<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1495125812867_23947">Thank you Peter,</div><div id="yui_3_16_0_ym19_1_1495125812867_22318" dir="ltr">Could you tell me which compile option I should use --enable....</div><div dir="ltr" id="yui_3_16_0_ym19_1_1495125812867_23946">I haven't found any related to java in the INSTALL file<br></div><div id="yui_3_16_0_ym19_1_1495125812867_20707"><span><br></span></div><div><span>The Freebsd most of the times I tried don't work on OpenBSD</span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font face="Arial" size="2"> Le Jeudi 18 mai 2017 19h54, "Czanik, Péter" <peter.czanik@balabit.com> a écrit :<br></font></div>  <br><br> <div class="y_msg_container"><div dir="ltr">Hi,<br clear="none"><br clear="none">Yes, you need to recompile it. I don't have experience with OpenBSD,<br clear="none">but once upon a time I added Java support to FreeBSD ports. You can<br clear="none">read about how it works at<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/test-the-latest-freebsd-with-syslog-ng-3-8-1/" target="_blank">https://www.balabit.com/blog/test-the-latest-freebsd-with-syslog-ng-3-8-1/</a><br clear="none"><br clear="none">Bye,<br clear="none">Peter Czanik (CzP) <<a shape="rect" ymailto="mailto:peter.czanik@balabit.com" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br clear="none">Balabit / syslog-ng upstream<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/author/peterczanik/</a><br clear="none"><a shape="rect" href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br clear="none"><br clear="none"><div class="yqt2273687322" id="yqtfd47920"><br clear="none">On Thu, May 18, 2017 at 7:49 PM, Mik J <<a shape="rect" ymailto="mailto:mikydevel@yahoo.fr" href="mailto:mikydevel@yahoo.fr">mikydevel@yahoo.fr</a>> wrote:<br clear="none">> Thank you for your answer.<br clear="none">><br clear="none">> I use OpenBSD, I built it from the ports.<br clear="none">><br clear="none">> So what you're saying is that I need to recompile it with some java option ?<br clear="none">><br clear="none">><br clear="none">> Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <<a shape="rect" ymailto="mailto:peter.czanik@balabit.com" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>> a<br clear="none">> écrit :<br clear="none">><br clear="none">><br clear="none">> Hi,<br clear="none">><br clear="none">> You don't seem to have the Java module available. Is it a distribution<br clear="none">> package? Those usually don't have it enabled. Check<br clear="none">> <a shape="rect" href="https://syslog-ng.org/3rd-party-binaries/" target="_blank">https://syslog-ng.org/3rd-party-binaries/ </a>for unofficial package for<br clear="none">> openSUSE, Fedora, Debian and Ubuntu, which are known to have Java<br clear="none">> support enabled. Also check<br clear="none">> <a shape="rect" href="https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/" target="_blank">https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/</a><br clear="none">> and the documentation.<br clear="none">><br clear="none">> Bye,<br clear="none">> Peter Czanik (CzP) <<a shape="rect" ymailto="mailto:peter.czanik@balabit.com" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br clear="none">> Balabit / syslog-ng upstream<br clear="none">> <a shape="rect" href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/author/peterczanik/</a><br clear="none">> <a shape="rect" href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br clear="none">><br clear="none">><br clear="none">> On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG<br clear="none">> <<a shape="rect" ymailto="mailto:syslog-ng@balabit.com" href="mailto:syslog-ng@balabit.com">syslog-ng@balabit.com</a>> wrote:<br clear="none">>> Hello,<br clear="none">>><br clear="none">>> I've read many documentation about how to export syslogng to elasticsearch<br clear="none">>> but still don't get it<br clear="none">>><br clear="none">>> # syslog-ng -V<br clear="none">>> syslog-ng 3.7.2<br clear="none">>> Installer-Version: 3.7.2<br clear="none">>> Revision:<br clear="none">>> Compile-Date: May  8 2017 10:54:55<br clear="none">>> Available-Modules:<br clear="none">>> afprog,afsocket,afsql,afuser,basicfuncs,confgen,csvparser,dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,syslogformat,system-source,affile,cryptofuncs<br clear="none">>> Enable-Debug: off<br clear="none">>> Enable-GProf: off<br clear="none">>> Enable-Memtrace: off<br clear="none">>> Enable-IPv6: on<br clear="none">>> Enable-Spoof-Source: off<br clear="none">>> Enable-TCP-Wrapper: off<br clear="none">>> Enable-Linux-Caps: off<br clear="none">>><br clear="none">>><br clear="none">>> In syslog-ng.conf I need to add:<br clear="none">>><br clear="none">>> @module mod-java<br clear="none">>> @include "scl.conf"<br clear="none">>><br clear="none">>> In scl.conf I have (I kept the default configuration)<br clear="none">>><br clear="none">>> @define scl-root "`syslog-ng-data`/include/scl"<br clear="none">>> @define include-path "`include-path`:`syslog-ng-data`/include"<br clear="none">>> @include 'scl/*/*.conf'<br clear="none">>> I don't understand really what should I configure.<br clear="none">>><br clear="none">>> I also downloaded gradle<br clear="none">>> # ls /usr/local/gradle-3.5<br clear="none">>><br clear="none">>> And Java<br clear="none">>> # /usr/local/jdk-1.8.0/bin/java -version<br clear="none">>> openjdk version "1.8.0_121"<br clear="none">>> OpenJDK Runtime Environment (build 1.8.0_121-b13)<br clear="none">>> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)<br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>> Back to syslog-ng.conf I added<br clear="none">>> # Test Elasticsearch<br clear="none">>> filter f_MyTest { host("1.1.1.1"); };<br clear="none">>> log {<br clear="none">>> source(s_net);<br clear="none">>> filter(f_MyTest);<br clear="none">>> destination(d_MyTest);<br clear="none">>> };<br clear="none">>><br clear="none">>> destination d_elastic {<br clear="none">>>  elasticsearch(<br clear="none">>>  index("syslog-ng_${YEAR}.${MONTH}.${DAY}")<br clear="none">>>  type("test")<br clear="none">>>  cluster("syslog-ng")<br clear="none">>>  client_mode("transport")<br clear="none">>>  custom_id("${UNIQID}")<br clear="none">>>  flush-limit("10000")<br clear="none">>>  );<br clear="none">>> };<br clear="none">>> log {<br clear="none">>>  source(s_net);<br clear="none">>>  filter(f_MyTest);<br clear="none">>>  destination(d_elastic);<br clear="none">>>  flags(flow-control);<br clear="none">>> };<br clear="none">>><br clear="none">>><br clear="none">>> But starting the daemon gives me this error<br clear="none">>> # syslog-ng<br clear="none">>> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path';<br clear="none">>> module-path='/usr/local/lib/syslog-ng', module='mod-java'<br clear="none">>> Error parsing destination, destination plugin elasticsearch not found in<br clear="none">>> /etc/syslog-ng/syslog-ng.conf at line 171, column 2:<br clear="none">>> elasticsearch(<br clear="none">><br clear="none">>> ^^^^^^^^^^^^^<br clear="none">>><br clear="none">>> ______________________________________________________________________________<br clear="none">>> Member info: <a shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br clear="none">>> Documentation:<br clear="none">>> <a shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br clear="none">>> FAQ: <a shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br clear="none">><br clear="none">>><br clear="none">><br clear="none">></div></div><br><br></div>  </div> </div>  </div></div></body></html>