Hi I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x running on the local machine as a pilot. Last week I got two new machines to run ES on with lots of memory and SSD. I installed ES 5.x on them and upgraded ES to 5.x on the original pilot machine. So I now have a cluster of 3. Back to the original machine that has the feed from syslog-ng I was puzzled by the stream of error messages regarding 2.x client that was trying to connect. It took me a while to figure out that this must be the syslog-ng plug in. Stopping syslog-ng stopped the errors. A web search quickly found: https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5-getting-started-o... So I set about reinstalling syslog-ng from Peter’s repos — there were some issues but I got there without too much problem. (see notes at the end). My config file matched the blog example pretty closely - I need to add the http transport for ES 5.x but that was the only change, When I tried to start the new version of syslog-ng I get an error saying that it can not find the elasticsearch2 plugin. I can’t find any reference to insgtalling the plugin in the post. Did I miss something. My old config also had @module mod-java line but this does not appear to make any difference. I have gone back to the 3.8 manual but can not find anything about having to install the ES plugin so I am thoroughly puzzled. Any ideas what is wrong? Russell Problems with the syslog-ng epel 6 repos: since I was on RHE 6 I figured I needed the epel6 rather than the epel7 repo so I wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-6/czani... but when I tried to install Yum said https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng38/epel-6-x8...: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found” After a little poking I figured that the url should be /syslog-ng38eple6/ and that worked.