Try this (from our kickstart script at http://logzilla.sh)

# Syslog-ng Repo:

source /etc/lsb-release

grep -q "deb http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/xUbuntu_${DISTRIB_RELEASE} ./" \

/etc/apt/sources.list /etc/apt/sources.list.d/*.list || \

echo "deb http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/xUbuntu_${DISTRIB_RELEASE} ./" \

> /etc/apt/sources.list.d/syslog-ng.list

apt-key list | grep -q laszlo_budai:syslog-ng || wget -qO- \

"http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/xUbuntu_${DISTRIB_RELEASE}/Release.key" | \

sudo apt-key add - >/dev/null

apt update

apt install syslog-ng

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Simon Mousey Smith <simonsmith5521@gmail.com>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Date: Tuesday, November 8, 2016 at 7:10 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] unable to install syslog-ng ubuntu 16.04

Hi,

Im still no luck either :(

Tried assorts but no luck

regards

Simon

On 8 Nov 2016, at 12:10, Varugis Kurien <vkurien@midfinsystems.com> wrote:

Hi Laszlo,

Have you been able to get this to work? I am in exactly the same position as Simon - I need the ability to parse Linux audit logs in syslog-ng.

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Laszlo Budai <laszlo.budai@outlook.com>
Sent: Saturday, November 5, 2016 1:59:09 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] unable to install syslog-ng ubuntu 16.04

Hi,

in docker it is not working...

I'll try to fix this issue.

regards,

Laszlo Budai

_____________________________
From: Scheidler, Balázs <balazs.scheidler@balabit.com>
Sent: Saturday, November 5, 2016 9:21 AM
Subject: Re: [syslog-ng] unable to install syslog-ng ubuntu 16.04n
To: László Budai <lbudai@balabit.hu>, Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

Indeed, I think the problem is that syslog-ng core depends on syslog-ng-mod-journal, which recursively depends on syslog-ng-core through a Provides line.

Hmm.. the funny part that a week ago I successfully installed the same package on one of my servers, but now in a clean docker container I couldn't do that.

I have a workaround, attached you'll find an equivs compatible control file, that provides the missing dependency, once that is installed, "apt-get install syslog-ng" works.

It goes like this:

# dpkg -i syslog-ng-abi-3.8-0_3.8.1-1_all.deb
Selecting previously unselected package syslog-ng-abi-3.8-0.
(Reading database ... 7256 files and directories currently installed.)
Preparing to unpack syslog-ng-abi-3.8-0_3.8.1-1_all.deb ...
Unpacking syslog-ng-abi-3.8-0 (3.8.1-1) ...
Setting up syslog-ng-abi-3.8-0 (3.8.1-1) ...

# apt-get install syslog-ng-core
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
cron libevtlog0 libffi6 libglib2.0-0 libglib2.0-data libicu55 libivykis0 libnet1 libpopt0 libssl1.0.0 libwrap0 libxml2 logrotate sgml-base
shared-mime-info syslog-ng-mod-journal tcpd xdg-user-dirs xml-core
Suggested packages:
anacron checksecurity exim4 | postfix | mail-transport-agent mailx sgml-base-doc syslog-ng-mod-sql syslog-ng-mod-mongodb syslog-ng-mod-json
syslog-ng-mod-smtp syslog-ng-mod-amqp syslog-ng-mod-geoip syslog-ng-mod-redis syslog-ng-mod-stomp syslog-ng-mod-riemann syslog-ng-mod-graphite
syslog-ng-mod-python syslog-ng-mod-java syslog-ng-mod-java-common-lib syslog-ng-mod-elastic syslog-ng-mod-hdfs syslog-ng-mod-kafka syslog-ng-mod-http
syslog-ng-mod-curl syslog-ng-mod-kvformat syslog-ng-mod-add-contextual-data debhelper
The following NEW packages will be installed:
cron libevtlog0 libffi6 libglib2.0-0 libglib2.0-data libicu55 libivykis0 libnet1 libpopt0 libssl1.0.0 libwrap0 libxml2 logrotate sgml-base
shared-mime-info syslog-ng-core syslog-ng-mod-journal tcpd xdg-user-dirs xml-core
0 upgraded, 20 newly installed, 0 to remove and 11 not upgraded.
Need to get 11.9 MB of archives.
After this operation, 49.5 MB of additional disk space will be used.
Do you want to continue? [Y/n]

The "syslog-ng-core" package only contains a subset of the syslog-ng package, pulling in a smaller set of dependencies, whereas syslog-ng is the full set.

The abi package here is just a fake one, I'll make sure this packaging issue gets fixed.

--
Bazsi

On Thu, Nov 3, 2016 at 10:25 PM, Simon Smith <simonsmith5521@gmail.com> wrote:

Hi All

has anyone been able to install syslog-ng 3.8 successfully on ubuntu 16.04 ?

I’m using the link from the mailing list a few months ago but again no luck - http://lists.balabit.hu/pipermail/syslog-ng/2016-August/023150.html

no matter what packages i try to install it just won’t work

any ideas?

root@syslog:~# apt-get install syslog-ng

Reading package lists... Done

Building dependency tree

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

syslog-ng : Depends: syslog-ng-core (>= 3.8.1) but it is not going to be installed

Depends: syslog-ng-mod-sql but it is not going to be installed

Depends: syslog-ng-mod-mongodb but it is not going to be installed

Depends: syslog-ng-mod-json but it is not going to be installed

Recommends: syslog-ng-mod-journal but it is not going to be installed

Recommends: syslog-ng-mod-smtp but it is not going to be installed

Recommends: syslog-ng-mod-amqp but it is not going to be installed

Recommends: syslog-ng-mod-geoip but it is not going to be installed

Recommends: syslog-ng-mod-redis but it is not going to be installed

Recommends: syslog-ng-mod-stomp but it is not going to be installed

Recommends: syslog-ng-mod-riemann but it is not going to be installed

Recommends: syslog-ng-mod-graphite but it is not going to be installed

Recommends: syslog-ng-mod-python but it is not going to be installed

Recommends: syslog-ng-mod-java but it is not going to be installed

Recommends: syslog-ng-mod-java-common-lib but it is not going to be installed

Recommends: syslog-ng-mod-elastic but it is not going to be installed

Recommends: syslog-ng-mod-hdfs but it is not going to be installed

Recommends: syslog-ng-mod-kafka but it is not going to be installed

Recommends: syslog-ng-mod-http but it is not going to be installed

Recommends: syslog-ng-mod-curl but it is not going to be installed

Recommends: syslog-ng-mod-kvformat but it is not going to be installed

Recommends: syslog-ng-mod-add-contextual-data but it is not going to be installed

E: Unable to correct problems, you have held broken packages.

root@syslog:~# apt-get install syslog-ng-core

Reading package lists... Done

Building dependency tree

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

syslog-ng-core : Depends: syslog-ng-mod-journal but it is not going to be installed

E: Unable to correct problems, you have held broken packages.

root@syslog:~# apt-get install syslog-ng-mod-journal

Reading package lists... Done

Building dependency tree

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

syslog-ng-mod-journal : Depends: syslog-ng-abi-3.8-0 but it is not installable

E: Unable to correct problems, you have held broken packages.

root@syslog:~# apt-get install syslog-ng syslog-ng-core syslog-ng-mod-sql syslog-ng-mod-mongodb syslog-ng-mod-json syslog-ng-mod-journal

Reading package lists... Done

Building dependency tree

Reading state information... Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

syslog-ng-mod-journal : Depends: syslog-ng-abi-3.8-0 but it is not installable

syslog-ng-mod-json : Depends: syslog-ng-abi-3.8-0 but it is not installable

syslog-ng-mod-mongodb : Depends: syslog-ng-abi-3.8-0 but it is not installable

syslog-ng-mod-sql : Depends: syslog-ng-abi-3.8-0 but it is not installable

E: Unable to correct problems, you have held broken packages.

root@syslog:~#

regards

Simon - Hestor Ltd

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq