<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div>Thank you for your answer.</div><div id="yui_3_16_0_ym19_1_1495125812867_9918"><br></div><div id="yui_3_16_0_ym19_1_1495125812867_9886" dir="ltr">I use OpenBSD, I built it from the ports.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1495125812867_9917"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1495125812867_9938">So what you're saying is that I need to recompile it with some java option ? <br></div><div id="yui_3_16_0_ym19_1_1495125812867_9885"><span></span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font face="Arial" size="2"> Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <peter.czanik@balabit.com> a écrit :<br></font></div>  <br><br> <div class="y_msg_container"><div dir="ltr">Hi,<br clear="none"><br clear="none">You don't seem to have the Java module available. Is it a distribution<br clear="none">package? Those usually don't have it enabled. Check<br clear="none"><a shape="rect" href="https://syslog-ng.org/3rd-party-binaries/" target="_blank">https://syslog-ng.org/3rd-party-binaries/ </a>for unofficial package for<br clear="none">openSUSE, Fedora, Debian and Ubuntu, which are known to have Java<br clear="none">support enabled. Also check<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/" target="_blank">https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/</a><br clear="none">and the documentation.<br clear="none"><br clear="none">Bye,<br clear="none">Peter Czanik (CzP) <<a shape="rect" ymailto="mailto:peter.czanik@balabit.com" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br clear="none">Balabit / syslog-ng upstream<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/author/peterczanik/</a><br clear="none"><a shape="rect" href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br clear="none"><br clear="none"><div class="yqt4327266311" id="yqtfd68672"><br clear="none">On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG<br clear="none"><<a shape="rect" ymailto="mailto:syslog-ng@balabit.com" href="mailto:syslog-ng@balabit.com">syslog-ng@balabit.com</a>> wrote:<br clear="none">> Hello,<br clear="none">><br clear="none">> I've read many documentation about how to export syslogng to elasticsearch but still don't get it<br clear="none">><br clear="none">> # syslog-ng -V<br clear="none">> syslog-ng 3.7.2<br clear="none">> Installer-Version: 3.7.2<br clear="none">> Revision:<br clear="none">> Compile-Date: May  8 2017 10:54:55<br clear="none">> Available-Modules: afprog,afsocket,afsql,afuser,basicfuncs,confgen,csvparser,dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,syslogformat,system-source,affile,cryptofuncs<br clear="none">> Enable-Debug: off<br clear="none">> Enable-GProf: off<br clear="none">> Enable-Memtrace: off<br clear="none">> Enable-IPv6: on<br clear="none">> Enable-Spoof-Source: off<br clear="none">> Enable-TCP-Wrapper: off<br clear="none">> Enable-Linux-Caps: off<br clear="none">><br clear="none">><br clear="none">> In syslog-ng.conf I need to add:<br clear="none">><br clear="none">> @module mod-java<br clear="none">> @include "scl.conf"<br clear="none">><br clear="none">> In scl.conf I have (I kept the default configuration)<br clear="none">><br clear="none">> @define scl-root "`syslog-ng-data`/include/scl"<br clear="none">> @define include-path "`include-path`:`syslog-ng-data`/include"<br clear="none">> @include 'scl/*/*.conf'<br clear="none">> I don't understand really what should I configure.<br clear="none">><br clear="none">> I also downloaded gradle<br clear="none">> # ls /usr/local/gradle-3.5<br clear="none">><br clear="none">> And Java<br clear="none">> # /usr/local/jdk-1.8.0/bin/java -version<br clear="none">> openjdk version "1.8.0_121"<br clear="none">> OpenJDK Runtime Environment (build 1.8.0_121-b13)<br clear="none">> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)<br clear="none">><br clear="none">><br clear="none">><br clear="none">> Back to syslog-ng.conf I added<br clear="none">> # Test Elasticsearch<br clear="none">> filter f_MyTest { host("1.1.1.1"); };<br clear="none">> log {<br clear="none">> source(s_net);<br clear="none">> filter(f_MyTest);<br clear="none">> destination(d_MyTest);<br clear="none">> };<br clear="none">><br clear="none">> destination d_elastic {<br clear="none">>  elasticsearch(<br clear="none">>  index("syslog-ng_${YEAR}.${MONTH}.${DAY}")<br clear="none">>  type("test")<br clear="none">>  cluster("syslog-ng")<br clear="none">>  client_mode("transport")<br clear="none">>  custom_id("${UNIQID}")<br clear="none">>  flush-limit("10000")<br clear="none">>  );<br clear="none">> };<br clear="none">> log {<br clear="none">>  source(s_net);<br clear="none">>  filter(f_MyTest);<br clear="none">>  destination(d_elastic);<br clear="none">>  flags(flow-control);<br clear="none">> };<br clear="none">><br clear="none">><br clear="none">> But starting the daemon gives me this error<br clear="none">> # syslog-ng<br clear="none">> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path'; module-path='/usr/local/lib/syslog-ng', module='mod-java'<br clear="none">> Error parsing destination, destination plugin elasticsearch not found in /etc/syslog-ng/syslog-ng.conf at line 171, column 2:<br clear="none">> elasticsearch(</div><br clear="none">> ^^^^^^^^^^^^^<br clear="none">> ______________________________________________________________________________<br clear="none">> Member info: <a shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br clear="none">> Documentation: <a shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br clear="none">> FAQ: <a shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><div class="yqt4327266311" id="yqtfd42115"><br clear="none">><br clear="none"></div></div><br><br></div>  </div> </div>  </div></div></body></html>