Thank you Gabor,

Your below comments were very helpful and i suspect i've solved the java issue (maybe i should open a new thread).

After setting correctly the java env in bashrc, this the output i get from #syslog-ng -Fve command:

Error parsing config, syntax error, unexpected $end, expecting ';' in /etc/syslog-ng/syslog-ng.conf:
173     log { source(s_src); filter(f_messages); destination(d_messages); };
174    
175     log { source(s_src); filter(f_console); destination(d_console_all);
176                         destination(d_xconsole); };
177     log { source(s_src); filter(f_crit); destination(d_console); };
178--->
178---> ^
179     # All messages send to a remote site
180     #
181     #log { source(s_src); destination(d_net); };
182     log { source(s_net); destination(d_es); flags(flow-control); };
183    

I cannot see any syntax error (regarding the ';') in my syslong-ng.conf file. Is there any know bug related to this. Also, i wonder why "log {---}' syntaxes are returning errors.

Regards,

Sorry I forgot to link our blog post about common java problems.

It could help and explain some common errors during installation.

https://syslog-ng.com/blog/troubleshooting-java-support-syslog-ng/

Regards,

Gabor

On Fri, May 25, 2018 at 11:35 AM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:

Hi Komi!

You need the java package for syslog-ng too: "syslog-ng-mod-java".

What is the source of the syslog-ng package you installed?

You will need additional steps after you have installed the syslog-ng java package.

In our admin we have detailed instructions to setup elasticsearch2 destination:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-elasticsearch2.html

Feel free to ask if you got stuck!

Regards,

Gabor

On Fri, May 25, 2018 at 10:49 AM, Komi Elitcha <kmw.elitcha@gmail.com> wrote:

Good day all,

I'm new to this mailing list.

I'm setting up syslong-ng+elasticsearch+kibana on an Ubuntu 18.04; i'm getting the following output/error from command: ]#syslog-ng -Fve


Error parsing destination, destination plugin java not found in block destination elasticsearch2 (at /usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf:58:1):
1
2----->   java(
2----->   ^^^^
3 class_path("/usr/lib/syslog-ng/3.15/java-modules/*.jar:/usr/lib/syslog-ng/3.15/java-modules/elastic-jest-client/*.jar:/opt/syslog-ng/jre1.8.0_171/lib//*.jar")
4 class_name("org.syslog_ng.elasticsearch_v2.ElasticSearchDestination")
5           option("index", "*log*")
6           option("type", "syslog")
7           option("server", "localhost")

Included from /etc/syslog-ng/syslog-ng.conf:
90      # Debian only
91      destination d_ppp { file("/var/log/ppp.log"); };
92
93      # Elasticsearch destination
94      destination d_es {
95---->     elasticsearch2(
95---->     ^^^^^^^^^^^^^^^^
96                cluster("syslog-ng")
97                client-lib-dir("/usr/share/elasticsearch/lib/")
98 client-lib-dir("/opt/syslog-ng/jre1.8.0_171/lib/")
99                time-zone("UTC")
100               cluster-url("http://localhost:9200")


Any help is welcome.

Thanks.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq