Yes i guess but the syslog-ng is stop, how is it hes running ? I have execute systemctl stop syslog-ng
How is that is running. And there is nothing in a process or in a network:
[root@syslogserver syslog-ng]# ps axu | grep syslog
root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep --color=auto syslog
[root@syslogserver syslog-ng]# lsof | grep LISTEN
sshd 825 root 3u IPv4 14259 0t0 TCP *:ssh (LISTEN)
sshd 825 root 4u IPv6 14261 0t0 TCP *:ssh (LISTEN)
mongod 1544 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1685 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1988 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1989 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1990 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1991 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1992 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1993 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1994 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1995 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1996 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 1999 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 2000 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 2001 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 2002 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
mongod 1544 2003 mongod 6u IPv4 15757 0t0 TCP localhost:27017 (LISTEN)
master 1818 root 13u IPv4 16766 0t0 TCP localhost:smtp (LISTEN)
master 1818 root 14u IPv6 16767 0t0 TCP localhost:smtp (LISTEN)
[root@syslogserver syslog-ng]# netstat -antup | grep 6514
[root@syslogserver syslog-ng]#
On 05/12/2016 02:03 PM, Várady, László wrote:
This output is all about the messages you received, so I think you have a working configuration now.
--László Várady
On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Sorry about the previus messages i was testing and so that i have put the wrong path of the certificates here it is syslog-ng -Fevd output
[2016-05-12T13:48:13.274891] Filter rule evaluation begins; rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:48:13.274901] Filter node evaluation result; result='not-match', type='facility'
[2016-05-12T13:48:13.274912] Filter rule evaluation result; result='not-match', rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for unix-process:3014:242607 (system bus name :1.74, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
'
[2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11 syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40 [preauth]
'
[2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10 syslogserver.novalocal systemd[1]: Stopped System Logger Daemon.
'
Ivan
On 05/12/2016 01:43 PM, Várady, László wrote:
Hi,
Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before running 'syslog-ng -Fevd' manually?
--László Várady
On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
OK so i get syslog-ng running with the default configuration.... this have some problem with the TLS configuration.
What i have done i have create the certificate procedures ( self signed certificate ) on my laptop following this article: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
So i generate the server certificate on my laptop and the other certificates for the clients. I copy them and put the configuration.
Any other configuration in syslog-ng.conf to put and try to working with TLS ?
Kind regards
On 05/12/2016 12:42 PM, jrhendri wrote:
This has to be something very basic.Have you tried checking if another syslog server is running?ps -aef |grep syslog
Assuming this shows nothing, try a very simple syslog-ng config file and a manual start on the command line.
Make sure you check all the things in your configuration that your copy should open beforehand.
This should narrow down the problem I hope :-)
Jim
Sent from my Verizon, Samsung Galaxy smartphone
So i have install EPEL and i have install syslog-ng and mongodb and when i start the syslog-ng service with syslog-ng -Fevd command i have the following error AGAIN :).-------- Original message --------From: Ivan Adji - Krstev <akivanradix@gmail.com>Date: 5/12/16 5:26 AM (GMT-05:00)Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
Im not sure what is it and how to prevent it and what to do. But i really need this to work :(.
[2016-05-12T05:21:10.739940] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
[2016-05-12T05:21:10.739973] Error initializing message pipeline;
[root@syslogserver loganalyzer]# netstat -tupl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:27017 0.0.0.0:* LISTEN 1352/mongod
tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:* LISTEN 11377/syslog-ng
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 8562/sshd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1778/master
tcp6 0 0 [::]:http [::]:* LISTEN 11264/httpd
tcp6 0 0 [::]:ssh [::]:* LISTEN 8562/sshd
tcp6 0 0 localhost:smtp [::]:* LISTEN 1778/master
udp 0 0 0.0.0.0:bootpc 0.0.0.0:* 638/dhclient
udp 0 0 0.0.0.0:60094 0.0.0.0:* 638/dhclient
udp6 0 0 [::]:3126 [::]:* 638/dhclient
[root@syslogserver loganalyzer]# lsof | grep LISTEN
mongod 1352 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 1393 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2028 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2033 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2034 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2138 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2139 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2141 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2148 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2404 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2446 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2447 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2448 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2449 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2450 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 2451 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
mongod 1352 11380 mongod 6u IPv4 17057 0t0 TCP localhost:27017 (LISTEN)
master 1778 root 13u IPv4 15893 0t0 TCP localhost:smtp (LISTEN)
master 1778 root 14u IPv6 15894 0t0 TCP localhost:smtp (LISTEN)
sshd 8562 root 3u IPv4 23963 0t0 TCP *:ssh (LISTEN)
sshd 8562 root 4u IPv6 23965 0t0 TCP *:ssh (LISTEN)
httpd 11264 root 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11265 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11267 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11268 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11269 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11270 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11275 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11276 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11277 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
httpd 11278 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
syslog-ng 11377 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN)
syslog-ng 11377 11378 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN)
syslog-ng 11377 11541 root 14u IPv4 34906 0t0 TCP *:syslog-tls (LISTEN)
httpd 11384 apache 4u IPv6 32697 0t0 TCP *:http (LISTEN)
and the source config is as follow:
source s_sys {
system();
unix-stream("/dev/log");
internal();
network(
port(6514)
# tcp(port(5140));
# file("/proc/kmsg" log_prefix("kernel: "));
transport("tls")
tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
cert_file("/etc/syslog-ng/cert.d/servercert.pem")
ca_dir("/etc/syslog-ng/ca.d"))
);
};
destination d_mongodb {
mongodb(
# servers("localhost:27017")
# database("syslog")
# uri('mongodb://localhost/syslog-ng')
collection("messages")
value-pairs(
scope("selected-macros" "nv-pairs" "sdata")
)
);
};
Kind regards
Ivan
On 05/10/2016 01:35 PM, Czanik, Péter wrote:
Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL, as some of the dependencies are missing from the base distribution: https://fedoraproject.org/wiki/EPEL Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:Hi i note this error of mine but i try the other one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo And i have the similar errors when ever i try to install on new CentOS The procedure im doing is: Fresh installation of CentOS yum update yum install httpd php vim wget then install mongodb ( add repo ) then install syslog-ng ( add repo ) I'm using: CentOS Linux release 7.2.1511 (Core) And im having the following repos: [root@syslogserver ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch repo id repo name status base/7/x86_64 CentOS-7 - Base 9,007 czanik-syslog-ng37/x86_64 Copr repo for syslog-ng37 owned by czanik 59 extras/7/x86_64 CentOS-7 - Extras 266 mongodb-org-3.2/7 MongoDB Repository 35 updates/7/x86_64 CentOS-7 - Updates 1,437 repolist: 10,804 [root@syslogserver ~]# yum install syslog-ng Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.switch.ch * extras: mirror.switch.ch * updates: mirror.switch.ch Resolving Dependencies --> Running transaction check ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Running transaction check ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed --> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.7.3-3.el7.centos.x86_64 --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.30)(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: ivykis >= 0.36.1 Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37) Requires: libivykis.so.0(IVYKIS_0.29)(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Any idea ? On 05/09/2016 04:09 PM, Czanik, Péter wrote: Hi, You should add the repository using the file: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo to yum and not just download individual packages. You can use then "yum install syslog-ng" which will also download all necessary dependencies. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote: I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7 I have problem when i try to install Syslog-NG 3.7 on CentOS 7. The following errors i get: --> Finished Dependency Resolution Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libevtlog.so.0()(64bit) Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Any hints on this ? Kind regards Ivan ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq