systemd syslog-ng does not start CentOS 7.2.1511
Hi, I need help setting up my control files for systemd I can’t figure out what I am doing wrong. If I make a SystemV start stop script it runs fine. From systemd I think there is something missing in the control files that lets syslog-ng report that is started successfully. When I add -F to SYSLOGNG_OPTS then systemctl start syslog-g.service never returns but syslog-ng does start. Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems. On the command line syslog-ng will start fine. /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid Using contrib/systemd/syslog-ng.service as an example I created /usr/lib/systemd/system/syslog-ng.service [Unit] Description=System Logger Daemon Documentation=man:syslog-ng(8) [Service] Type=notify ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS ExecReload=/bin/kill -HUP $MAINPID EnvironmentFile=-/opt/syslog-ng/etc/syslog-ng.env StandardOutput=journal StandardError=journal Restart=on-failure [Install] WantedBy=multi-user.target cat /opt/syslog-ng/etc/syslog-ng.env LD_LIBRARY_PATH=/usr/java/jdk1.8.0_77/jre/lib/amd64/server:$LD_LIBRARY_PATH SYSLOGNG_OPTS="-f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid" systemctl daemon-reload systemctl restart systemd-journald systemctl start syslog-ng.service systemctl status syslog-ng.service ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2016-04-12 14:51:04 EDT; 29s ago Docs: man:syslog-ng(8) Process: 2494 ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS (code=exited, status=0/SUCCESS) Main PID: 2494 (code=exited, status=0/SUCCESS) Apr 12 14:41:08 loghost systemd[1]: Unit syslog-ng.service entered failed state. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service failed. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service holdoff time over, scheduling restart. Apr 12 14:41:08 loghost systemd[1]: Starting System Logger Daemon... I can see syslog-ng starting and stoping over and over from /var/log/messages
-F specifies that syslog-ng should stay in the foreground. I assumed that it was needed for systemd. You could try --process-mode background That causes syslog-ng to go to the background but without its own supervisor. On Apr 12, 2016 9:00 PM, "Scot Needy" <scotrn@gmail.com> wrote:
Hi,
I need help setting up my control files for systemd I can’t figure out what I am doing wrong. If I make a SystemV start stop script it runs fine. From systemd I think there is something missing in the control files that lets syslog-ng report that is started successfully.
When I add -F to SYSLOGNG_OPTS then systemctl start syslog-g.service never returns but syslog-ng does start.
Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems. On the command line syslog-ng will start fine. /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid
Using contrib/systemd/syslog-ng.service as an example I created /usr/lib/systemd/system/syslog-ng.service
[Unit] Description=System Logger Daemon Documentation=man:syslog-ng(8)
[Service] Type=notify ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS ExecReload=/bin/kill -HUP $MAINPID EnvironmentFile=-/opt/syslog-ng/etc/syslog-ng.env StandardOutput=journal StandardError=journal Restart=on-failure
[Install] WantedBy=multi-user.target
cat /opt/syslog-ng/etc/syslog-ng.env LD_LIBRARY_PATH=/usr/java/jdk1.8.0_77/jre/lib/amd64/server:$LD_LIBRARY_PATH SYSLOGNG_OPTS="-f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid"
systemctl daemon-reload systemctl restart systemd-journald systemctl start syslog-ng.service systemctl status syslog-ng.service ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2016-04-12 14:51:04 EDT; 29s ago Docs: man:syslog-ng(8) Process: 2494 ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS (code=exited, status=0/SUCCESS) Main PID: 2494 (code=exited, status=0/SUCCESS)
Apr 12 14:41:08 loghost systemd[1]: Unit syslog-ng.service entered failed state. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service failed. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service holdoff time over, scheduling restart. Apr 12 14:41:08 loghost systemd[1]: Starting System Logger Daemon...
I can see syslog-ng starting and stoping over and over from /var/log/messages
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thanks for the response, The -F flag was based on other posts. If I remove the -F it does return but systemd keeps restarting it.
On Apr 13, 2016, at 2:23 AM, Scheidler, Balázs <balazs.scheidler@balabit.com> wrote:
-F specifies that syslog-ng should stay in the foreground.
I assumed that it was needed for systemd. You could try --process-mode background
That causes syslog-ng to go to the background but without its own supervisor.
On Apr 12, 2016 9:00 PM, "Scot Needy" <scotrn@gmail.com <mailto:scotrn@gmail.com>> wrote:
Hi,
I need help setting up my control files for systemd I can’t figure out what I am doing wrong. If I make a SystemV start stop script it runs fine. From systemd I think there is something missing in the control files that lets syslog-ng report that is started successfully.
When I add -F to SYSLOGNG_OPTS then systemctl start syslog-g.service never returns but syslog-ng does start.
Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems. On the command line syslog-ng will start fine. /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid
Using contrib/systemd/syslog-ng.service as an example I created /usr/lib/systemd/system/syslog-ng.service
[Unit] Description=System Logger Daemon Documentation=man:syslog-ng(8)
[Service] Type=notify ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS ExecReload=/bin/kill -HUP $MAINPID EnvironmentFile=-/opt/syslog-ng/etc/syslog-ng.env StandardOutput=journal StandardError=journal Restart=on-failure
[Install] WantedBy=multi-user.target
cat /opt/syslog-ng/etc/syslog-ng.env LD_LIBRARY_PATH=/usr/java/jdk1.8.0_77/jre/lib/amd64/server:$LD_LIBRARY_PATH SYSLOGNG_OPTS="-f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid"
systemctl daemon-reload systemctl restart systemd-journald systemctl start syslog-ng.service systemctl status syslog-ng.service ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2016-04-12 14:51:04 EDT; 29s ago Docs: man:syslog-ng(8) Process: 2494 ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS (code=exited, status=0/SUCCESS) Main PID: 2494 (code=exited, status=0/SUCCESS)
Apr 12 14:41:08 loghost systemd[1]: Unit syslog-ng.service entered failed state. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service failed. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service holdoff time over, scheduling restart. Apr 12 14:41:08 loghost systemd[1]: Starting System Logger Daemon...
I can see syslog-ng starting and stoping over and over from /var/log/messages
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
There are three modes in which syslog-ng can start, "--process-mode background" is probably the one that best matches other daemons that don't have their own supervisor (which is not needed as systemd behaves as one). The funny thing is that I have just tried my local syslog-ng installation on ubuntu wily, which is systemd based and is working just fine: $ systemctl status syslog-ng ● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2016-04-13 08:48:28 CEST; 29s ago Docs: man:syslog-ng(8) Main PID: 17470 (syslog-ng) Memory: 1.4M CPU: 26ms CGroup: /system.slice/syslog-ng.service └─17470 /usr/sbin/syslog-ng -F Apr 13 08:48:28 bzorp systemd[1]: Starting System Logger Daemon... Apr 13 08:48:28 bzorp systemd[1]: Started System Logger Daemon. $ systemctl stop syslog-ng $ systemctl start syslog-ng $ syslog-ng -V syslog-ng 3.5.6 Installer-Version: 3.5.6 Revision: 3.5.6-2build1 [@416d315] (Ubuntu/15.10) Compile-Date: Jul 29 2015 03:15:39 Available-Modules: basicfuncs,syslogformat,affile,afprog,afsocket,json-plugin,dbparser,linux-kmsg-format,afmongodb,afsql,afstomp,system-source,redis,confgen,tfgeoip,afsocket-notls,afsocket-tls,csvparser,afsmtp,afuser,cryptofuncs,afamqp Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Pcre: on $ dpkg -l systemd Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-===========================================-==========================-==========================-============================================================================================ ii systemd 225-1ubuntu9.1 amd64 system and service manager -- Bazsi On Wed, Apr 13, 2016 at 8:31 AM, Scot Needy <scotrn@gmail.com> wrote:
Thanks for the response, The -F flag was based on other posts. If I remove the -F it does return but systemd keeps restarting it.
On Apr 13, 2016, at 2:23 AM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
-F specifies that syslog-ng should stay in the foreground.
I assumed that it was needed for systemd. You could try --process-mode background
That causes syslog-ng to go to the background but without its own supervisor. On Apr 12, 2016 9:00 PM, "Scot Needy" <scotrn@gmail.com> wrote:
Hi,
I need help setting up my control files for systemd I can’t figure out what I am doing wrong. If I make a SystemV start stop script it runs fine. From systemd I think there is something missing in the control files that lets syslog-ng report that is started successfully.
When I add -F to SYSLOGNG_OPTS then systemctl start syslog-g.service never returns but syslog-ng does start.
Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems. On the command line syslog-ng will start fine. /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid
Using contrib/systemd/syslog-ng.service as an example I created /usr/lib/systemd/system/syslog-ng.service
[Unit] Description=System Logger Daemon Documentation=man:syslog-ng(8)
[Service] Type=notify ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS ExecReload=/bin/kill -HUP $MAINPID EnvironmentFile=-/opt/syslog-ng/etc/syslog-ng.env StandardOutput=journal StandardError=journal Restart=on-failure
[Install] WantedBy=multi-user.target
cat /opt/syslog-ng/etc/syslog-ng.env
LD_LIBRARY_PATH=/usr/java/jdk1.8.0_77/jre/lib/amd64/server:$LD_LIBRARY_PATH SYSLOGNG_OPTS="-f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid"
systemctl daemon-reload systemctl restart systemd-journald systemctl start syslog-ng.service systemctl status syslog-ng.service ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2016-04-12 14:51:04 EDT; 29s ago Docs: man:syslog-ng(8) Process: 2494 ExecStart=/opt/syslog-ng/sbin/syslog-ng $SYSLOGNG_OPTS (code=exited, status=0/SUCCESS) Main PID: 2494 (code=exited, status=0/SUCCESS)
Apr 12 14:41:08 loghost systemd[1]: Unit syslog-ng.service entered failed state. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service failed. Apr 12 14:41:08 loghost systemd[1]: syslog-ng.service holdoff time over, scheduling restart. Apr 12 14:41:08 loghost systemd[1]: Starting System Logger Daemon...
I can see syslog-ng starting and stoping over and over from /var/log/messages
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Tue, Apr 12, 2016 at 9:00 PM, Scot Needy <scotrn@gmail.com> wrote:
Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems.
When compiling, did you have the systemd libs installed? If not, then the Type=notify will not work, as the systemd libs are required for that support to be compiled in. Without those, syslog-ng will happily start on the CLI or via sysvinit scripts, but since it does not notify systemd, Type=notify won't work. Can you post the summary of the configure run? It should print a list of enabled features. -- |8]
Systemd was enabled at OS deployment so I believe systemd libs were already installed unless a systemd-devel package needed to be added ? # /opt/syslog-ng/sbin/syslog-ng -V syslog-ng 3.8.0alpha0 Installer-Version: 3.8.0alpha0 Revision: Module-Directory: /opt/syslog-ng/lib/syslog-ng Module-Path: /opt/syslog-ng/lib/syslog-ng Available-Modules: syslogformat,afsocket,affile,afprog,afuser,afamqp,afmongodb,afsmtp,csvparser,confgen,system-source,linux-kmsg-format,basicfuncs,cryptofuncs,dbparser,json-plugin,geoip-plugin,afstomp,pseudofile,graphite,sdjournal,mod-java,kvformat,date,cef,disk-buffer Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: off Enable-Linux-Caps: off ALSO, getting this error I can’t track down related to elasticsearchv2. [root@loghost etc]# /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid -F -d --trace -v |tail [2016-04-13T08:00:35.417016] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar; [2016-04-13T08:00:35.417158] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar; [2016-04-13T08:00:35.417288] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar; [2016-04-13T08:00:35.417407] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar; [2016-04-13T08:00:35.417527] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar; [2016-04-13T08:00:35.417630] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar; [2016-04-13T08:00:35.499351] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T08:00:35.556808] Error initializing message pipeline; ### External Network sources source s_net { udp(ip(0.0.0.0) port(514) so_rcvbuf(262142)); tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(262142) log_iw_size(25000) ); }; destination d_es { elasticsearch( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") class-path("/opt/syslog-ng/lib/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar:/usr/share/elasticsearch/modules/*/*.jar") client_mode("node") # Transport mode. # The syslog-ng OSE application uses the transport client API of Elasticsearch # and uses the server(), port(), and cluster() options from the syslog-ng OSE configuration file. # Node mode. # The syslog-ng OSE application acts as an Elasticsearch node (client no-data) # using the node client API of Elasticsearch. You must set further options for the node in an Elasticsearch configuration file specified in the resource() option. server("127.0.0.1") port("9300") cluster("syslog-ng") #resource("/etc/elasticsearch/elasticsearch.yml") #template("$(format-json -s all-nv-pairs -p @timestamp=$ISODATE -p @message=$MSG)") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") ); }; # sending logs to ES destination log { source(s_net); parser(pattern_db); destination(d_es); flags(flow-control); };
On Apr 13, 2016, at 5:46 AM, Gergely Nagy <algernon@madhouse-project.org> wrote:
On Tue, Apr 12, 2016 at 9:00 PM, Scot Needy <scotrn@gmail.com> wrote:
Compiled syslog-ng syslog-ng 3.8.0alpha0 no problems.
When compiling, did you have the systemd libs installed? If not, then the Type=notify will not work, as the systemd libs are required for that support to be compiled in. Without those, syslog-ng will happily start on the CLI or via sysvinit scripts, but since it does not notify systemd, Type=notify won't work.
Can you post the summary of the configure run? It should print a list of enabled features.
-- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Scot, On Wed, Apr 13, 2016 at 08:03:51AM -0400, Scot Needy wrote:
ALSO, getting this error I can’t track down related to elasticsearchv2. [...] destination d_es { elasticsearch( [...]
It seems you're trying to use the v1 destination against a v2 cluster and/or libs
How do I specify ? On Wednesday, April 13, 2016, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi Scot,
On Wed, Apr 13, 2016 at 08:03:51AM -0400, Scot Needy wrote:
ALSO, getting this error I can’t track down related to elasticsearchv2. [...] destination d_es { elasticsearch( [...]
It seems you're trying to use the v1 destination against a v2 cluster and/or libs
On Wed, Apr 13, 2016 at 08:48:47AM -0400, Scot wrote:
How do I specify ?
there's two destinations: elasticsearch and elasticsearch_v2
I assume you meant elasticsearch2 not elasticsearch_v2 ? elasticsearch2 seems to kinda work. Error parsing destination, destination plugin elasticsearch_v2 not found in /opt/syslog-ng/etc/static.destinations.conf at line 37, column 2: included from /opt/syslog-ng/etc/syslog-ng.conf line 63, column 35 elasticsearch_v2( ^^^^^^^^^^^^^^^^ destination d_es { elasticsearch2( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") port("9300") server("localhost") flush_limit("5000") client_mode("node") cluster("") custom_id("") resource("") client_lib_dir("/usr/share/elasticsearch/lib") concurrent_requests("1") ); }; /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid -F -d --trace -v …. [2016-04-13T10:19:22.529521] Log pattern database reloaded; file='/opt/syslog-ng/var/patterndb.xml', version='4', pub_date='2016-04-13' [2016-04-13T10:19:22.651060] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.651704] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.651852] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/log4j-1.2.16.jar; [2016-04-13T10:19:22.651972] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-common.jar; [2016-04-13T10:19:22.652125] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/dummy.jar; [2016-04-13T10:19:22.652304] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/elastic-v2.jar; [2016-04-13T10:19:22.652469] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/elastic.jar; [2016-04-13T10:19:22.652606] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/hdfs.jar; [2016-04-13T10:19:22.652736] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/http.jar; [2016-04-13T10:19:22.652878] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/kafka.jar; [2016-04-13T10:19:22.652998] Add path to classpath: /usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar; [2016-04-13T10:19:22.653116] Add path to classpath: /usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar; [2016-04-13T10:19:22.653253] Add path to classpath: /usr/share/elasticsearch/lib/commons-cli-1.3.1.jar; [2016-04-13T10:19:22.653360] Add path to classpath: /usr/share/elasticsearch/lib/compiler-0.8.13.jar; [2016-04-13T10:19:22.653490] Add path to classpath: /usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar; [2016-04-13T10:19:22.653601] Add path to classpath: /usr/share/elasticsearch/lib/elasticsearch-2.3.1.jar; [2016-04-13T10:19:22.653750] Add path to classpath: /usr/share/elasticsearch/lib/guava-18.0.jar; [2016-04-13T10:19:22.654190] Add path to classpath: /usr/share/elasticsearch/lib/hppc-0.7.1.jar; [2016-04-13T10:19:22.654301] Add path to classpath: /usr/share/elasticsearch/lib/jackson-core-2.6.2.jar; [2016-04-13T10:19:22.654446] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.2.jar; [2016-04-13T10:19:22.654576] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.2.jar; [2016-04-13T10:19:22.654704] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.2.jar; [2016-04-13T10:19:22.654833] Add path to classpath: /usr/share/elasticsearch/lib/jna-4.1.0.jar; [2016-04-13T10:19:22.654984] Add path to classpath: /usr/share/elasticsearch/lib/joda-convert-1.2.jar; [2016-04-13T10:19:22.655108] Add path to classpath: /usr/share/elasticsearch/lib/joda-time-2.8.2.jar; [2016-04-13T10:19:22.655222] Add path to classpath: /usr/share/elasticsearch/lib/jsr166e-1.1.0.jar; [2016-04-13T10:19:22.655324] Add path to classpath: /usr/share/elasticsearch/lib/jts-1.13.jar; [2016-04-13T10:19:22.655452] Add path to classpath: /usr/share/elasticsearch/lib/log4j-1.2.17.jar; [2016-04-13T10:19:22.655557] Add path to classpath: /usr/share/elasticsearch/lib/lucene-analyzers-common-5.5.0.jar; [2016-04-13T10:19:22.655684] Add path to classpath: /usr/share/elasticsearch/lib/lucene-backward-codecs-5.5.0.jar; [2016-04-13T10:19:22.655977] Add path to classpath: /usr/share/elasticsearch/lib/lucene-core-5.5.0.jar; [2016-04-13T10:19:22.656205] Add path to classpath: /usr/share/elasticsearch/lib/lucene-grouping-5.5.0.jar; [2016-04-13T10:19:22.656322] Add path to classpath: /usr/share/elasticsearch/lib/lucene-highlighter-5.5.0.jar; [2016-04-13T10:19:22.656462] Add path to classpath: /usr/share/elasticsearch/lib/lucene-join-5.5.0.jar; [2016-04-13T10:19:22.656577] Add path to classpath: /usr/share/elasticsearch/lib/lucene-memory-5.5.0.jar; [2016-04-13T10:19:22.656751] Add path to classpath: /usr/share/elasticsearch/lib/lucene-misc-5.5.0.jar; [2016-04-13T10:19:22.656851] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queries-5.5.0.jar; [2016-04-13T10:19:22.656974] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queryparser-5.5.0.jar; [2016-04-13T10:19:22.657093] Add path to classpath: /usr/share/elasticsearch/lib/lucene-sandbox-5.5.0.jar; [2016-04-13T10:19:22.657209] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial-5.5.0.jar; [2016-04-13T10:19:22.657318] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial3d-5.5.0.jar; [2016-04-13T10:19:22.657448] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar; [2016-04-13T10:19:22.657616] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar; [2016-04-13T10:19:22.657743] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar; [2016-04-13T10:19:22.657855] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar; [2016-04-13T10:19:22.657979] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar; [2016-04-13T10:19:22.658075] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar; [2016-04-13T10:19:22.731812] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.900320] Exception occured: java.lang.IllegalStateException: path.home is not configured at org.elasticsearch.env.Environment.<init>(Environment.java:101) at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:81) at org.elasticsearch.node.Node.<init>(Node.java:140) at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143) at org.elasticsearch.node.NodeBuilder.node(NodeBuilder.java:150) at org.syslog_ng.elasticsearch_v2.client.ESNodeClient.createClient(ESNodeClient.java:78) at org.syslog_ng.elasticsearch_v2.client.ESClient.init(ESClient.java:100) at org.syslog_ng.elasticsearch_v2.ElasticSearchDestination.init(ElasticSearchDestination.java:63) at org.syslog_ng.LogPipe.initProxy(LogPipe.java:64)
On Apr 13, 2016, at 8:53 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Wed, Apr 13, 2016 at 08:48:47AM -0400, Scot wrote:
How do I specify ?
there's two destinations: elasticsearch and elasticsearch_v2
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Wed, Apr 13, 2016 at 10:49:46AM -0400, Scot Needy wrote:
I assume you meant elasticsearch2 not elasticsearch_v2 ? elasticsearch2 seems to kinda work.
yes, I did
[2016-04-13T10:19:22.900320] Exception occured: java.lang.IllegalStateException: path.home is not configured at org.elasticsearch.env.Environment.<init>(Environment.java:101) at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:81) at org.elasticsearch.node.Node.<init>(Node.java:140) at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143) at org.elasticsearch.node.NodeBuilder.node(NodeBuilder.java:150) at org.syslog_ng.elasticsearch_v2.client.ESNodeClient.createClient(ESNodeClient.java:78) at org.syslog_ng.elasticsearch_v2.client.ESClient.init(ESClient.java:100) at org.syslog_ng.elasticsearch_v2.ElasticSearchDestination.init(ElasticSearchDestination.java:63) at org.syslog_ng.LogPipe.initProxy(LogPipe.java:64)
you need to set this "path.home" variable in the elasticsearch configuration: the yaml file pointed at by elascisearch2's "resource" parameter
Any feedback on summary would be appreciated. Thanks for all the help. 1) Did not see this in any docs but, when compiling for systemd the systemd-devel package should be installed and either check for auto discovery or --enable-systemd. 2) Use elasticsearch2 for a destination. destination d_es { elasticsearch2( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") port("9300") server("localhost") flush_limit("5000") client_mode("node") cluster(“syslog-ng") custom_id("") resource("/etc/elasticsearch/elasticsearch.yml”) # YML Needs path.home like /usr/lib/systemd/system/elasticsearch.service client_lib_dir("/usr/share/elasticsearch/lib") concurrent_requests("1") ); }; [root@loghost etc]# cat /usr/lib/systemd/system/elasticsearch.service [Unit] Description=Elasticsearch Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] Environment=ES_HOME=/usr/share/elasticsearch Environment=CONF_DIR=/etc/elasticsearch Environment=DATA_DIR=/var/lib/elasticsearch Environment=LOG_DIR=/var/log/elasticsearch Environment=PID_DIR=/var/run/elasticsearch EnvironmentFile=-/etc/sysconfig/elasticsearch WorkingDirectory=/usr/share/elasticsearch User=elasticsearch Group=elasticsearch ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec ExecStart=/usr/share/elasticsearch/bin/elasticsearch \ -Des.pidfile=${PID_DIR}/elasticsearch.pid \ -Des.default.path.home=${ES_HOME} \ -Des.default.path.logs=${LOG_DIR} \ -Des.default.path.data=${DATA_DIR} \ -Des.default.path.conf=${CONF_DIR} StandardOutput=journal StandardError=inherit # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65535 # Specifies the maximum number of bytes of memory that may be locked into RAM # Set to "infinity" if you use the 'bootstrap.mlockall: true' option # in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in /etc/sysconfig/elasticsearch #LimitMEMLOCK=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=0 # SIGTERM signal is used to stop the Java process KillSignal=SIGTERM # Java process is never killed SendSIGKILL=no # When a JVM receives a SIGTERM signal it exits with code 143 SuccessExitStatus=143 [Install] WantedBy=multi-user.target # Built for Distribution: RPM-2.3.1 (rpm) tail -100f /var/log/messages …. Apr 13 11:23:03 loghost syslog-ng[10744]: syslog-ng starting up; version='3.8.0alpha0' Apr 13 11:23:10 loghost syslog-ng[10744]: org.syslog_ng.elasticsearch_v2.client.ESClient.connect:61 - connecting to cluster, cluster_name='syslog-ng'; Apr 13 11:23:10 loghost syslog-ng[10744]: org.syslog_ng.elasticsearch_v2.client.ESClient.connect:71 - conneted to cluster, cluster_name='syslog-ng’; NOTE: I do not believe some options like server,port,.. are needed in node mode. What is the relationship to the ES service and syslog-ng in node mode? It looks like in node mode the es2 module write directly to the shard ? 942 ? Ssl 2:23 /bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true -Des.path.home=/usr/share/elasticsearch -cp /usr/share/elasticsearch/lib/elasticsearch-2.3.1.jar:/usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch start -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid -Des.default.path.home=/usr/share/elasticsearch -Des.default.path.logs=/var/log/elasticsearch -Des.default.path.data=/var/lib/elasticsearch -Des.default.path.conf=/etc/elasticsearch 10744 ? Ssl 0:11 \_ /opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid
On Apr 13, 2016, at 10:49 AM, Scot Needy <scotrn@gmail.com> wrote:
I assume you meant elasticsearch2 not elasticsearch_v2 ? elasticsearch2 seems to kinda work.
Error parsing destination, destination plugin elasticsearch_v2 not found in /opt/syslog-ng/etc/static.destinations.conf at line 37, column 2: included from /opt/syslog-ng/etc/syslog-ng.conf line 63, column 35
elasticsearch_v2( ^^^^^^^^^^^^^^^^
destination d_es { elasticsearch2( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") port("9300") server("localhost") flush_limit("5000") client_mode("node") cluster("") custom_id("") resource("") client_lib_dir("/usr/share/elasticsearch/lib") concurrent_requests("1") ); };
/opt/syslog-ng/sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf -p /var/run/syslogd.pid -F -d --trace -v …. [2016-04-13T10:19:22.529521] Log pattern database reloaded; file='/opt/syslog-ng/var/patterndb.xml', version='4', pub_date='2016-04-13' [2016-04-13T10:19:22.651060] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.651704] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.651852] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/log4j-1.2.16.jar; [2016-04-13T10:19:22.651972] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-common.jar; [2016-04-13T10:19:22.652125] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/dummy.jar; [2016-04-13T10:19:22.652304] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/elastic-v2.jar; [2016-04-13T10:19:22.652469] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/elastic.jar; [2016-04-13T10:19:22.652606] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/hdfs.jar; [2016-04-13T10:19:22.652736] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/http.jar; [2016-04-13T10:19:22.652878] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/kafka.jar; [2016-04-13T10:19:22.652998] Add path to classpath: /usr/share/elasticsearch/lib/HdrHistogram-2.1.6.jar; [2016-04-13T10:19:22.653116] Add path to classpath: /usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar; [2016-04-13T10:19:22.653253] Add path to classpath: /usr/share/elasticsearch/lib/commons-cli-1.3.1.jar; [2016-04-13T10:19:22.653360] Add path to classpath: /usr/share/elasticsearch/lib/compiler-0.8.13.jar; [2016-04-13T10:19:22.653490] Add path to classpath: /usr/share/elasticsearch/lib/compress-lzf-1.0.2.jar; [2016-04-13T10:19:22.653601] Add path to classpath: /usr/share/elasticsearch/lib/elasticsearch-2.3.1.jar; [2016-04-13T10:19:22.653750] Add path to classpath: /usr/share/elasticsearch/lib/guava-18.0.jar; [2016-04-13T10:19:22.654190] Add path to classpath: /usr/share/elasticsearch/lib/hppc-0.7.1.jar; [2016-04-13T10:19:22.654301] Add path to classpath: /usr/share/elasticsearch/lib/jackson-core-2.6.2.jar; [2016-04-13T10:19:22.654446] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.6.2.jar; [2016-04-13T10:19:22.654576] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-smile-2.6.2.jar; [2016-04-13T10:19:22.654704] Add path to classpath: /usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.6.2.jar; [2016-04-13T10:19:22.654833] Add path to classpath: /usr/share/elasticsearch/lib/jna-4.1.0.jar; [2016-04-13T10:19:22.654984] Add path to classpath: /usr/share/elasticsearch/lib/joda-convert-1.2.jar; [2016-04-13T10:19:22.655108] Add path to classpath: /usr/share/elasticsearch/lib/joda-time-2.8.2.jar; [2016-04-13T10:19:22.655222] Add path to classpath: /usr/share/elasticsearch/lib/jsr166e-1.1.0.jar; [2016-04-13T10:19:22.655324] Add path to classpath: /usr/share/elasticsearch/lib/jts-1.13.jar; [2016-04-13T10:19:22.655452] Add path to classpath: /usr/share/elasticsearch/lib/log4j-1.2.17.jar; [2016-04-13T10:19:22.655557] Add path to classpath: /usr/share/elasticsearch/lib/lucene-analyzers-common-5.5.0.jar; [2016-04-13T10:19:22.655684] Add path to classpath: /usr/share/elasticsearch/lib/lucene-backward-codecs-5.5.0.jar; [2016-04-13T10:19:22.655977] Add path to classpath: /usr/share/elasticsearch/lib/lucene-core-5.5.0.jar; [2016-04-13T10:19:22.656205] Add path to classpath: /usr/share/elasticsearch/lib/lucene-grouping-5.5.0.jar; [2016-04-13T10:19:22.656322] Add path to classpath: /usr/share/elasticsearch/lib/lucene-highlighter-5.5.0.jar; [2016-04-13T10:19:22.656462] Add path to classpath: /usr/share/elasticsearch/lib/lucene-join-5.5.0.jar; [2016-04-13T10:19:22.656577] Add path to classpath: /usr/share/elasticsearch/lib/lucene-memory-5.5.0.jar; [2016-04-13T10:19:22.656751] Add path to classpath: /usr/share/elasticsearch/lib/lucene-misc-5.5.0.jar; [2016-04-13T10:19:22.656851] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queries-5.5.0.jar; [2016-04-13T10:19:22.656974] Add path to classpath: /usr/share/elasticsearch/lib/lucene-queryparser-5.5.0.jar; [2016-04-13T10:19:22.657093] Add path to classpath: /usr/share/elasticsearch/lib/lucene-sandbox-5.5.0.jar; [2016-04-13T10:19:22.657209] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial-5.5.0.jar; [2016-04-13T10:19:22.657318] Add path to classpath: /usr/share/elasticsearch/lib/lucene-spatial3d-5.5.0.jar; [2016-04-13T10:19:22.657448] Add path to classpath: /usr/share/elasticsearch/lib/lucene-suggest-5.5.0.jar; [2016-04-13T10:19:22.657616] Add path to classpath: /usr/share/elasticsearch/lib/netty-3.10.5.Final.jar; [2016-04-13T10:19:22.657743] Add path to classpath: /usr/share/elasticsearch/lib/securesm-1.0.jar; [2016-04-13T10:19:22.657855] Add path to classpath: /usr/share/elasticsearch/lib/snakeyaml-1.15.jar; [2016-04-13T10:19:22.657979] Add path to classpath: /usr/share/elasticsearch/lib/spatial4j-0.5.jar; [2016-04-13T10:19:22.658075] Add path to classpath: /usr/share/elasticsearch/lib/t-digest-3.0.jar; [2016-04-13T10:19:22.731812] Add path to classpath: /opt/syslog-ng/lib/syslog-ng/java-modules/syslog-ng-core.jar; [2016-04-13T10:19:22.900320] Exception occured: java.lang.IllegalStateException: path.home is not configured at org.elasticsearch.env.Environment.<init>(Environment.java:101) at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:81) at org.elasticsearch.node.Node.<init>(Node.java:140) at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143) at org.elasticsearch.node.NodeBuilder.node(NodeBuilder.java:150) at org.syslog_ng.elasticsearch_v2.client.ESNodeClient.createClient(ESNodeClient.java:78) at org.syslog_ng.elasticsearch_v2.client.ESClient.init(ESClient.java:100) at org.syslog_ng.elasticsearch_v2.ElasticSearchDestination.init(ElasticSearchDestination.java:63) at org.syslog_ng.LogPipe.initProxy(LogPipe.java:64)
On Apr 13, 2016, at 8:53 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Wed, Apr 13, 2016 at 08:48:47AM -0400, Scot wrote:
How do I specify ?
there's two destinations: elasticsearch and elasticsearch_v2
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Wed, Apr 13, 2016 at 11:32:47AM -0400, Scot Needy wrote:
NOTE: I do not believe some options like server,port,.. are needed in node mode.
correct: in node mode, almost everything is in the yaml
What is the relationship to the ES service and syslog-ng in node mode?
No direct relation in any mode: the ES data node runs in a different JVM on same or other node.
It looks like in node mode the es2 module write directly to the shard ?
Yes, syslog-ng runs an ES instance itself that joins the cluster of the other ES instance(s). It writes documents directly to the correct nodes.
Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring ? tail -f /var/log/elasticsearch/syslog-ng.log while restarting syslog-ng. [2016-04-13 12:21:26,762][INFO ][cluster.service ] [NODE-1] removed {{NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node_left({NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}) [2016-04-13 12:21:34,440][INFO ][cluster.service ] [NODE-1] added {{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}])
On Apr 13, 2016, at 11:38 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Wed, Apr 13, 2016 at 11:32:47AM -0400, Scot Needy wrote:
NOTE: I do not believe some options like server,port,.. are needed in node mode.
correct: in node mode, almost everything is in the yaml
What is the relationship to the ES service and syslog-ng in node mode?
No direct relation in any mode: the ES data node runs in a different JVM on same or other node.
It looks like in node mode the es2 module write directly to the shard ?
Yes, syslog-ng runs an ES instance itself that joins the cluster of the other ES instance(s). It writes documents directly to the correct nodes.
On Wed, Apr 13, 2016 at 12:24:50PM -0400, Scot Needy wrote:
Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring ?
no, data=false means syslog-ng won't create shards in its ES instance, which is perfectly normal and expected
So in a standalone instance I should see data=true meaning the local ES node should store all data if so how ? destination d_es { elasticsearch2( index("syslog-ng_${YEAR}.${MONTH}.${DAY}") type("syslog-ng") # Description: The type of the index. For example, type("test") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") #template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n") port("9300") server("localhost") flush_limit("5000") client_mode("node") cluster("syslog-ng") custom_id("syslog") resource("/etc/elasticsearch/elasticsearch.yml") client_lib_dir("/usr/share/elasticsearch/lib") concurrent_requests("100") ); }; [2016-04-14T09:45:06.369181] org.syslog_ng.elasticsearch_v2.ElasticSearchDestination.createIndexRequest:95 - Outgoing log entry, json='{"PROGRAM":"wlc01","PRIORITY":"warning","MESSAGE":"*dtlArpTask: Apr 14 09:45:09.941: #DTL-4-ARP_NULL_SRC_IP: dtl_net.c:2693 Recv ARP Request with source IP as 0. Marking for Duplicate Addr Detection.","ISODATE":"2016-04-14T09:45:06-04:00","HOST":"10.36.75.4","FACILITY":"local4","timestamp":"2016-04-14T09:45:06-04:00"}'; [2016-04-14T09:45:06.919922] org.syslog_ng.elasticsearch_v2.messageprocessor.ESBulkMessageProcessor$BulkProcessorListener.beforeBulk:42 - Start bulk processing, id='2'; [2016-04-14T09:45:06.926354] org.syslog_ng.elasticsearch_v2.messageprocessor.ESBulkMessageProcessor$BulkProcessorListener.afterBulk:48 - Bulk processing finished successfully, id='2', numberOfMessages='1';
On Apr 14, 2016, at 5:15 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Wed, Apr 13, 2016 at 12:24:50PM -0400, Scot Needy wrote:
Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring ?
no, data=false means syslog-ng won't create shards in its ES instance, which is perfectly normal and expected
On Thu, Apr 14, 2016 at 09:46:52AM -0400, Scot Needy wrote:
So in a standalone instance I should see data=true meaning the local ES node should store all data if so how ?
in a strictly ES point of view in your setup (all on localhost): * Syslog-ng is a client and shouldn't store data * elasticsearch is a data and master node and stores data
On Wed, Apr 13, 2016 at 2:03 PM, Scot Needy <scotrn@gmail.com> wrote:
Systemd was enabled at OS deployment so I believe systemd libs were already installed unless a systemd-devel package needed to be added ?
Yes, you need the systemd-devel package (or whatever it may be called on your OS). Support for Type=notify will NOT be visible in syslog-ng -V output, that's why I asked for the summary of the configure run. Alternatively, you can run ldd on the syslog-ng binary. If it is linked to libsystemd0, you have Type=notify support, otherwise, you do not. -- |8]
participants (5)
-
Fabien Wernli
-
Gergely Nagy
-
Scheidler, Balázs
-
Scot
-
Scot Needy