on this list ?<span class=""><font color="#888888" class=""><br class="">
<br class="">
Ivan<br class="">
</font></span></font>
<div class="">
<div class=""><br class="">
<div class="">On 05/27/2016 12:13 PM, Scheidler,
Balázs wrote:<br class="">
</div>
<blockquote type="cite" class=""><p dir="ltr" class="">Hopefully Peter Czanik
can help you then, as he prepared
those packages.</p>
<div class="gmail_quote">On May 27,
2016 11:10 AM, "Ivan Adji - Krstev"
<<a moz-do-not-send="true" href="mailto:akivanradix@gmail.com" target="_blank" class="">akivanradix@gmail.com</a>>
wrote:<br type="attribution" class="">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""> <font face="Helvetica, Arial,
sans-serif" class="">Yes i install that
too.. still nothing.<br class="">
<br class="">
Ivan<br class="">
</font><br class="">
<div class="">On 05/27/2016 12:09 PM,
Fabien Wernli wrote:<br class="">
</div>
<blockquote type="cite" class="">
<pre class="">On Fri, May 27, 2016 at 12:08:21PM +0200, Ivan Adji - Krstev wrote:
</pre>
<blockquote type="cite" class="">
<pre class="">Hi Bazsi,
I get syslog from:
<a moz-do-not-send="true" href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo" target="_blank" class="">"https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo"</a>
add the repo and then "yum install syslog-ng"
after that i have download the Elasticsearch and install it and that is it.
Im using CentOS 7.
</pre>
</blockquote>
<pre class="">you also want the package syslog-ng-java
______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br class="">
</div>
<br class="">
______________________________________________________________________________<br class="">
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class=""></a><a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class=""></a><a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class="">
<br class="">
<br class="">
</blockquote>
</div>
<br class="">
<fieldset class=""></fieldset>
<br class="">
<pre class="">______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br class="">
</div>
</div>
</div>
<br class="">
______________________________________________________________________________<br class="">
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class="">
<br class="">
<br class="">
</blockquote>
</div>
<br class="">
</div>
<br class="">
<fieldset class=""></fieldset>
<br class="">
<pre class="">______________________________________________________________________________
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br class="">
</div>
</div>
</div>
<br class="">
______________________________________________________________________________<br class="">
Member info: <a moz-do-not-send="true" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a moz-do-not-send="true" href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class="">
<br class="">
<br class="">
</blockquote>
</div>
<br class="">
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br class="">
</div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>