<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi Laszlo,<div class="">For my configuration I am using the docker image through a docker compose file:</div><div class=""><br class=""></div><div class="">—docker-compose file---</div><div class=""><br class=""></div><div class=""><div class="">version: "3"</div><div class="">services:</div><div class="">  syslog-ng:</div><div class="">    container_name: syslog-ng</div><div class="">    #depends_on:</div><div class="">    #  - "elasticsearch"</div><div class="">    image: balabit/syslog-ng:latest</div><div class=""><br class=""></div><div class="">    ports:</div><div class="">      - "0.0.0.0:514:514/udp"</div><div class=""><br class=""></div><div class="">    entrypoint: /usr/sbin/syslog-ng -Fedv</div><div class=""><br class=""></div><div class="">    volumes:</div><div class="">      - ~/Projects/Volumes/TST/var/log/syslog-ng:/var/log</div><div class="">      - ~/Projects/Volumes/TST/etc/syslog-ng/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf</div><div class="">      - es_lib:/jarfiles</div><div class=""><br class=""></div><div class="">    networks:</div><div class="">      - ESK</div><div class=""><br class=""></div><div class="">networks:</div><div class="">  ESK:</div><div class=""><br class=""></div><div class="">volumes:</div><div class="">  es_lib:</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">---Syslog configuration—</div><div class=""><br class=""></div><div class=""><div class="">#############################################################################</div><div class=""># Default syslog-ng.conf file which collects all local logs into a</div><div class=""># single file called /var/log/messages.</div><div class="">#</div><div class=""><br class=""></div><div class="">@version: 3.13</div><div class=""><br class=""></div><div class="">@include "scl.conf"</div><div class="">@module mod-java</div><div class=""><br class=""></div><div class="">options {</div><div class="">  time-zone(Europe/London);</div><div class="">  # use-dns(yes);</div><div class="">  # keep-hostname(yes);</div><div class="">  # chain-hostnames(yes);</div><div class="">  #create-dirs(yes);</div><div class=""><br class=""></div><div class="">};</div></div><div class=""><br class=""></div><div class=""><div class="">source s_net {</div><div class="">  udp(</div><div class="">    ip(0.0.0.0),port(514),flags(no-parse)</div><div class="">  );</div><div class="">};</div></div><div class=""><br class=""></div><div class=""><div class=""><br class=""></div><div class=""><div class="">destination d_file {</div><div class="">  file("/var/log/${HOST}-${LEVEL}.log");</div><div class="">};</div></div><div class=""><br class=""></div><div class="">destination d_elasticsearch {</div><div class="">  elasticsearch2(</div><div class="">    client-lib-dir("/jarfiles/")</div><div class="">    #client-lib-dir("/jarfiles/*.jar:/usr/lib/syslog-ng/3.13/java-modules/elastic-jest-client/*.jar:/usr/lib/syslog-ng/3.13/java-modules/")</div><div class="">    index("index-${MONTH}")</div><div class="">    type("syslog")</div><div class="">    #time-zone("UTC")</div><div class="">    client_mode("http")</div><div class="">    cluster("docker-cluster")</div><div class="">    #cluster_url("<a href="http://192.168.32.100:9200" class="">http://192.168.32.100:9200</a>")</div><div class="">    cluster_url("<a href="http://elasticsearch:9200" class="">http://elasticsearch:9200</a>")</div><div class="">    #template(t_test)</div><div class="">    flush-limit("1")</div><div class="">  );</div></div><div class=""><br class=""></div><div class=""><div class="">log {</div><div class="">  source(s_net);</div><div class="">  destination(d_elasticsearch);</div><div class="">  destination(d_file);</div><div class="">};</div></div><div class=""><br class=""></div><div class="">This trigger the error.</div><div class="">If I comment the first client-lib and uncomment the second one all works fine.</div><div class=""><br class=""></div><div class="">Here is the final part of the startup debug messages:</div><div class=""><br class=""></div><div class=""><div class="">syslog-ng    | [2018-01-10T14:52:49.287682] Add path to classpath: /jarfiles/jopt-simple-5.0.2.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.287860] Add path to classpath: /jarfiles/lucene-queries-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288053] Add path to classpath: /jarfiles/jackson-core-2.8.6.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288237] Add path to classpath: /jarfiles/hppc-0.7.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288399] Add path to classpath: /jarfiles/lucene-join-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288589] Add path to classpath: /jarfiles/HdrHistogram-2.1.9.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288769] Add path to classpath: /jarfiles/lucene-memory-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.288970] Add path to classpath: /jarfiles/log4j-api-2.9.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.289142] Add path to classpath: /jarfiles/lucene-highlighter-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.289346] Add path to classpath: /jarfiles/log4j-core-2.9.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.289533] Add path to classpath: /jarfiles/java-version-checker-6.0.0.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.289734] Add path to classpath: /jarfiles/snakeyaml-1.15.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.289899] Add path to classpath: /jarfiles/jackson-dataformat-cbor-2.8.6.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290089] Add path to classpath: /jarfiles/lucene-suggest-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290267] Add path to classpath: /jarfiles/lucene-spatial-extras-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290457] Add path to classpath: /jarfiles/t-digest-3.0.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290608] Add path to classpath: /jarfiles/lucene-queryparser-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290780] Add path to classpath: /jarfiles/lucene-core-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.290956] Add path to classpath: /jarfiles/spatial4j-0.6.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291090] Add path to classpath: /jarfiles/securesm-1.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291225] Add path to classpath: /jarfiles/jts-1.13.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291353] Add path to classpath: /jarfiles/lucene-sandbox-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291499] Add path to classpath: /jarfiles/lucene-spatial-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291647] Add path to classpath: /jarfiles/joda-time-2.9.5.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291783] Add path to classpath: /jarfiles/jackson-dataformat-yaml-2.8.6.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.291939] Add path to classpath: /jarfiles/lucene-backward-codecs-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.292100] Add path to classpath: /jarfiles/lucene-analyzers-common-7.0.1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.292260] Add path to classpath: /jarfiles/jna-4.4.0-1.jar;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.313789] Exception: org.syslog_ng.elasticsearch_v2.ElasticSearchDestination;</div><div class="">syslog-ng    | java.lang.ClassNotFoundException: org.syslog_ng.elasticsearch_v2.ElasticSearchDestination</div><div class="">syslog-ng    |  at java.net.URLClassLoader$1.run(URLClassLoader.java:359)</div><div class="">syslog-ng    |  at java.net.URLClassLoader$1.run(URLClassLoader.java:348)</div><div class="">syslog-ng    |  at java.security.AccessController.doPrivileged(Native Method)</div><div class="">syslog-ng    |  at java.net.URLClassLoader.findClass(URLClassLoader.java:347)</div><div class="">syslog-ng    |  at java.lang.ClassLoader.loadClass(ClassLoader.java:425)</div><div class="">syslog-ng    |  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:312)</div><div class="">syslog-ng    |  at java.lang.ClassLoader.loadClass(ClassLoader.java:358)</div><div class="">syslog-ng    |  at java.lang.Class.forName0(Native Method)</div><div class="">syslog-ng    |  at java.lang.Class.forName(Class.java:278)</div><div class="">syslog-ng    |  at org.syslog_ng.SyslogNgClassLoader.loadClass(SyslogNgClassLoader.java:67)</div><div class="">syslog-ng    | [2018-01-10T14:52:49.315737] Can't find class; class_name='org.syslog_ng.elasticsearch_v2.ElasticSearchDestination'</div><div class="">syslog-ng    | [2018-01-10T14:52:49.315753] Java machine free;</div><div class="">syslog-ng    | [2018-01-10T14:52:49.316367] Error initializing message pipeline; plugin name='java', location='#buffer:2:3'</div><div class="">syslog-ng exited with code 2</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Hope this helps.</div><div class=""><br class=""></div><div class="">Marco</div><div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">On 5 Jan 2018, at 17:44, Budai, László <<a href="mailto:laszlo.budai@balabit.com" class="">laszlo.budai@balabit.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">Hi,<br class=""><br class=""></div>this seems like a bug (I guess resolving the `java-module-dir` in the scl file failes somehow and this is why you have to set the classpath manually).</div><div class="">Could you share the content of your etc/scl.conf?</div><div class=""></div><div class=""></div><div class=""><br class=""></div><div class="">regards,</div><div class="">Laszlo Budai<br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Tue, Jan 2, 2018 at 9:47 PM, Marco Mignone <span dir="ltr" class=""><<a href="mailto:info@marcomignone.com" target="_blank" class="">info@marcomignone.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">I have forgot to say that I was using the syslog-ng Docker image -> balabit/syslog-ng:latest<div class=""><br class=""></div><div class="">Thanks,</div><div class="">Marco<br class=""><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 2 Jan 2018, at 15:41, Marco Mignone <<a href="mailto:info@marcomignone.com" target="_blank" class="">info@marcomignone.com</a>> wrote:</div><br class="m_4915803031001585147Apple-interchange-newline"><div class=""><div style="word-wrap:break-word" class="">Hi All,<div class="">That worked for me too but I have few questions:</div><div class=""><br class=""></div><div class="">- Is this the expected behaviour?</div><div class="">- Do we still need to add the *.jar library files from the ES distribution?</div><div class="">- The client-lib-dir function seems to need *.jar when multiple paths are specified, apart from the last path in the line - is this correct?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">My path in the ES destination:</div><div class=""><br class=""></div><div class="">client-lib-dir(“/esjarfiles/*.<wbr class="">jar:/usr/lib/syslog-ng/3.13/<wbr class="">java-modules/elastic-jest-<wbr class="">client/*.jar:/usr/lib/syslog-<wbr class="">ng/3.13/java-modules/“)</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Marco</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 14 Dec 2017, at 23:08, hari ram <<a href="mailto:hariram@hotmail.com" target="_blank" class="">hariram@hotmail.com</a>> wrote:</div><br class="m_4915803031001585147Apple-interchange-newline"><div class=""><div style="font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">root@ES6:/etc/syslog-ng# more syslog-ng.conf</div><div class="">@version:3.13</div><div class="">@module mod-java</div><div class="">@include "scl.conf"</div><div class="">options {</div><div class="">    flush_lines(0);</div><div class="">    keep_hostname(yes);</div><div class="">    normalize_hostnames(yes);</div><div class="">    threaded(yes);</div><div class="">};</div><div class="">source      s_local   { system(); internal();   };</div><div class="">source      s_network { syslog(transport(tcp)); };</div><div class="">destination d_all { file ("/var/log/all.log"); };</div><div class="">destination d_elastic {</div><div class="">  elasticsearch2(</div><div class="">    client-lib-dir("/usr/lib/<wbr class="">syslog-ng/3.13/java-modules/<wbr class="">elastic-jest-client/*.jar:/<wbr class="">usr/share/elasticsearch/lib/:/<wbr class="">usr/lib/syslog-ng/3.13/java-<wbr class="">modules/")   --- adding path </div><div class="">    client_mode("http")</div><div class="">    cluster_url("<a href="http://192.168.1.75:9200/" target="_blank" class="">http://192.168.1.<wbr class="">75:9200</a>")</div><div class="">    index("syslog-ng_${YEAR}.${<wbr class="">MONTH}.${DAY}")</div><div class="">    type("syslog")</div><div class="">    cluster("test")</div><div class="">    flush-limit("1000")</div><div class="">    template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")</div><div class="">    time-zone("UTC")</div><div class="">  );</div><div class="">};</div><div class="">log { source(s_network); destination(d_elastic); };</div><div class="">log { source(s_local); destination(d_all); };</div><div class=""><br class=""></div><br class=""></div><div style="font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">fix the error, but i will test and come back.</div><div style="font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">R!</div><hr style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline-block;width:756.546875px" class=""><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class=""></span><div id="m_4915803031001585147divRplyFwdMsg" dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><font style="font-size:11pt" face="Calibri, sans-serif" class=""><b class="">From:</b><span class="m_4915803031001585147Apple-converted-space"> </span>syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank" class="">syslog-ng-bounces@lists.<wbr class="">balabit.hu</a>> on behalf of hari ram <<a href="mailto:hariram@hotmail.com" target="_blank" class="">hariram@hotmail.com</a>><br class=""><b class="">Sent:</b><span class="m_4915803031001585147Apple-converted-space"> </span>14 December 2017 23:04<br class=""><b class="">To:</b><span class="m_4915803031001585147Apple-converted-space"> </span><a href="mailto:syslog-ng@lists.balabit.hu" target="_blank" class="">syslog-ng@lists.balabit.hu</a><br class=""><b class="">Subject:</b><span class="m_4915803031001585147Apple-converted-space"> </span>[syslog-ng] SYSLOG-NG issue with ES 6.X</font><div class=""> </div></div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">Hi</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">I have installed SYSLOG-NG 3.13.2 on ubunutu, try to send logs to ES 6.0 i failed to do so, here is my inputs.</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">root@ES6:/etc/syslog-ng# syslog-ng -V</div><div class="">syslog-ng 3 (3.13.2)</div><div class="">Config version: 3.13</div><div class="">Installer-Version: 3.13.2</div><div class="">Revision: 3.13.2-1</div><div class="">Compile-Date: Dec  5 2017 13:24:07</div><div class="">Module-Directory: /usr/lib/syslog-ng/3.13</div><div class="">Module-Path: /usr/lib/syslog-ng/3.13</div><div class="">Available-Modules: afuser,mod-python,afstomp,<wbr class="">http,afsql,disk-buffer,mod-<wbr class="">java,cef,pseudofile,sdjournal,<wbr class="">kvformat,xml,csvparser,<wbr class="">snmptrapd-parser,appmodel,<wbr class="">confgen,pacctformat,linux-<wbr class="">kmsg-format,dbparser,system-<wbr class="">source,map-value-pairs,add-<wbr class="">contextual-data,date,<wbr class="">syslogformat,afamqp,geoip2-<wbr class="">plugin,tfgetent,graphite,<wbr class="">afmongodb,cryptofuncs,geoip-<wbr class="">plugin,afsmtp,afsocket,redis,<wbr class="">affile,stardate,basicfuncs,<wbr class="">riemann,json-plugin,tags-<wbr class="">parser,afprog</div><div class="">Enable-Debug: off</div><div class="">Enable-GProf: off</div><div class="">Enable-Memtrace: off</div><div class="">Enable-IPv6: on</div><div class="">Enable-Spoof-Source: on</div><div class="">Enable-TCP-Wrapper: on</div><div class="">Enable-Linux-Caps: on</div><div class="">Enable-Systemd: on</div><div class=""><br class=""></div>===</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">root@ES6:/etc/syslog-ng# more syslog-ng.conf</div><div class="">@version:3.13</div><div class="">@module mod-java</div><div class="">@include "scl.conf"</div><div class="">options {</div><div class="">    flush_lines(0);</div><div class="">    keep_hostname(yes);</div><div class="">    normalize_hostnames(yes);</div><div class="">    threaded(yes);</div><div class="">};</div><div class="">source      s_local   { system(); internal();   };</div><div class="">source      s_network { syslog(transport(tcp)); };</div><div class="">destination d_all { file ("/var/log/all.log"); };</div><div class="">destination d_elastic {</div><div class="">  elasticsearch2(</div><div class="">    client-lib-dir("/usr/share/<wbr class="">elasticsearch/lib/:/usr/lib/<wbr class="">syslog-ng/3.13/java-modules/")</div><div class="">    client_mode("http")</div><div class="">    cluster_url("<a href="http://192.168.1.75:9200/" target="_blank" class="">http://192.168.1.<wbr class="">75:9200</a>")</div><div class="">    index("syslog-ng_${YEAR}.${<wbr class="">MONTH}.${DAY}")</div><div class="">    type("syslog")</div><div class="">    cluster("test")</div><div class="">    flush-limit("1000")</div><div class="">    template("$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)")</div><div class="">    time-zone("UTC")</div><div class="">  );</div><div class="">};</div><div class="">log { source(s_network); destination(d_elastic); };</div><div class="">log { source(s_local); destination(d_all); };</div><div class=""><br class=""></div><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">===</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">root@ES6:/etc/syslog-ng# ls /usr/share/elasticsearch/lib/</div><div class="">elasticsearch-6.0.1.jar            jackson-dataformat-smile-2.8.<wbr class="">6.jar  jopt-simple-5.0.2.jar    lucene-analyzers-common-7.0.1.<wbr class="">jar  lucene-join-7.0.1.jar         lucene-sandbox-7.0.1.jar         plugin-cli-6.0.1.jar</div><div class="">HdrHistogram-2.1.9.jar             jackson-dataformat-yaml-2.8.<wbr class="">6.jar   jts-1.13.jar             lucene-backward-codecs-7.0.1.<wbr class="">jar   lucene-memory-7.0.1.jar       lucene-spatial3d-7.0.1.jar       securesm-1.2.jar</div><div class="">hppc-0.7.1.jar                     java-version-checker-6.0.1.<wbr class="">jar      log4j-1.2-api-2.9.1.jar  lucene-core-7.0.1.jar              lucene-misc-7.0.1.jar         lucene-spatial-7.0.1.jar         snakeyaml-1.15.jar</div><div class="">jackson-core-2.8.6.jar             jna-4.4.0-1.jar                     log4j-api-2.9.1.jar      lucene-grouping-7.0.1.jar          lucene-queries-7.0.1.jar      lucene-spatial-extras-7.0.1.<wbr class="">jar  spatial4j-0.6.jar</div><div class="">jackson-dataformat-cbor-2.8.6.<wbr class="">jar  joda-time-2.9.5.jar                 log4j-core-2.9.1.jar     lucene-highlighter-7.0.1.jar       lucene-queryparser-7.0.1.jar  lucene-suggest-7.0.1.jar         t-digest-3.0.jar</div><div class=""><br class=""></div><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">====</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">root@ES6:/etc/syslog-ng# ls /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/</div><div class="">elastic.jar  elastic-jest-client  elastic-v2.jar  hdfs.jar  http.jar  kafka.jar  log4j-1.2.16.jar  syslog-ng-common.jar  syslog-ng-core.jar</div><div class=""><br class=""></div></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">==</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">root@ES6:/etc/syslog-ng# syslog-ng -Fevd<br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><div class="">[2017-12-14T23:04:21.552408]                 Compiling #unnamed sequence [log] at [source generator system:14:12]</div><div class="">[2017-12-14T23:04:21.552510]         Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.<wbr class="">conf:10:35]</div><div class="">[2017-12-14T23:04:21.552632]   Compiling d_all reference [destination] at [/etc/syslog-ng/syslog-ng.<wbr class="">conf:27:24]</div><div class="">[2017-12-14T23:04:21.552715]     Compiling d_all sequence [destination] at [/etc/syslog-ng/syslog-ng.<wbr class="">conf:12:1]</div><div class="">[2017-12-14T23:04:21.552781]       Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.<wbr class="">conf:12:20]</div><div class="">[2017-12-14T23:04:21.552884]         Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.<wbr class="">conf:12:21]</div><div class="">[2017-12-14T23:04:21.553211] Module loaded and initialized successfully; module='syslogformat'</div><div class="">[2017-12-14T23:04:21.553425] Processing the time zone file (32bit part); filename='/usr/share/zoneinfo/<wbr class="">UTC'</div><div class="">[2017-12-14T23:04:21.671696] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/syslog-ng-core.jar;</div><div class="">[2017-12-14T23:04:21.672418] Add path to classpath: /usr/share/elasticsearch/lib/;</div><div class="">[2017-12-14T23:04:21.673641] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/syslog-ng-core.jar;</div><div class="">[2017-12-14T23:04:21.673912] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/syslog-ng-common.jar;</div><div class="">[2017-12-14T23:04:21.674218] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/hdfs.jar;</div><div class="">[2017-12-14T23:04:21.674704] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/http.jar;</div><div class="">[2017-12-14T23:04:21.675858] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/kafka.jar;</div><div class="">[2017-12-14T23:04:21.676116] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/log4j-1.2.16.jar;</div><div class="">[2017-12-14T23:04:21.676322] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/elastic-v2.jar;</div><div class="">[2017-12-14T23:04:21.676484] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/elastic.jar;</div><div class="">[2017-12-14T23:04:21.741649] Add path to classpath: /usr/lib/syslog-ng/3.13/java-<wbr class="">modules/syslog-ng-core.jar;</div><div class="">[2017-12-14T23:04:21.746168] Error initializing message pipeline; plugin name='java', location='#buffer:2:3'</div><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">Any suggestions ?</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class="">R!</div><div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgba(0,0,0,0)" class=""><br class=""></div></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">______________________________<wbr class="">______________________________<wbr class="">__________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a></span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a></span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a></span></div></blockquote></div><br class=""></div></div>______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></div></div><br class="">______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class="">
<br class="">
<br class=""></blockquote></div><br class=""></div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>