<div dir="ltr"><div>There was a bug that caused errors to be reported incorrectly in case a block reference (in this case probably elasticsearch2) span multiple lines. The fix is already in master.<br><br></div>The bug was introduced in 3.15 IIRC, and this PR contains the fix:<br><a href="https://github.com/balabit/syslog-ng/pull/2035">https://github.com/balabit/syslog-ng/pull/2035</a><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Sun, May 27, 2018 at 6:53 PM, Kókai Péter <span dir="ltr"><<a href="mailto:peter.kokai@balabit.com" target="_blank">peter.kokai@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I have tried to reproduce your issue with the included configuration file, but it did not cause me the same trouble.</div><div><br></div><div>If by any chance you have syslog-ng compiled with debug enabled, in that case you can start with an additional flag: '-y' to debug the grammar parser. (If yes, please share the result of that debug.)</div><div>(With -V flag you can determine if it is compiled with debug: syslog-ng -V)</div><div><br></div><div>If the debug mode is not possible you can still pinpoint where is the issue by commenting out lines from configuration.</div><div><br></div><div>Or help me to reproduce this on my machine. I have tried to use ubuntu 18.04 docker image and installed syslog-ng from this repository: <a href="http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/xUbuntu_18.04" target="_blank">http://download.opensuse.org/<wbr>repositories/home:/laszlo_<wbr>budai:/syslog-ng/xUbuntu_18.04</a></div><div><br></div><div><div>syslog-ng -V</div><div>syslog-ng 3 (3.15.1)</div><div>Config version: 3.15</div><div>Installer-Version: 3.15.1</div><div>Revision: 3.15.1-1</div><div>Compile-Date: Apr 19 2018 08:29:20</div></div><div><br></div><div><span style="color:rgb(33,33,33)"><br></span></div><div>--</div><div>Kokan</div><div><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Fri, May 25, 2018 at 10:06 PM Komi Elitcha <<a href="mailto:kmw.elitcha@gmail.com" target="_blank">kmw.elitcha@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Kokan,</p>
<p>Please see attached.</p>
<p>Furthermore, the "log {---}" syntax is the one provided from
install; i didn't modify it.</p>
<p>Regards,<br>
</p></div><div text="#000000" bgcolor="#FFFFFF">
<br>
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166moz-cite-prefix">Le 25/05/2018 à 19:52, Kókai Péter a
écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>Would it be possible to share your configuration file as an
attachment, or upload somewhere ?</div>
<div><br>
</div>
<div>The error message indicates that the parser reached the end
of the file(of course it is not), but it requires the ';' to
close the previous block. It also points to the place where it
found the file end.</div>
<div><br>
</div>
<div><span style="color:rgb(33,33,33)">177 log {
source(s_src); filter(f_crit); destination(d_console); };</span><br style="color:rgb(33,33,33)">
<span style="color:rgb(33,33,33)">178---> </span><br style="color:rgb(33,33,33)">
<span style="color:rgb(33,33,33)">178---> ^</span><br>
</div>
<div><span style="color:rgb(33,33,33)"><br>
</span></div>
<div><span style="color:rgb(33,33,33)">Removing that empty line
might also help. (It points to the empty line and not to the
log)</span></div>
<div><br>
</div>
<div>--</div>
<div>Kokan</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 25, 2018 at 9:42 PM Komi Elitcha <<a href="mailto:kmw.elitcha@gmail.com" target="_blank">kmw.elitcha@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello Kokan,</p>
<p>I double checked inside '/etc/syslog-ng/syslog-ng.<wbr>conf'
file and i don't have any '\r' carriage.</p>
<p>Are you pointing me to another conf file?</p>
<p>Regards,<br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF"> <br>
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120moz-cite-prefix">Le
25/05/2018 à 19:10, Kókai Péter a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>You probably have a '\r' carriage return in your
configuration, that is not supported. Remove it and it
should work :)</div>
<div><br>
</div>
<div>--</div>
<div>Kokan</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 25, 2018 at 8:59 PM Komi
Elitcha <<a href="mailto:kmw.elitcha@gmail.com" target="_blank">kmw.elitcha@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Oups...</p>
<p>Additionally, i'm getting an error saying that
syslog-ng-core in not configured yet.</p>
<p>I hope i didn't miss anything.</p>
<p>Thanks.<br>
</p>
</div>
<div text="#000000" bgcolor="#FFFFFF"> <br>
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-cite-prefix">Le
25/05/2018 à 18:39, Komi Elitcha a écrit :<br>
</div>
<blockquote type="cite">
<p>Thank you Gabor,</p>
<p>Your below comments were very helpful and i
suspect i've solved the java issue (maybe i
should open a new thread).</p>
<p>After setting correctly the java env in bashrc,
this the output i get from #syslog-ng -Fve
command:</p>
<p><br>
</p>
<p>Error parsing config, syntax error, unexpected
$end, expecting ';' in
/etc/syslog-ng/syslog-ng.conf:<br>
173 log { source(s_src); filter(f_messages);
destination(d_messages); };<br>
174 <br>
175 log { source(s_src); filter(f_console);
destination(d_console_all);<br>
176
destination(d_xconsole); };<br>
177 log { source(s_src); filter(f_crit);
destination(d_console); };<br>
178---> <br>
178---> ^<br>
179 # All messages send to a remote site<br>
180 #<br>
181 #log { source(s_src);
destination(d_net); };<br>
182 log { source(s_net); destination(d_es);
flags(flow-control); };<br>
183 <br>
</p>
<p><br>
</p>
<p>I cannot see any syntax error (regarding the
';') in my syslong-ng.conf file. Is there any
know bug related to this. Also, i wonder why
"log {---}' syntaxes are returning errors.</p>
<p><br>
</p>
<p>Regards,<br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-cite-prefix">Le
25/05/2018 à 10:20, Nagy, Gábor a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Sorry I forgot to link our blog
post about common java problems.
<div>It could help and explain some common
errors during installation.<br>
<div><br>
</div>
<div><a href="https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/" target="_blank">https://syslog-ng.com/blog/<wbr>troubleshooting-java-support-<wbr>syslog-ng/</a><br>
</div>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Gabor</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, May 25, 2018
at 11:35 AM, Nagy, Gábor <span dir="ltr"><<a href="mailto:gabor.nagy@balabit.com" target="_blank">gabor.nagy@balabit.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Komi!<br>
<br>
You need the java package for syslog-ng
too: "syslog-ng-mod-java".
<div>What is the source of the syslog-ng
package you installed?</div>
<div><br>
</div>
<div>You will need additional steps
after you have installed the syslog-ng
java package.</div>
<div>In our admin we have detailed
instructions to setup elasticsearch2
destination:<br>
<a href="https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html" target="_blank">https://syslog-ng.com/<wbr>documents/html/syslog-ng-ose-<wbr>latest-guides/en/syslog-ng-<wbr>ose-guide-admin/html/<wbr>configuring-destinations-<wbr>elasticsearch2.html</a><br>
</div>
<div><br>
</div>
<div>Feel free to ask if you got stuck!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Gabor</div>
</div>
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758HOEnZb">
<div class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, May
25, 2018 at 10:49 AM, Komi Elitcha
<span dir="ltr"><<a href="mailto:kmw.elitcha@gmail.com" target="_blank">kmw.elitcha@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Good day
all,<br>
<br>
I'm new to this mailing list.<br>
<br>
I'm setting up
syslong-ng+elasticsearch+<wbr>kibana
on an Ubuntu 18.04; i'm getting
the following output/error from
command: ]#syslog-ng -Fve<br>
<br>
<br>
Error parsing destination,
destination plugin java not
found in block destination
elasticsearch2 (at
/usr/share/syslog-ng/include/<wbr>scl/elasticsearch/plugin.conf:<wbr>58:1):<br>
1<br>
2-----> java(<br>
2-----> ^^^^<br>
3
class_path("/usr/lib/syslog-<wbr>ng/3.15/java-modules/*.jar:/<wbr>usr/lib/syslog-ng/3.15/java-<wbr>modules/elastic-jest-client/*.<wbr>jar:/opt/syslog-ng/jre1.8.0_<wbr>171/lib//*.jar")<br>
4
class_name("org.syslog_ng.<wbr>elasticsearch_v2.<wbr>ElasticSearchDestination")<br>
5 option("index",
"*log*")<br>
6 option("type",
"syslog")<br>
7 option("server",
"localhost")<br>
<br>
Included from
/etc/syslog-ng/syslog-ng.conf:<br>
90 # Debian only<br>
91 destination d_ppp {
file("/var/log/ppp.log"); };<br>
92<br>
93 # Elasticsearch
destination<br>
94 destination d_es {<br>
95----> elasticsearch2(<br>
95----> ^^^^^^^^^^^^^^^^<br>
96
cluster("syslog-ng")<br>
97
client-lib-dir("/usr/share/<wbr>elasticsearch/lib/")<br>
98
client-lib-dir("/opt/syslog-<wbr>ng/jre1.8.0_171/lib/")<br>
99
time-zone("UTC")<br>
100 cluster-url("<a href="http://localhost:9200" rel="noreferrer" target="_blank">http://localhost:<wbr>9200</a>")<br>
<br>
<br>
Any help is welcome.<br>
<br>
Thanks.<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>______________________________<wbr>__________________
Member info: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a>
Documentation: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a>
FAQ: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<pre class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120m_8133385003370683758moz-signature" cols="72">--
--
KE</pre>
</div>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
<br>
<fieldset class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>______________________________<wbr>__________________
Member info: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a>
Documentation: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a>
FAQ: <a class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<pre class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166m_-2673021126367762120moz-signature" cols="72">--
--
KE</pre>
</div>
</blockquote>
</div>
</blockquote>
<br>
<pre class="m_-2199677165627607533m_7198339598299844698m_-3964516419710623166moz-signature" cols="72">--
--
KE</pre>
</div>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote></div></div></div></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>