<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:"\@Malgun Gothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Greetings,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I don’t know this is the right place to ask about this question but I will give it a shot. We are running a syslog-ng server and we want to use Kibana as a visualization tool.<o:p></o:p></p>
<p class="MsoNormal">I got stuck in at this point when configuring conf.d file.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">source s_tcp {<o:p></o:p></p>
<p class="MsoNormal"> tcp(ip("0.0.0.0") port("514"));<o:p></o:p></p>
<p class="MsoNormal"> udp(ip("0.0.0.0") port("514"));<o:p></o:p></p>
<p class="MsoNormal">};<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">destination d_el {<o:p></o:p></p>
<p class="MsoNormal"> elasticsearch2(<o:p></o:p></p>
<p class="MsoNormal"> client-mode("http")<o:p></o:p></p>
<p class="MsoNormal"> index("syslog-ng")<o:p></o:p></p>
<p class="MsoNormal"> type("test")<o:p></o:p></p>
<p class="MsoNormal"> cluster-url(<a href="http://10.1.3.222:9200">http://10.1.3.222:9200</a>)<o:p></o:p></p>
<p class="MsoNormal"> );<o:p></o:p></p>
<p class="MsoNormal"> #file("/var/log/networks/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY.log");<o:p></o:p></p>
<p class="MsoNormal">};<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">log {<o:p></o:p></p>
<p class="MsoNormal"> source(s_tcp);<o:p></o:p></p>
<p class="MsoNormal"> destination(d_el);<o:p></o:p></p>
<p class="MsoNormal"> flags(flow-control);<o:p></o:p></p>
<p class="MsoNormal">};<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If I start syslog-ng daemon, I got the below error.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: [2022-04-04T11:54:42.443764] Plugin module not found in 'module-path'; module-path='/usr/lib/syslog-ng/3.13', module='mod-java'<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: Error parsing destination, destination plugin elasticsearch2 not found in /etc/syslog-ng/conf.d/firewals.conf at line 10, column<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: included from /etc/syslog-ng/syslog-ng.conf line 163, column 1<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: elasticsearch2(<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: ^^^^^^^^^^^^^^<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: syslog-ng documentation:
<a href="https://www.balabit.com/support/documentation?product=syslog-ng-ose">https://www.balabit.com/support/documentation?product=syslog-ng-ose</a><o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng syslog-ng[22294]: contact: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng systemd[1]: syslog-ng.service: Failed with result 'exit-code'.<o:p></o:p></p>
<p class="MsoNormal">Apr 04 11:54:42 syslog-ng systemd[1]: Failed to start System Logger Daemon.<o:p></o:p></p>
<p class="MsoNormal">-- Subject: Unit syslog-ng.service has failed<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am running 3.13 (syslog-ng) and what did I miss?<o:p></o:p></p>
</div>
<p></p>
<p>PRIVILEGED AND CONFIDENTIAL COMMUNICATION</p>
<p>This message is privileged and confidential under state and federal law. <br>
It is intended for the exclusive use of the named recipient. If the reader of this message is not the named or intended recipient, <br>
or the employee or agent responsible for delivering the message to its intended recipient, you are hereby notified that any use, copying, disclosure or dissemination of this message is strictly prohibited. <br>
If you are not the named or intended recipient and have received this communication in error, please notify us immediately by replying to the sender of this e-mail or at the address and phone number listed below, <br>
and take all steps necessary to delete this communication.</p>
<p>Exactech, Inc.<br>
2320 NW 66th Ct.<br>
Gainesville, FL. 32653<br>
352-377-1140<br>An Equal Opportunity Employer </p></body>
</html>