Thanks for the doc. I read them and i have the following error:

Error parsing destination, destination plugin java not found in /etc/syslog-ng/syslog-ng.conf at line 57, column 3:
java(

I have configure as follow:
@version:3.7
@include "scl.conf"
@module mod-java

source s_sys {
        system();
        internal();
        network(ip(0.0.0.0) port(6514)
        flags(syslog-protocol)
        transport("tls")
        tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")
        cert_file("/etc/syslog-ng/cert.d/servercert.pem")
        ca_dir("/etc/syslog-ng/ca.d")
        ) );

};

parser pattern_db {
db-parser(
    file("/etc/syslog-ng/patterndb.d/patterndb.xml")
);
};

destination d_es {
java(
    class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
    class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
    option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
    option("type", "test")
    option("cluster", "czpcluster")
    option("flush_limit", "100")
    option( "message_template", "$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n")
);
};

I have installed just Syslog-NG and Elasticsearch ? Do i need to install somethign else ?

On 05/26/2016 04:53 PM, Szabó, István wrote:

Hi,

For using syslog-ng together with elasticsearch and Kibana this is a pretty good description, also giving you a good understanding of what it enables you to do:

https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/

https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/

/Istvan
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq