Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is *syslog-ng -Fevd *output [2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility' [2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18' [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ' [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth] ' [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon. ' Ivan On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
-- László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic. Have you tried checking if another syslog server is running? ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message -------- From: Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> Date: 5/12/16 5:26 AM (GMT-05:00) To: syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with *syslog-ng -Fevd *command i have the following error AGAIN :).
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient udp 0 0 0.0.0.0:60094 <http://0.0.0.0:60094> 0.0.0.0:* 638/dhclient udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN) master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN) master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN) sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN) sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN) httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN) syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN) httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys { system(); unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( # servers("localhost:27017") # database("syslog") # uri('mongodb://localhost/syslog-ng') collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
Kind regards Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
Hi i note this error of mine but i try the other one:
https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... And i have the similar errors when ever i try to install on new CentOS
The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo )
I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos:
[root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804
[root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch <http://mirror.switch.ch> * extras: mirror.switch.ch <http://mirror.switch.ch> * updates: mirror.switch.ch <http://mirror.switch.ch> Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any idea ?
On 05/09/2016 04:09 PM, Czanik, Péter wrote:
Hi,
You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czani... to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> <mailto:peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> <mailto:akivanradix@gmail.com> wrote:
I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
The following errors i get:
--> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Any hints on this ?
Kind regards Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq