<div dir="ltr"><div><div>Hi, try<p><span class="emphasis"><em>--enable-java</em></span> Enable support for Java-based modules.</p><p>and maybe also<span class="emphasis"><em> --enable-java-modules</em></span> Compile the Gradle projects of every Java module available in <code class="gmail-filename">modules/java-modules</code>. (I'm not sure about this one)<br></p>See <a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html">https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html</a><br><br></div>HTH, <br><br></div>Robert<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 18, 2017 at 8:32 PM, 'Mik J' via SYSLOG-NG <span dir="ltr"><<a href="mailto:syslog-ng@balabit.com" target="_blank">syslog-ng@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="color:#000;background-color:#fff;font-family:Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div id="m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_23947">Thank you Peter,</div><div id="m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_22318" dir="ltr">Could you tell me which compile option I should use --enable....</div><div dir="ltr" id="m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_23946">I haven't found any related to java in the INSTALL file<br></div><div id="m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_20707"><span><br></span></div><div><span>The Freebsd most of the times I tried don't work on OpenBSD</span></div><div><div class="h5"> <div class="m_-2639982709890545730qtdSeparateBR"><br><br></div><div class="m_-2639982709890545730yahoo_quoted" style="display:block"> <div style="font-family:Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"> <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"> <div dir="ltr"><font size="2" face="Arial"> Le Jeudi 18 mai 2017 19h54, "Czanik, Péter" <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>> a écrit :<br></font></div>  <br><br> <div class="m_-2639982709890545730y_msg_container"><div dir="ltr">Hi,<br clear="none"><br clear="none">Yes, you need to recompile it. I don't have experience with OpenBSD,<br clear="none">but once upon a time I added Java support to FreeBSD ports. You can<br clear="none">read about how it works at<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/test-the-latest-freebsd-with-syslog-ng-3-8-1/" target="_blank">https://www.balabit.com/blog/<wbr>test-the-latest-freebsd-with-<wbr>syslog-ng-3-8-1/</a><br clear="none"><br clear="none">Bye,<br clear="none">Peter Czanik (CzP) <<a shape="rect" href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br clear="none">Balabit / syslog-ng upstream<br clear="none"><a shape="rect" href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/<wbr>author/peterczanik/</a><br clear="none"><a shape="rect" href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br clear="none"><br clear="none"><div class="m_-2639982709890545730yqt2273687322" id="m_-2639982709890545730yqtfd47920"><br clear="none">On Thu, May 18, 2017 at 7:49 PM, Mik J <<a shape="rect" href="mailto:mikydevel@yahoo.fr" target="_blank">mikydevel@yahoo.fr</a>> wrote:<br clear="none">> Thank you for your answer.<br clear="none">><br clear="none">> I use OpenBSD, I built it from the ports.<br clear="none">><br clear="none">> So what you're saying is that I need to recompile it with some java option ?<br clear="none">><br clear="none">><br clear="none">> Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <<a shape="rect" href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>> a<br clear="none">> écrit :<br clear="none">><br clear="none">><br clear="none">> Hi,<br clear="none">><br clear="none">> You don't seem to have the Java module available. Is it a distribution<br clear="none">> package? Those usually don't have it enabled. Check<br clear="none">> <a shape="rect" href="https://syslog-ng.org/3rd-party-binaries/" target="_blank">https://syslog-ng.org/3rd-<wbr>party-binaries/ </a>for unofficial package for<br clear="none">> openSUSE, Fedora, Debian and Ubuntu, which are known to have Java<br clear="none">> support enabled. Also check<br clear="none">> <a shape="rect" href="https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/" target="_blank">https://www.balabit.com/blog/<wbr>troubleshooting-java-support-<wbr>syslog-ng/</a><br clear="none">> and the documentation.<br clear="none">><br clear="none">> Bye,<br clear="none">> Peter Czanik (CzP) <<a shape="rect" href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br clear="none">> Balabit / syslog-ng upstream<br clear="none">> <a shape="rect" href="https://www.balabit.com/blog/author/peterczanik/" target="_blank">https://www.balabit.com/blog/<wbr>author/peterczanik/</a><br clear="none">> <a shape="rect" href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br clear="none">><br clear="none">><br clear="none">> On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG<br clear="none">> <<a shape="rect" href="mailto:syslog-ng@balabit.com" target="_blank">syslog-ng@balabit.com</a>> wrote:<br clear="none">>> Hello,<br clear="none">>><br clear="none">>> I've read many documentation about how to export syslogng to elasticsearch<br clear="none">>> but still don't get it<br clear="none">>><br clear="none">>> # syslog-ng -V<br clear="none">>> syslog-ng 3.7.2<br clear="none">>> Installer-Version: 3.7.2<br clear="none">>> Revision:<br clear="none">>> Compile-Date: May  8 2017 10:54:55<br clear="none">>> Available-Modules:<br clear="none">>> afprog,afsocket,afsql,afuser,<wbr>basicfuncs,confgen,csvparser,<wbr>dbparser,graphite,json-plugin,<wbr>kvformat,linux-kmsg-format,<wbr>pseudofile,syslogformat,<wbr>system-source,affile,<wbr>cryptofuncs<br clear="none">>> Enable-Debug: off<br clear="none">>> Enable-GProf: off<br clear="none">>> Enable-Memtrace: off<br clear="none">>> Enable-IPv6: on<br clear="none">>> Enable-Spoof-Source: off<br clear="none">>> Enable-TCP-Wrapper: off<br clear="none">>> Enable-Linux-Caps: off<br clear="none">>><br clear="none">>><br clear="none">>> In syslog-ng.conf I need to add:<br clear="none">>><br clear="none">>> @module mod-java<br clear="none">>> @include "scl.conf"<br clear="none">>><br clear="none">>> In scl.conf I have (I kept the default configuration)<br clear="none">>><br clear="none">>> @define scl-root "`syslog-ng-data`/include/scl"<br clear="none">>> @define include-path "`include-path`:`syslog-ng-<wbr>data`/include"<br clear="none">>> @include 'scl/*/*.conf'<br clear="none">>> I don't understand really what should I configure.<br clear="none">>><br clear="none">>> I also downloaded gradle<br clear="none">>> # ls /usr/local/gradle-3.5<br clear="none">>><br clear="none">>> And Java<br clear="none">>> # /usr/local/jdk-1.8.0/bin/java -version<br clear="none">>> openjdk version "1.8.0_121"<br clear="none">>> OpenJDK Runtime Environment (build 1.8.0_121-b13)<br clear="none">>> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)<br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>> Back to syslog-ng.conf I added<br clear="none">>> # Test Elasticsearch<br clear="none">>> filter f_MyTest { host("1.1.1.1"); };<br clear="none">>> log {<br clear="none">>> source(s_net);<br clear="none">>> filter(f_MyTest);<br clear="none">>> destination(d_MyTest);<br clear="none">>> };<br clear="none">>><br clear="none">>> destination d_elastic {<br clear="none">>>  elasticsearch(<br clear="none">>>  index("syslog-ng_${YEAR}.${<wbr>MONTH}.${DAY}")<br clear="none">>>  type("test")<br clear="none">>>  cluster("syslog-ng")<br clear="none">>>  client_mode("transport")<br clear="none">>>  custom_id("${UNIQID}")<br clear="none">>>  flush-limit("10000")<br clear="none">>>  );<br clear="none">>> };<br clear="none">>> log {<br clear="none">>>  source(s_net);<br clear="none">>>  filter(f_MyTest);<br clear="none">>>  destination(d_elastic);<br clear="none">>>  flags(flow-control);<br clear="none">>> };<br clear="none">>><br clear="none">>><br clear="none">>> But starting the daemon gives me this error<br clear="none">>> # syslog-ng<br clear="none">>> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path';<br clear="none">>> module-path='/usr/local/lib/<wbr>syslog-ng', module='mod-java'<br clear="none">>> Error parsing destination, destination plugin elasticsearch not found in<br clear="none">>> /etc/syslog-ng/syslog-ng.conf at line 171, column 2:<br clear="none">>> elasticsearch(<br clear="none">><br clear="none">>> ^^^^^^^^^^^^^<br clear="none">>><br clear="none">>> ______________________________<wbr>______________________________<wbr>__________________<br clear="none">>> Member info: <a shape="rect" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br clear="none">>> Documentation:<br clear="none">>> <a shape="rect" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br clear="none">>> FAQ: <a shape="rect" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br clear="none">><br clear="none">>><br clear="none">><br clear="none">></div></div><br><br></div>  </div> </div>  </div></div></div></div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>