elasticsearch-http is provided by https://github.com/syslog-ng/syslog-ng/blob/master/scl/elasticsearch/elastic... Make sure that file is installed. Also the name of the block is using a dash, whereas you were using an underscore. I think it should be all the same as we generally convert lot of things from underscore to dashes but I would check this explicitly. On Wed, Apr 1, 2020, 20:49 Russell Fulton <r.fulton@auckland.ac.nz> wrote:
On 31/03/2020, at 7:05 PM, Antal Nemes (anemes) < Antal.Nemes@oneidentity.com> wrote:
Just another idea that may give a clue.
If you start syslog-ng with foreground with debug and trace leve (syslog-ng -Fevdt)l, syslog-ng
a couple more data points:
/usr/local/syslog-ng-3.26.1/sbin/syslog-ng -Fedv -s -f ~/short.conf gives no errors and includes
[2020-04-01T15:06:30.869576] Reading shared object for a candidate module; path='/usr/local/syslog-ng-3.26.1/lib/syslog-ng', fname='libhttp.so', module='http' [2020-04-01T15:06:30.871503] Registering candidate plugin; module='http', context='destination', name='http'
endis with:
[2020-04-01T15:06:30.892770] Starting to read include file; filename='/usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2020-04-01T15:06:30.893592] Module loaded and initialized successfully; module='confgen' [2020-04-01T15:06:30.894031] Finishing include; filename='/usr/local/syslog-ng-3.26.1/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2020-04-01T15:06:30.894188] Finishing include; filename='/usr/local/syslog-ng-3.26.1/etc/scl.conf', depth='1' [2020-04-01T15:06:30.894717] Module loaded and initialized successfully; module='afsocket' Error parsing destination statement, destination plugin elasticsearch_http not found in /home/rful011/short.conf:11:3-11:21: 6 network( transport("tcp") flags(no-multi-line) port(1514) keep-alive(yes)); 7 }; 8 9 10 destination d_elastic { 11----> elasticsearch_http( 11----> ^^^^^^^^^^^^^^^^^^
and
*rful011@secmgrprd02*:*~*$ /usr/local/syslog-ng/sbin/syslog-ng -V -s -f ~/short.conf syslog-ng 3 (3.26.1) Config version: 3.22 Installer-Version: 3.26.1 Revision: Compile-Date: Mar 31 2020 08:54:40 Module-Directory: /usr/local/syslog-ng-3.26.1/lib/syslog-ng Module-Path: /usr/local/syslog-ng-3.26.1/lib/syslog-ng Include-Path: /usr/local/syslog-ng-3.26.1/share/syslog-ng/include Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,azure-auth-header,basicfuncs,cef,confgen,cryptofuncs,csvparser,timestamp,dbparser,disk-buffer,examples,geoip2-plugin,tfgetent,graphite,hook-commands,http,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,mod-python,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,xml Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: off Enable-Systemd: off
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq