Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik

On Mon, May 1, 2017 at 9:11 PM, Dwijadas Dey <dwijad@gmail.com> wrote:

Hi
Vijay
I don't see json-plugin under Available-Modules section in the output of # syslog-ng -V

I have also compiled syslog-ng from source (3.6.4), and it shows json-plugin in the output of syslog-ng -V You may need to pass enable-json flag while compiling it from source.

# syslog-ng -V
syslog-ng 3.6.4
Installer-Version: 3.6.4
Revision:
Compile-Date: Dec 18 2016 15:02:59
Available-Modules: pseudofile,graphite,sdjournal,afsocket,syslogformat,afsocket-notls,afsocket-tls,affile,afprog,afuser,afamqp,afmongodb,csvparser,confgen,system-source,linux-kmsg-format,basicfuncs,cryptofuncs,dbparser,json-plugin,tfgeoip,afstomp
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: off

Since you are using the version 3.9.1, i am not 100% sure that, this is the issue.

Also, you can try this link.
https://lists.balabit.hu/pipermail/syslog-ng/2016-February/022667.html

Regards

On Tue, May 2, 2017 at 12:00 AM, vijay amruth <vijayamruth@gmail.com> wrote:
Hello All, Hope you are all doing great. I am unable to start syslog-ng service

Here is some information:

OS Version: Cent OS 7.3

I compiled it from a tar ball..

[root@xxxxx system]# syslog-ng -V
syslog-ng 3.9.1
Installer-Version: 3.9.1
Revision:
Module-Directory: /usr/local/lib/syslog-ng
Module-Path: /usr/local/lib/syslog-ng
Available-Modules: kvformat,cef,disk-buffer,add-contextual-data,syslogformat,afsocket,affile,afprog,afuser,afamqp,afmongodb,csvparser,confgen,system-source,linux-kmsg-format,basicfuncs,cryptofuncs,dbparser,afstomp,pseudofile,graphite,sdjournal,date
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: off

I manually added this file, this didn't come with install...

[root@xxxxx system]# cat syslog-ng.service
[Unit]
Description=System Logger Daemon
Documentation=man:syslog-ng(8)

[Service]
Type=notify
Sockets=syslog.socket
ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd-ng.pid --fd-limit 50000
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=syslog.service
[root@sl-sz3-splunk01 system]# pwd
/lib/systemd/system

Had parser errors:

[root@xxxxxx ~]# syslog-ng -s
Error parsing config, Error compiling template (Unknown template function "format-json") in /usr/local/share/syslog-ng/include/scl/cim/template.conf at line 23, column 32:
included from /usr/local/etc/scl.conf line 29, column 1
included from /usr/local/etc/syslog-ng.conf line 8, column 1

template-function "format-cim" "$(format-json --pair @timestamp='${R_ISODATE}' --pair @message='${MSG}' --key .cim.* --shift 5 --key _* --key .* --replace-prefix .=_ --key *.*)\n";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Moved /usr/local/share/syslog-ng/include/scl/cim and no parser errors.
But still unable to start.

[root@xxxxx system]# systemctl status syslog-ng.service
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; disabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Mon 2017-05-01 10:46:58 PDT; 7s ago
Docs: man:syslog-ng(8)
Process: 2170 ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd-ng.pid --fd-limit 50000 (code=exited, status=203/EXEC)
Main PID: 2170 (code=exited, status=203/EXEC)

May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: syslog-ng.service: main process exited, code=exited, status=203/EXEC
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Failed to start System Logger Daemon.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Unit syslog-ng.service entered failed state.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: syslog-ng.service failed.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: start request repeated too quickly for syslog-ng.service
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Failed to start System Logger Daemon.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Unit syslog-ng.service entered failed state.
May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: syslog-ng.service failed.

What I am I missing? Any help is appreciated. Thank you.

--
Thanks,
Vijay Amrut.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq