<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Kokan,</p>
<p>Please see attached.</p>
<p>Furthermore, the "log {---}" syntax is the one provided from
install; i didn't modify it.</p>
<p>Regards,<br>
</p>
<br>
<div class="moz-cite-prefix">Le 25/05/2018 à 19:52, Kókai Péter a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CABxQCphb-3UCeZuyv4ESOZQF3Gvyz_Q4Su00DrR_8QupDrbvKQ@mail.gmail.com">
<div dir="ltr">Hello,
<div><br>
</div>
<div>Would it be possible to share your configuration file as an
attachment, or upload somewhere ?</div>
<div><br>
</div>
<div>The error message indicates that the parser reached the end
of the file(of course it is not), but it requires the ';' to
close the previous block. It also points to the place where it
found the file end.</div>
<div><br>
</div>
<div><span style="color:rgb(33,33,33)">177 log {
source(s_src); filter(f_crit); destination(d_console); };</span><br
style="color:rgb(33,33,33)">
<span style="color:rgb(33,33,33)">178---> </span><br
style="color:rgb(33,33,33)">
<span style="color:rgb(33,33,33)">178---> ^</span><br>
</div>
<div><span style="color:rgb(33,33,33)"><br>
</span></div>
<div><span style="color:rgb(33,33,33)">Removing that empty line
might also help. (It points to the empty line and not to the
log)</span></div>
<div><br>
</div>
<div>--</div>
<div>Kokan</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <<a
href="mailto:kmw.elitcha@gmail.com" moz-do-not-send="true">kmw.elitcha@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Kokan,</p>
<p>I double checked inside '/etc/syslog-ng/syslog-ng.conf'
file and i don't have any '\r' carriage.</p>
<p>Are you pointing me to another conf file?</p>
<p>Regards,<br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF"> <br>
<div class="m_-2673021126367762120moz-cite-prefix">Le
25/05/2018 à 19:10, Kókai Péter a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>You probably have a '\r' carriage return in your
configuration, that is not supported. Remove it and it
should work :)</div>
<div><br>
</div>
<div>--</div>
<div>Kokan</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 25, 2018 at 8:59 PM Komi
Elitcha <<a href="mailto:kmw.elitcha@gmail.com"
target="_blank" moz-do-not-send="true">kmw.elitcha@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Oups...</p>
<p>Additionally, i'm getting an error saying that
syslog-ng-core in not configured yet.</p>
<p>I hope i didn't miss anything.</p>
<p>Thanks.<br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF"> <br>
<div
class="m_-2673021126367762120m_8133385003370683758moz-cite-prefix">Le
25/05/2018 à 18:39, Komi Elitcha a écrit :<br>
</div>
<blockquote type="cite">
<p>Thank you Gabor,</p>
<p>Your below comments were very helpful and i
suspect i've solved the java issue (maybe i
should open a new thread).</p>
<p>After setting correctly the java env in bashrc,
this the output i get from #syslog-ng -Fve
command:</p>
<p><br>
</p>
<p>Error parsing config, syntax error, unexpected
$end, expecting ';' in
/etc/syslog-ng/syslog-ng.conf:<br>
173 log { source(s_src); filter(f_messages);
destination(d_messages); };<br>
174 <br>
175 log { source(s_src); filter(f_console);
destination(d_console_all);<br>
176
destination(d_xconsole); };<br>
177 log { source(s_src); filter(f_crit);
destination(d_console); };<br>
178---> <br>
178---> ^<br>
179 # All messages send to a remote site<br>
180 #<br>
181 #log { source(s_src);
destination(d_net); };<br>
182 log { source(s_net); destination(d_es);
flags(flow-control); };<br>
183 <br>
</p>
<p><br>
</p>
<p>I cannot see any syntax error (regarding the
';') in my syslong-ng.conf file. Is there any
know bug related to this. Also, i wonder why
"log {---}' syntaxes are returning errors.</p>
<p><br>
</p>
<p>Regards,<br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div
class="m_-2673021126367762120m_8133385003370683758moz-cite-prefix">Le
25/05/2018 à 10:20, Nagy, Gábor a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Sorry I forgot to link our blog
post about common java problems.
<div>It could help and explain some common
errors during installation.<br>
<div><br>
</div>
<div><a
href="https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/"
target="_blank" moz-do-not-send="true">https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/</a><br>
</div>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Gabor</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, May 25, 2018
at 11:35 AM, Nagy, Gábor <span dir="ltr"><<a
href="mailto:gabor.nagy@balabit.com"
target="_blank" moz-do-not-send="true">gabor.nagy@balabit.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr">Hi Komi!<br>
<br>
You need the java package for syslog-ng
too: "syslog-ng-mod-java".
<div>What is the source of the syslog-ng
package you installed?</div>
<div><br>
</div>
<div>You will need additional steps
after you have installed the syslog-ng
java package.</div>
<div>In our admin we have detailed
instructions to setup elasticsearch2
destination:<br>
<a
href="https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html"
target="_blank"
moz-do-not-send="true">https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html</a><br>
</div>
<div><br>
</div>
<div>Feel free to ask if you got stuck!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Gabor</div>
</div>
<div
class="m_-2673021126367762120m_8133385003370683758HOEnZb">
<div
class="m_-2673021126367762120m_8133385003370683758h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, May
25, 2018 at 10:49 AM, Komi Elitcha
<span dir="ltr"><<a
href="mailto:kmw.elitcha@gmail.com"
target="_blank"
moz-do-not-send="true">kmw.elitcha@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">Good day
all,<br>
<br>
I'm new to this mailing list.<br>
<br>
I'm setting up
syslong-ng+elasticsearch+kibana
on an Ubuntu 18.04; i'm getting
the following output/error from
command: ]#syslog-ng -Fve<br>
<br>
<br>
Error parsing destination,
destination plugin java not
found in block destination
elasticsearch2 (at
/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1):<br>
1<br>
2-----> java(<br>
2-----> ^^^^<br>
3
class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar")<br>
4
class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")<br>
5 option("index",
"*log*")<br>
6 option("type",
"syslog")<br>
7 option("server",
"localhost")<br>
<br>
Included from
/etc/syslog-ng/syslog-ng.conf:<br>
90 # Debian only<br>
91 destination d_ppp {
file("/var/log/ppp.log"); };<br>
92<br>
93 # Elasticsearch
destination<br>
94 destination d_es {<br>
95----> elasticsearch2(<br>
95----> ^^^^^^^^^^^^^^^^<br>
96
cluster("syslog-ng")<br>
97
client-lib-dir("/usr/share/elasticsearch/lib/")<br>
98
client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/")<br>
99
time-zone("UTC")<br>
100 cluster-url("<a
href="http://localhost:9200"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://localhost:9200</a>")<br>
<br>
<br>
Any help is welcome.<br>
<br>
Thanks.<br>
<br>
______________________________________________________________________________<br>
Member info: <a
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset
class="m_-2673021126367762120m_8133385003370683758mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a class="m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" moz-do-not-send="true">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" moz-do-not-send="true">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" moz-do-not-send="true">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<pre class="m_-2673021126367762120m_8133385003370683758moz-signature" cols="72">--
--
KE</pre>
</div>
______________________________________________________________________________<br>
Member info: <a
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
<br>
<fieldset
class="m_-2673021126367762120mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a class="m_-2673021126367762120moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank" moz-do-not-send="true">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="m_-2673021126367762120moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank" moz-do-not-send="true">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="m_-2673021126367762120moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank" moz-do-not-send="true">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<pre class="m_-2673021126367762120moz-signature" cols="72">--
--
KE</pre>
</div>
</blockquote>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
KE</pre>
</body>
</html>