<div dir="ltr"><div><div>Hi,<br><br></div>This is the part installing the elasticsearch2 driver:<br><pre>yum install syslog-ng-java</pre>My syslog-ng package is broken into a core package and sub packages, as I want to make all components available, but don't want to install everything by default due to the large number of dependent packages. The above package includes all the java-based destination drivers.<br><br></div>Bye,</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>Balabit / syslog-ng upstream<br><a href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/author/peterczanik/</a><br><a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div></div></div></div>
<br><div class="gmail_quote">On Thu, Dec 8, 2016 at 3:30 AM, Russell Fulton <span dir="ltr"><<a href="mailto:r.fulton@auckland.ac.nz" target="_blank">r.fulton@auckland.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi<br>
<br>
I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x running on the local machine as a pilot. Last week I got two new machines to run ES on with lots of memory and SSD. I installed ES 5.x on them and upgraded ES to 5.x on the original pilot machine.<br>
<br>
So I now have a cluster of 3.<br>
<br>
Back to the original machine that has the feed from syslog-ng I was puzzled by the stream of error messages regarding 2.x client that was trying to connect. It took me a while to figure out that this must be the syslog-ng plug in. Stopping syslog-ng stopped the errors.<br>
<br>
A web search quickly found:<br>
<br>
<a href="https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5-getting-started-on-rhelcentos/" rel="noreferrer" target="_blank">https://www.balabit.com/blog/<wbr>syslog-ng-and-elasticsearch-5-<wbr>getting-started-on-rhelcentos/</a><br>
<br>
So I set about reinstalling syslog-ng from Peter’s repos — there were some issues but I got there without too much problem. (see notes at the end).<br>
<br>
My config file matched the blog example pretty closely - I need to add the http transport for ES 5.x but that was the only change,<br>
<br>
When I tried to start the new version of syslog-ng I get an error saying that it can not find the elasticsearch2 plugin. I can’t find any reference to insgtalling the plugin in the post. Did I miss something.<br>
<br>
My old config also had @module mod-java line but this does not appear to make any difference.<br>
<br>
I have gone back to the 3.8 manual but can not find anything about having to install the ES plugin so I am thoroughly puzzled.<br>
<br>
Any ideas what is wrong?<br>
<br>
Russell<br>
<br>
<br>
Problems with the syslog-ng epel 6 repos:<br>
<br>
since I was on RHE 6 I figured I needed the epel6 rather than the epel7 repo so I<br>
wget <a href="https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-6/czanik-syslog-ng38-epel-6.repo" rel="noreferrer" target="_blank">https://copr.fedorainfracloud.<wbr>org/coprs/czanik/syslog-ng38/<wbr>repo/epel-6/czanik-syslog-<wbr>ng38-epel-6.repo</a><br>
but when I tried to install Yum said<br>
<br>
<a href="https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng38/epel-6-x86_64/repodata/repomd.xml" rel="noreferrer" target="_blank">https://copr-be.cloud.<wbr>fedoraproject.org/results/<wbr>czanik/syslog-ng38/epel-6-x86_<wbr>64/repodata/repomd.xml</a>: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found”<br>
<br>
After a little poking I figured that the url should be /syslog-ng38eple6/ and that worked.<br>
<br>
<br>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>