Hello,

It either looks for a wrong place for the network module or that actually really not installed.

You could run the following: syslog-ng -V
That should provide something like this:

syslog-ng 3.20.1.317.g98479aa
Config version: 3.20
Installer-Version: 3.20.1.317.g98479aa
Revision: 3.20.1.317.g98479aa
Module-Directory: /tmp/install/lib/syslog-ng
Module-Path: /tmp/install/lib/syslog-ng
Include-Path: /tmp/install/share/syslog-ng/include
Available-Modules: xml,tags-parser,system-source,sdjournal,syslogformat,stardate,snmptrapd_parser,riemann,mod-python,pseudofile,pacctformat,map_value_pairs,linux-kmsg-format,kvformat,json-plugin,http,hook-commands,graphite,tfgetent,geoip2-plugin,geoip-plugin,examples,disk-buffer,dbparser,date,csvparser,cryptofuncs,confgen,cef,basicfuncs,appmodel,afuser,afstomp,afsql,afsocket,afprog,affile,afamqp,add_contextual_data
Enable-Debug: on
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: on
Enable-Systemd: on

Check if the "Available-Modules" line has the *afsocket*, if the *afsocket* is not listed there, try to look in the "Module-Path:" directory for *libafsocket.so", if it is missing maybe it is actually in a different package, you may need to install something like syslog-ng-mod-afsocket.

If you find the *libafsocket.so* in the directory I would run syslog-ng --module-registry -dvt (possibly past its result here) or look for error message as why it cannot load *libafsocket.so*.


--
Kokan

On Wed, May 1, 2019 at 5:22 PM Simon Tyler <simon.tyler@aon.com> wrote:

Hello,

 

I’m new to syslog-ng, and I’m having some trouble just getting it to listen on a tcp port. I’ve tried several different configurations. Some of the start up with no error, but a netstat or lsof command shows that there is no open /listening tcp port associated with the process. I’m pretty sure my mistake is basic or fundamental, but I haven’t had much luck finding specific details to resolve this issue; there is a fair amount of material to comb through. I’ve tried several different tutorials.

 

I want a central log server that accepts logs from multiple sources, so I started by trying to configure it to listen on a tcp port, I’m thinking 514 because we don’t use rshell anywhere, but it doesn’t really matter what port.

 

The current error I’m getting is:

 

[root@ip-10-8-41-60 syslog-ng]# service syslog-ng start

Error parsing source, source plugin network not found in /etc/syslog-ng/syslog-ng.conf at line 85, column 2:

 

        network(

        ^^^^^^^

 

The section of the config file related to networking is below; I’ve commented out several attempts.

 

# s_net = Network listener. This is listening on TCP port 514, no UDP

#source s_net { tcp(port(514) max-connections(5000)); udp();};

 

#source s_net {

#       tcp(ip(10.8.41.60) port(514));

#};

 

#source s_net {

#       network(ip(10.8.41.60) port(514));

#};

 

#source s_network {

#       default-network-drivers();

#};

 

#source s_syslog { syslog(

#               ip(10.8.41.60) port(514) transport("tcp")); };

 

source s_network {

        network(

                ip("10.8.41.60")

                transport("tcp")

                listen-backlog(2048)

                );

};

 

There is a line at the top of the file:

@include "scl.conf"

 

I’ve attached the entire file.

 

Any guidance would be very much appreciated,

 

Simon Tyler  |  Senior Systems Administrator - PathWise Solutions Group
Aon
225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
simon.tyler@aon.com

PLEASE NOTE that my email address has changed to simon.tyler@aon.com

 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq