<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1495180870287_86712">Hello Robert,</div><div>Thank you for your answer</div><div id="yui_3_16_0_ym19_1_1495180870287_86713">Regards<br></div><div id="yui_3_16_0_ym19_1_1495180870287_86507"><span></span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> Le Jeudi 18 mai 2017 21h13, "Fekete, Róbert" <robert.fekete@balabit.com> a écrit :<br></font></div>  <br><br> <div class="y_msg_container"><div id="yiv7149845744"><div><div dir="ltr"><div><div>Hi, try<div><span class="yiv7149845744emphasis"><em>--enable-java</em></span> Enable support for Java-based modules.</div><div>and maybe also<span class="yiv7149845744emphasis"><em> --enable-java-modules</em></span> Compile the Gradle projects of every Java module available in <code class="yiv7149845744gmail-filename">modules/java-modules</code>. (I'm not sure about this one)<br clear="none"></div>See <a rel="nofollow" shape="rect" target="_blank" href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html">https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng-compile-options.html</a><br clear="none"><br clear="none"></div>HTH, <br clear="none"><br clear="none"></div>Robert<br clear="none"></div><div class="yiv7149845744gmail_extra"><br clear="none"><div class="yiv7149845744gmail_quote">On Thu, May 18, 2017 at 8:32 PM, 'Mik J' via SYSLOG-NG <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:syslog-ng@balabit.com" target="_blank" href="mailto:syslog-ng@balabit.com">syslog-ng@balabit.com</a>></span> wrote:<br clear="none"><blockquote class="yiv7149845744gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="yiv7149845744yqt4415441858" id="yiv7149845744yqt12467"><div><div style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div id="yiv7149845744m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_23947">Thank you Peter,</div><div dir="ltr" id="yiv7149845744m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_22318">Could you tell me which compile option I should use --enable....</div><div dir="ltr" id="yiv7149845744m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_23946">I haven't found any related to java in the INSTALL file<br clear="none"></div><div id="yiv7149845744m_-2639982709890545730yui_3_16_0_ym19_1_1495125812867_20707"><span><br clear="none"></span></div><div><span>The Freebsd most of the times I tried don't work on OpenBSD</span></div><div><div class="yiv7149845744h5"> <div class="yiv7149845744m_-2639982709890545730qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv7149845744m_-2639982709890545730yahoo_quoted" style="display:block;"> <div style="font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"><font size="2" face="Arial"> Le Jeudi 18 mai 2017 19h54, "Czanik, Péter" <<a rel="nofollow" shape="rect" ymailto="mailto:peter.czanik@balabit.com" target="_blank" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>> a écrit :<br clear="none"></font></div>  <br clear="none"><br clear="none"> <div class="yiv7149845744m_-2639982709890545730y_msg_container"><div dir="ltr">Hi,<br clear="none"><br clear="none">Yes, you need to recompile it. I don't have experience with OpenBSD,<br clear="none">but once upon a time I added Java support to FreeBSD ports. You can<br clear="none">read about how it works at<br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://www.balabit.com/blog/test-the-latest-freebsd-with-syslog-ng-3-8-1/">https://www.balabit.com/blog/ test-the-latest-freebsd-with- syslog-ng-3-8-1/</a><br clear="none"><br clear="none">Bye,<br clear="none">Peter Czanik (CzP) <<a rel="nofollow" shape="rect" ymailto="mailto:peter.czanik@balabit.com" target="_blank" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br clear="none">Balabit / syslog-ng upstream<br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://www.balabit.com/blog/author/peterczanik/">https://www.balabit.com/blog/ author/peterczanik/</a><br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://twitter.com/PCzanik">https://twitter.com/PCzanik</a><br clear="none"><br clear="none"><div class="yiv7149845744m_-2639982709890545730yqt2273687322" id="yiv7149845744m_-2639982709890545730yqtfd47920"><br clear="none">On Thu, May 18, 2017 at 7:49 PM, Mik J <<a rel="nofollow" shape="rect" ymailto="mailto:mikydevel@yahoo.fr" target="_blank" href="mailto:mikydevel@yahoo.fr">mikydevel@yahoo.fr</a>> wrote:<br clear="none">> Thank you for your answer.<br clear="none">><br clear="none">> I use OpenBSD, I built it from the ports.<br clear="none">><br clear="none">> So what you're saying is that I need to recompile it with some java option ?<br clear="none">><br clear="none">><br clear="none">> Le Jeudi 18 mai 2017 17h20, "Czanik, Péter" <<a rel="nofollow" shape="rect" ymailto="mailto:peter.czanik@balabit.com" target="_blank" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>> a<br clear="none">> écrit :<br clear="none">><br clear="none">><br clear="none">> Hi,<br clear="none">><br clear="none">> You don't seem to have the Java module available. Is it a distribution<br clear="none">> package? Those usually don't have it enabled. Check<br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://syslog-ng.org/3rd-party-binaries/">https://syslog-ng.org/3rd- party-binaries/ </a>for unofficial package for<br clear="none">> openSUSE, Fedora, Debian and Ubuntu, which are known to have Java<br clear="none">> support enabled. Also check<br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://www.balabit.com/blog/troubleshooting-java-support-syslog-ng/">https://www.balabit.com/blog/ troubleshooting-java-support- syslog-ng/</a><br clear="none">> and the documentation.<br clear="none">><br clear="none">> Bye,<br clear="none">> Peter Czanik (CzP) <<a rel="nofollow" shape="rect" ymailto="mailto:peter.czanik@balabit.com" target="_blank" href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br clear="none">> Balabit / syslog-ng upstream<br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://www.balabit.com/blog/author/peterczanik/">https://www.balabit.com/blog/ author/peterczanik/</a><br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://twitter.com/PCzanik">https://twitter.com/PCzanik</a><br clear="none">><br clear="none">><br clear="none">> On Thu, May 18, 2017 at 4:44 PM, 'Mik J' via SYSLOG-NG<br clear="none">> <<a rel="nofollow" shape="rect" ymailto="mailto:syslog-ng@balabit.com" target="_blank" href="mailto:syslog-ng@balabit.com">syslog-ng@balabit.com</a>> wrote:<br clear="none">>> Hello,<br clear="none">>><br clear="none">>> I've read many documentation about how to export syslogng to elasticsearch<br clear="none">>> but still don't get it<br clear="none">>><br clear="none">>> # syslog-ng -V<br clear="none">>> syslog-ng 3.7.2<br clear="none">>> Installer-Version: 3.7.2<br clear="none">>> Revision:<br clear="none">>> Compile-Date: May  8 2017 10:54:55<br clear="none">>> Available-Modules:<br clear="none">>> afprog,afsocket,afsql,afuser, basicfuncs,confgen,csvparser, dbparser,graphite,json-plugin, kvformat,linux-kmsg-format, pseudofile,syslogformat, system-source,affile, cryptofuncs<br clear="none">>> Enable-Debug: off<br clear="none">>> Enable-GProf: off<br clear="none">>> Enable-Memtrace: off<br clear="none">>> Enable-IPv6: on<br clear="none">>> Enable-Spoof-Source: off<br clear="none">>> Enable-TCP-Wrapper: off<br clear="none">>> Enable-Linux-Caps: off<br clear="none">>><br clear="none">>><br clear="none">>> In syslog-ng.conf I need to add:<br clear="none">>><br clear="none">>> @module mod-java<br clear="none">>> @include "scl.conf"<br clear="none">>><br clear="none">>> In scl.conf I have (I kept the default configuration)<br clear="none">>><br clear="none">>> @define scl-root "`syslog-ng-data`/include/scl"<br clear="none">>> @define include-path "`include-path`:`syslog-ng- data`/include"<br clear="none">>> @include 'scl/*/*.conf'<br clear="none">>> I don't understand really what should I configure.<br clear="none">>><br clear="none">>> I also downloaded gradle<br clear="none">>> # ls /usr/local/gradle-3.5<br clear="none">>><br clear="none">>> And Java<br clear="none">>> # /usr/local/jdk-1.8.0/bin/java -version<br clear="none">>> openjdk version "1.8.0_121"<br clear="none">>> OpenJDK Runtime Environment (build 1.8.0_121-b13)<br clear="none">>> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)<br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>> Back to syslog-ng.conf I added<br clear="none">>> # Test Elasticsearch<br clear="none">>> filter f_MyTest { host("1.1.1.1"); };<br clear="none">>> log {<br clear="none">>> source(s_net);<br clear="none">>> filter(f_MyTest);<br clear="none">>> destination(d_MyTest);<br clear="none">>> };<br clear="none">>><br clear="none">>> destination d_elastic {<br clear="none">>>  elasticsearch(<br clear="none">>>  index("syslog-ng_${YEAR}.${ MONTH}.${DAY}")<br clear="none">>>  type("test")<br clear="none">>>  cluster("syslog-ng")<br clear="none">>>  client_mode("transport")<br clear="none">>>  custom_id("${UNIQID}")<br clear="none">>>  flush-limit("10000")<br clear="none">>>  );<br clear="none">>> };<br clear="none">>> log {<br clear="none">>>  source(s_net);<br clear="none">>>  filter(f_MyTest);<br clear="none">>>  destination(d_elastic);<br clear="none">>>  flags(flow-control);<br clear="none">>> };<br clear="none">>><br clear="none">>><br clear="none">>> But starting the daemon gives me this error<br clear="none">>> # syslog-ng<br clear="none">>> [2017-05-18T16:43:42.465496] Plugin module not found in 'module-path';<br clear="none">>> module-path='/usr/local/lib/ syslog-ng', module='mod-java'<br clear="none">>> Error parsing destination, destination plugin elasticsearch not found in<br clear="none">>> /etc/syslog-ng/syslog-ng.conf at line 171, column 2:<br clear="none">>> elasticsearch(<br clear="none">><br clear="none">>> ^^^^^^^^^^^^^<br clear="none">>><br clear="none">>> ______________________________ ______________________________ __________________<br clear="none">>> Member info: <a rel="nofollow" shape="rect" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/ mailman/listinfo/syslog-ng</a><br clear="none">>> Documentation:<br clear="none">>> <a rel="nofollow" shape="rect" target="_blank" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/ support/documentation/? product=syslog-ng</a><br clear="none">>> FAQ: <a rel="nofollow" shape="rect" target="_blank" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/ syslog-ng-faq</a><br clear="none">><br clear="none">>><br clear="none">><br clear="none">></div></div><br clear="none"><br clear="none"></div>  </div> </div>  </div></div></div></div></div></div><br clear="none">______________________________ ______________________________ __________________<br clear="none">
Member info: <a rel="nofollow" shape="rect" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/ mailman/listinfo/syslog-ng</a><br clear="none">
Documentation: <a rel="nofollow" shape="rect" target="_blank" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/ support/documentation/? product=syslog-ng</a><br clear="none">
FAQ: <a rel="nofollow" shape="rect" target="_blank" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/ syslog-ng-faq</a><br clear="none">
<br clear="none">
<br clear="none"></blockquote></div><br clear="none"></div></div></div><br><br></div>  </div> </div>  </div></div></body></html>