
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

Thanks Balazs

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

<div class="">I managed to get things working again by reinstalling syslog-ng (3.26.1) using the default install prefix (/usr/local)</div>

<div class="">BTW syslog-ng seems agnostic as to whether there is a - or an _ in the name I have tried both in the conf and both work in this version</div>

<div class=""><br class="">

</div>

<div class="">my previous practice (which I have used for years) was to use a prefix of /usr/local/syslog-ng-<version> and have a symlink in for syslog-ng in /user/local pointing to the current version.  With in the real install I moved etc to dist-etc and

 then linked etc to /etc/syslog-ng/</div>

<div class="">lrwxrwxrwx 1 root root 15 Mar 31 09:02 /usr/local/syslog-ng-3.26.1/etc -> /etc/syslog-ng/</div>

<div class=""><br class="">

</div>

<div class="">I now have the weird situation where version installed in /usr/local/syslog-ng-3.26.1/ fails but the one in /usr/local works</div>

<div class=""><br class="">

</div>

<div class="">rf<font face="Menlo" class="">ul011@secmgrprd02:~$ /usr/local/syslog-ng-3.26.1/sbin/syslog-ng -s -f ~/short.conf<br class="">

Error parsing destination statement, destination plugin elasticsearch-http not found in /home/rful011/short.conf:11:3-11:21:<br class="">

6           network( transport("tcp") flags(no-multi-line) port(1514) keep-alive(yes));<br class="">

7       };<br class="">

8       <br class="">

9       <br class="">

10      destination d_elastic {<br class="">

11---->   elasticsearch-http(<br class="">

11---->   ^^^^^^^^^^^^^^^^^^</font></div>

<div class=""><font face="Menlo" class=""><br class="">

</font></div>

<div class="">

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class="">

<span style="font-variant-ligatures: no-common-ligatures; color: #2fb41d" class=""><b class="">rful011@secmgrprd02</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: #400bd9" class=""><b class="">~</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">$

 ls -l /usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf </span></div>

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class="">

<span style="font-variant-ligatures: no-common-ligatures" class="">-rw-r--r-- 1 rful011 rful011 1901 Jan 25 02:54 /usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf</span></div>

<br class="">

</div>

<div class="">

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal;" class="">

<font face="Menlo" class=""><span style="font-variant-ligatures: no-common-ligatures; color: rgb(47, 180, 29);" class=""><b class="">rful011@secmgrprd02</b></span><span style="font-variant-ligatures: no-common-ligatures;" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: rgb(64, 11, 217);" class=""><b class="">~</b></span><span style="font-variant-ligatures: no-common-ligatures;" class="">$

 /usr/local/sbin/syslog-ng -s -f ~/short.conf</span></font></div>

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; color: rgb(47, 180, 29);" class="">

<font face="Menlo" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">rful011@secmgrprd02</b></span><span style="font-variant-ligatures: no-common-ligatures; color: #000000" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: #400bd9" class=""><b class="">~</b></span><span style="font-variant-ligatures: no-common-ligatures; color: #000000" class="">$ </span></font></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures; color: #000000" class=""><font face="Menlo" class=""><br class="">

</font></span></div>

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class="">

<span style="font-variant-ligatures: no-common-ligatures; color: #2fb41d" class=""><b class="">rful011@secmgrprd02</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: #400bd9" class=""><b class="">~</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">$

 ls -l /usr/local/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf </span></div>

<div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class="">

<span style="font-variant-ligatures: no-common-ligatures" class="">-rw-r--r-- 1 rful011 rful011 1901 Jan 25 02:54 /usr/local/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf</span></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class="">

</span></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Now comes the really weird bit.  </span></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class="">

</span></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">While writing this I decided to try reinstalling my original 3.21 version by simply doing a make install and this works fine!  </span></div>

<div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class="">

</span></div>

<div class="">Which is really weird because that was the first thing I did after I realised things had been broken.  My next step was to install 3.22 and then 3.26 in /usr/local/syslog-ng<version>.  I then deleted all of them and installed 3.26.1 in /usr/local

 and that worked.</div>

<div class=""><br class="">

</div>

<div class="">I am happy to spend more time on this if you want to get to the bottom of this even though I have my system back.  Like much of the rest of the world I am stuck at home, alone, under fairly strict lockdown so I am happy to contribute something

 back to the project!</div>

<div class=""><br class="">

</div>

<div class="">Russell</div>

<div class=""><br class="">

</div>

<blockquote type="cite" class="">On 2/04/2020, at 9:48 AM, Balazs Scheidler <<a href="mailto:bazsi77@gmail.com" class="">bazsi77@gmail.com</a>> wrote:<br class="">

<br class="">

elasticsearch-http is provided by <a href="https://github.com/syslog-ng/syslog-ng/blob/master/scl/elasticsearch/elastic-http.conf" class="">https://github.com/syslog-ng/syslog-ng/blob/master/scl/elasticsearch/elastic-http.conf</a><br class="">

<br class="">

Make sure that file is installed. Also the name of the block is using a dash, whereas you were using an underscore. I think it should be all the same as we generally convert lot of things from underscore to dashes but I would check this explicitly.<br class="">

<br class="">

On Wed, Apr 1, 2020, 20:49 Russell Fulton <r.fulton@auckland.ac.nz> wrote:<br class="">

<br class="">

<br class="">

<blockquote type="cite" class="">On 31/03/2020, at 7:05 PM, Antal Nemes (anemes) <Antal.Nemes@oneidentity.com> wrote:<br class="">

<br class="">

Just another idea that may give a clue.<br class="">

<br class="">

If you start syslog-ng with foreground with debug and trace leve (syslog-ng -Fevdt)l, syslog-ng<br class="">

</blockquote>

<br class="">

a couple more data points:<br class="">

<br class="">

 /usr/local/syslog-ng-3.26.1/sbin/syslog-ng -Fedv -s -f ~/short.conf<br class="">

 gives no errors and includes<br class="">

<br class="">

[2020-04-01T15:06:30.869576] Reading shared object for a candidate module; path='/usr/local/syslog-ng-3.26.1/lib/syslog-ng', fname='libhttp.so', module='http'<br class="">

[2020-04-01T15:06:30.871503] Registering candidate plugin; module='http', context='destination', name='http'<br class="">

<br class="">

endis with:<br class="">

<br class="">

[2020-04-01T15:06:30.892770] Starting to read include file; filename='/usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'<br class="">

[2020-04-01T15:06:30.893592] Module loaded and initialized successfully; module='confgen'<br class="">

[2020-04-01T15:06:30.894031] Finishing include; filename='/usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'<br class="">

[2020-04-01T15:06:30.894188] Finishing include; filename='/usr/local/syslog-ng-3.26.1/etc/scl.conf', depth='1'<br class="">

[2020-04-01T15:06:30.894717] Module loaded and initialized successfully; module='afsocket'<br class="">

Error parsing destination statement, destination plugin elasticsearch_http not found in /home/rful011/short.conf:11:3-11:21:<br class="">

6           network( transport("tcp") flags(no-multi-line) port(1514) keep-alive(yes));<br class="">

7       };<br class="">

8       <br class="">

9       <br class="">

10      destination d_elastic {<br class="">

11---->   elasticsearch_http(<br class="">

11---->   ^^^^^^^^^^^^^^^^^^<br class="">

<br class="">

and <br class="">

<br class="">

rful011@secmgrprd02:~$ /usr/local/syslog-ng/sbin/syslog-ng -V -s -f ~/short.conf <br class="">

syslog-ng 3 (3.26.1)<br class="">

Config version: 3.22<br class="">

Installer-Version: 3.26.1<br class="">

Revision: <br class="">

Compile-Date: Mar 31 2020 08:54:40<br class="">

Module-Directory: /usr/local/syslog-ng-3.26.1/lib/syslog-ng<br class="">

Module-Path: /usr/local/syslog-ng-3.26.1/lib/syslog-ng<br class="">

Include-Path: /usr/local/syslog-ng-3.26.1/share/syslog-ng/include<br class="">

Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,azure-auth-header,basicfuncs,cef,confgen,cryptofuncs,csvparser,timestamp,dbparser,disk-buffer,examples,geoip2-plugin,tfgetent,graphite,hook-commands,http,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,mod-python,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,xml<br class="">

Enable-Debug: off<br class="">

Enable-GProf: off<br class="">

Enable-Memtrace: off<br class="">

Enable-IPv6: on<br class="">

Enable-Spoof-Source: off<br class="">

Enable-TCP-Wrapper: off<br class="">

Enable-Linux-Caps: off<br class="">

Enable-Systemd: off<br class="">

<br class="">

<br class="">

<br class="">

______________________________________________________________________________<br class="">

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<br class="">

Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<br class="">

FAQ: http://www.balabit.com/wiki/syslog-ng-faq<br class="">

<br class="">

______________________________________________________________________________<br class="">

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<br class="">

Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<br class="">

FAQ: http://www.balabit.com/wiki/syslog-ng-faq<br class="">

<br class="">

</blockquote>

<br class="">

</div>

</body>

</html>